For some of our larger deployment of ForgeRock Identity Stack, we will usually request to install Ansible on the development node.
For pure Linux environment, it works like a charm once SSH keys are exchanged during initial setup. (For Windows, it is supported but slightly more complicated to set up)
What do we use Ansible for? Almost every operational task.
Change configuration files; Update custom codes; Update JSP/UI pages; Deploy patches from ForgeRock; Restart Apache/Tomcat servers ... anything.
We used to make human errors occasionally when we managed a farm of over 10 OpenAM and 6 OpenDJ servers. Now that everything is pushed from development node, there is hardly any human error.
I just saw Ansible Tower on Ansible website.
No urgent need to use this feature. Our current Ansible already has logging/audit in place.
Anyway, once a playbook script is tested, there is hardly any error when it is being executed.