Hi all,

I have long been managing some of my tools using non-interactive provisioning scripts − historically using Shell [1], and increasingly moving towards Ansible playbooks [2] [3].

Both methods boil down to:
* SSH onto bastion host
* `become tool`
* Execute steps: git pull, install dependencies,etc.

I have not always been able to fulfill my 'non-interactive' requirement.
For my projects which require Node dependencies, I did have to manually drop into a shell (webservice --backend=kubernetes nodejs shell) in order to run npm.

(I also had a bit of a hard time when trying to manage crontabs using Ansible, as  the `crontab` executable override seems to be doing all kinds of magic − I kind of tinkered until I reached a "looks like it works!" point ^_^)

As I was reading through the Trusty migration docs [4], it is somewhat hinted that virtualens (for Python dependencies) should also be installed in an interactive container shell, and not from the Bastion host [5].

Can someone help me with the following questions?

* Is it appropriate to create python virtual envs from the Bastion host?
* Is there a recommended way to execute inside a kubernetes container remotely / in a non-interactive fashion (eg using a tool like Ansible)?
* in general, am I doing something fundamentally at odds with the Toolforge environment with such configuration management?

Thanks!