You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our company started using Ansible+Semaphore few months ago and love it. But we need some help in this case.
Right now, we are datacenters across multiple regions, each having its own VPCs.
Reason am asking is our Network and Server Team have some concerns about using 1 instance of ansible to control resources across multiple VPCs across datacenters. From a network and security perspective, this becomes a very high risk.
For example,
VPC A located in Datacenter 1 <- Ansible+Semaphore installed in this VPC
VPC B located in Datacenter 2
VPC 3 located in Datacenter 3
If we have only 1 single Ansible installed, controlling resources in VPC A + B + C, then that means all VMs in VPC B + C will need to be able to all the way back to VPC A. And the security risk is that is VPC A ever gets compromised, then all VMs in all VPCs are vulnerable as well.
The latest solution we were discussing internally is to have 3 separate Ansible+Semaphore. One for each datacenter, and semaphore will be connected to the same Bitbucket instance (in cloud) to sync the playbooks. But, this setup is not good for us because that means having to manage multiple Ansible+Semaphore instances, and not having a consolidated view of each playbook execution.
What is the best practice for using Semaphore+Ansible for these scenarios? Does Semaphore have the concept of Proxys?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi Community,
Our company started using Ansible+Semaphore few months ago and love it. But we need some help in this case.
Right now, we are datacenters across multiple regions, each having its own VPCs.
Reason am asking is our Network and Server Team have some concerns about using 1 instance of ansible to control resources across multiple VPCs across datacenters. From a network and security perspective, this becomes a very high risk.
For example,
If we have only 1 single Ansible installed, controlling resources in VPC A + B + C, then that means all VMs in VPC B + C will need to be able to all the way back to VPC A. And the security risk is that is VPC A ever gets compromised, then all VMs in all VPCs are vulnerable as well.
The latest solution we were discussing internally is to have 3 separate Ansible+Semaphore. One for each datacenter, and semaphore will be connected to the same Bitbucket instance (in cloud) to sync the playbooks. But, this setup is not good for us because that means having to manage multiple Ansible+Semaphore instances, and not having a consolidated view of each playbook execution.
What is the best practice for using Semaphore+Ansible for these scenarios? Does Semaphore have the concept of Proxys?
Hope someone has figured this out already...
Much Appreciated!
Beta Was this translation helpful? Give feedback.
All reactions