:ansible_tower: Ansible Tower Decommission on April 2, 2020
Ansible Tower has been with us since 2017. Used as replacement of deploy-app to provides better access control and audit trail for deploying applications and troubleshooting in production.
Last year Site-Infra planned not to renew Ansible Tower License this year. But, since not all application cluster in ASG yet Site-Infra is renewing Ansible Tower for one more year, and this will be the last renewal.
Why Abandoning Tower?
- Ansible Tower cost is not worth the value. The software is pretty unstable and the support we got from Red Hat is not really helpful when there is problem with tower.
- Ansible Tower is a self-hosted infra, which means additional overhead to maintain and secured Ansible Tower infrastructure, access, and conection, as ansible tower has a powerfull capablity to access and modify infrastructure. And to use ansible tower for multi-account environment is not recommended by us, as it will add complexity and overhead for each account to maintain their own ansible tower, and also add cost to the license.
- We want to improve security posture of our infrastructure by disallowing access to instance via SSH especially from trusted machine like Ansible Tower that have network access to SSH port to all machines.
New license already applied in Tower. The new Ansible Tower license will be expired on:
Thursday, April 2, 2020 15:09:02 (UTC)
What You should do
What is the alternative to Tower if I need access to my instance?
Should you have problems / concerns / questions related to Ansible Tower alternatives feel free to reach site Infra in #site-infra-channel.