What does your team's ops automation stack look like, and is the setup actually painful?
How are SRE teams handling the atomic ops stuff today? Restart pod, vacuum table, rotate creds, replay DLQ, force-delete a stuck namespace, drain a node.
There are tools for different pieces of this:
- Runtime / execution: Rundeck, Ansible Automation Platform, AWS SSM, Argo Workflows, Temporal...
- Shared / portable library: Ansible Galaxy is config not ops, StackStorm Exchange stalled, Rundeck has no job registry
- RBAC + per-action safety: AAP+SAML, custom homegrown, vault dynamic creds bolted on top
- Audit + traceability: whatever the runtime has, usually thin and tied to that runtime
Most teams I've worked with end up stitching pieces together. Something like AAP plus a private git of collections plus SAML plus a custom audit pipeline plus a Slack bot for triggers.
Questions I have:
- What does your team's stack actually look like for this? Single tool? Stitched?
- Can dev teams write their own playbooks, or does authoring stay gatekept by SRE/platform?
- Is the setup actively painful (slow to iterate, hard to onboard, scary in incidents), or does it work fine once it's in place?
(Engineering org size context useful - 50 vs 500 vs 5000 changes the answers a lot.)