So why ansible? I use puppet. A quick glance at ansible suggests that all of that (certs, servers, services) is replaced in ansible with SSH, right? But you still need to manage keys. What am I missing?
You would need to manage keys whatever you did. Puppet just means that you have to manage keys AND certs, so you have double the headache.
Puppet also means you have to babysit the client service and the puppet master, and if they go down, you have to get them back up again. I deal with this problem a lot and I wish I didn't have to.
