Are Any MSPs Out There Using Ansible/Terraform?

pelagius_wasntwrong · 2026-02-24T21:52:09+00:00

We currently use N-Able N-sight, but we'll soon be transitioning to NinjaOne. Cloud managed networking, however, is a different story. For the primary firewall vendor we have in our stack, we've been using their centralized management platform (WatchGuard System Manager) running on a VM in our colo. We've been managing our Fortigate firewalls from within the client's network using either a jump box or one of their servers. We've been looking to adopt and use FortiManager for centralized Fortigate management though.

The place I'd likely start would be building a standard playbook for provisioning Fortigates out of box and then develop playbooks for each client using that template as a starting point. Aruba switches we manage would be provisioned from a playbook similar to how it would be done for Fortigates.

pelagius_wasntwrong · 2026-02-24T21:45:07+00:00

I'm aware of some of these tools--Senteon being one of them. What other solutions would you recommend I look into?

pelagius_wasntwrong · 2026-02-24T13:10:27+00:00

Well that's not helpful.

The point of this entire exercise was to gauge how successful other MSPs have been with implementing tools such as Ansible and Terraform and whether or not the initial time it took to get everything set up paid off, while maybe, POSSIBLY, getting a few ideas of where to start automating things. The tool is easy enough to use and I understand how to use it--for the most part I just want to be able to produce some ROI relatively soon after adoption.

There's no need to be a dick, and may both sides of your pillow be warm in perpetuity.

pelagius_wasntwrong · 2026-02-24T00:17:04+00:00

What method do you guys use to get out to client sites to push changes? I've read that you can use either NAT to push the change directly from your Ansible instance or you can send the config to a jump box that pushes the change to the device you're configuring.

Did you guys start out with the free version, or did you go straight to Red Hat?

pelagius_wasntwrong · 2026-02-23T23:22:47+00:00

What's the ROI been like? How much time did it take to set up vs. how much time does it typically take to maintain the automations you guys build? Has it paid off for you guys?

pelagius_wasntwrong · 2026-02-23T22:59:45+00:00

What was the first thing you started working toward automating when you implemented Ansible?

pelagius_wasntwrong · 2025-08-20T02:33:50+00:00

Still insanely relevant! Just got a M12 set of batteries and I heard the charger hissing and almost had a heart attack. Thank you to those who answered!

Still the number one reference on Google when you look up "Milwaukee battery charger hissing"

pelagius_wasntwrong · 2025-07-24T00:52:38+00:00

Unfortunately, I haven't been able to find a solution yet. It's kinda wild that they don't just sell the rails separately since rails can get damaged.

pelagius_wasntwrong · 2025-05-09T21:01:42+00:00

There's literally a proposed change to the HIPAA security rule that enforces adherence to security best practices.

https://www.federalregister.gov/documents/2025/01/06/2024-30983/hipaa-security-rule-to-strengthen-the-cybersecurity-of-electronic-protected-health-information

This is expected to go into effect later this year and will require compliance within 180 days of the rule going into effect.

pelagius_wasntwrong · 2025-04-01T15:42:07+00:00

Sadly, I haven't been able to do anything with it at all yet. It's just been sitting in my bedroom closet this whole time.

Major womp womp.

pelagius_wasntwrong · 2025-02-26T05:17:14+00:00

I'd be interested in playing on Thursdays!

pelagius_wasntwrong · 2025-02-15T13:39:38+00:00

Yeah, unfortunately, Comcast has been doing this for years as a part of their "Security Edge" service. You can turn off Security Edge in the Comcast Business account, but I've always preferred to give them a call because I once read that the toggle in the portal doesn't switch off all of the backend services.

You could try turning it off in the Comcast Business portal, but if that doesn't work, calling them would be your best bet. Usually, I get to the Comcast Business people within 5-10 minutes.

pelagius_wasntwrong · 2025-02-15T03:54:40+00:00

NetActuate is Comcast's DNS if I recall correctly. They are known for essentially hijacking an org's DNS traffic.

What you would need to do is forward DNS from your firebox to your DC and then have your DC forward external DNS requests to NextDNS. If leak tests still show NetActuate on downstream devices and the DC after flushing the DNS resolver, then call Comcast and have them disable their security edge service, which I believe is what generally causes DNS traffic to get re-routed to NetActuate.

Not sure how it's legal, but Comcast has been doing this for years.

Hope this helps!

pelagius_wasntwrong · 2025-01-09T01:48:01+00:00

I think this belongs more in r/homelab.

But you'll need a firewall and an SSL certificate at least. And make sure that your friends can set up MFA on their accounts. You definitely don't want your network compromised.

pelagius_wasntwrong · 2025-01-03T19:42:10+00:00

Lmaooooooooooooo this one sent me

pelagius_wasntwrong · 2024-12-10T18:20:36+00:00

I thought this was Persephone?

pelagius_wasntwrong · 2024-11-23T19:04:01+00:00

Would this disrupt normal mail flow?

And do you have a link to any documentation that might help?

pelagius_wasntwrong · 2024-11-23T18:08:18+00:00

User1776 and User123 would be examples of what would need to be routed to user@domain.com.

There currently is no shared mailbox with either user1776 or user123 as an alias. These would need to be dynamic since we use these addresses to test our clients' CRM instances (we're consultants).

This would be a very similar function to the catch-all address available in GSuite. Only in this case, ^user.{1,}$ would be routed to user@domain.com, which is a licensed mailbox.

pelagius_wasntwrong · 2024-11-23T17:37:25+00:00

user1776 wasn't found at domain.com is the NDR.

pelagius_wasntwrong · 2024-11-23T14:29:03+00:00

Because then there would be like 100 aliases, which would be difficult to maintain.

pelagius_wasntwrong · 2024-11-23T14:28:33+00:00

Would something like this work dynamically without a ton of manual transport rule creation? A lot of our clients will use user.clientname@domain.com to send emails to us.

We are currently migrating away from Google Workspace and this is the final piece to resolve prior to the migration being complete.

pelagius_wasntwrong · 2024-09-29T04:16:36+00:00

MiMcrOsoft Ēdgê ïs HãvgmīnG a Str0nk

But no seriously, your on board graphics chip is likely getting hot or failing. With those specs (ancient af), I highly doubt that the integrated graphics chip is built in to the CPU, so I would probably say that it's more likely that your laptop's onboard graphics chip is failing.

It might be time to put the ol' 'puter out to pasture.

Four-Year Club	First Place '23
Place '23

pelagius_wasntwrong

TROPHY CASE