Secrets management improvements with Ansible Vault

Ansible is a powerful automation tool that helps us manage infrastructure, services, and databases. However, managing sensitive data such as passwords, keys, and other secrets can be challenging. Ansible Vault is a feature that provides a way to encrypt and store sensitive information within Ansible playbooks and inventory files. Ansible Vault has two modes: full file encryption: the whole contents of the file is encrypted, the type of content doesn’t matter; value encryption: a string value in a yaml file is encrypted....

Rex to Ansible Migration: Evaluate current automation tool

Blog posts in this series Evaluation of our existing automation tool Evaluation of new automation tools (planned) Inventory migration (planned) Rex Module migration (planned) Rex Wrapper (planned) Testing (planned) Bring it into production (planned) Experiences (planned) Ansible Migration: Evaluation of our existing automation tool In Adjust we are (or maybe have been, by the time you are reading this blog posting) using Rex as an automation tool. It served us well, and we grew the company and the infrastructure based on it....

How much Ansible is too much?

While undertaking our adventure of migrating Rex to Ansible, we came to realize that some of the functionality in Rex wasn’t configuration management, per se. This spawned a more philosophical line of thinking around our Ansible deployment. Let me give you a couple of examples to explain. As Ansible is a configuration tool for servers, it can install software packages using the Operating Systems package management system. Along with installation, it can also do upgrades of software packages on a server....

Psycopg2 is missing

In our infrastructure, we mostly use Gentoo for our servers. For anyone who doesn’t know Gentoo: this Linux distribution compiles packages on the server. Upgrades take a bit more time, but on the other hand the installation can be adjusted to specific requirements: need debug symbols on a dev or staging platform? No problem, compile them in. Want to optimize an application? Change the compile parameters and recompile once: done. Like with pre-compiled packages, this approach has ups and downs....

Enhance the Ansible postgresql_privs module with the ability to specify all table privileges

The Ansible collection includes the postgresql_privs module which is used to set or revoke privileges on database objects. So far this can be used in a programmatic way: specify the privileges, but also specify if something should be revoked. To give you an example: Let’s say we have a table users in the database. Now an additional role audit is supposed to have SELECT privileges on this table. You solve this by adding one postgresql_privs task:...