Ken Dreyer [Tue, 5 May 2015 20:17:51 +0000 (14:17 -0600)]
puddle: add ceph-1.3 tools repo
This repository will be included with RHEL. It is the replacement for
Ceph's use of RH-COMMON, so it will contain the Ceph client bits and
ceph-radosgw package.
See Red Hat rel-eng's RT #344094 (internal ticket).
Andrew Schoen [Mon, 4 May 2015 14:19:36 +0000 (09:19 -0500)]
Add a teuthology_user group and assign it to the teuthology_user.
This fixes a bug when creating a CPAN config directory that belongs to the
group teuthology_user. If this group wasn't created already that play
fails.
Ken Dreyer [Fri, 1 May 2015 21:16:16 +0000 (15:16 -0600)]
puddle: add 1.2 configs for ceph-async
CEPH-ASYNC advisories have a slightly different config than the config
we used for the 1.2.3 release. Here are the changes I made from the
1.2.3 configs:
1. "errata_release" is "CEPH-ASYNC"
2. Packages are not always signed (remove the keys settings)
3. We need to add more repos for repoclosure to succeed (namely, the
production read-only pulp repos)
Andrew Schoen [Fri, 1 May 2015 15:26:36 +0000 (10:26 -0500)]
Set the uid of the ansible user in cephlab_trusty.preseed.
We need to explicitly set this uid here just like we do in the
cephlab_user snippet. I also created a var for the uid because we need it in
multiple places.
Ken Dreyer [Thu, 30 Apr 2015 15:29:49 +0000 (09:29 -0600)]
move default rhsm vars to "common" role
Commit 3d1ecaac01f9ed7a589741700fdb7fc22056218c moved the Red Hat
subscription bits into the "common" role, but I neglected to move the
default variables to "common" as well. Move them here.
Andrew Schoen [Thu, 30 Apr 2015 14:43:40 +0000 (09:43 -0500)]
Add defaults for the puddle and distill hashes.
This is just helpful as a guide to know what vars are being used in the
puddle role. These will actually get their values from a group_vars
file for the puddle node.
Andrew Schoen [Wed, 22 Apr 2015 15:23:27 +0000 (10:23 -0500)]
Adds epel-testing to the list of epel repos we install in common.
This also restructures the task a bit so that we can easily add new
repos as vars. The epel-testing repo is disabled by defaulti and will
be activated by the roles that need it.
Andrew Schoen [Tue, 21 Apr 2015 16:27:31 +0000 (11:27 -0500)]
Make sure yum clean all is ran after repos are changed.
There was a bug here because the repo_file registered variable was being
overwritten causing the yum clean all not to run even though the first
block using repo_file had changed. Not reusing the same var for both the
blocks fixed the issue.
Ken Dreyer [Mon, 20 Apr 2015 20:46:21 +0000 (16:46 -0400)]
Merge branch 'initial-playbook' into 'master'
Create a playbook to run for initial node setup.
This playbook is meant to be pointed at a node after it's been freshly created. It will ensure that the node is setup to be managed by ansible and then provision it according to it's role set in the hosts file.
All I've included now is the testnodes.yml playbook, but we could include cobbler.yml and any future playbook we write here. Playbooks will be skipped that don't match up with the current host being provisioned. For example, if we add cobbler.yml to this playbook and run it against a testnode the cobbler setup would be skipped because it is not in the 'cobbler' group which constrains the plays in cobbler.yml.
Andrew Schoen [Mon, 20 Apr 2015 20:38:50 +0000 (16:38 -0400)]
Merge branch 'wip-kerberos-common' into 'master'
common: add kerberos task
Add a new "kerberos" task to the common role. This will install the kerberos client (kinit) on all hosts and configure /etc/krb5.conf with the appropriate realm.
On our internal lab, ansible will insert our Red Hat kerberos realm into the default_realm. In the community lab, this will use a dummy EXAMPLE.COM realm, similar to what the packages install by default.
Ken Dreyer [Mon, 20 Apr 2015 19:06:55 +0000 (13:06 -0600)]
common: add kerberos task
Add a new "kerberos" task to the common role. This will install the
kerberos client (kinit) on all hosts and configure /etc/krb5.conf with
the appropriate realm.
On our internal lab, ansible will insert our Red Hat kerberos realm into
the default_realm. In the community lab, this will use a dummy
EXAMPLE.COM realm, similar to what the packages install by default.
Andrew Schoen [Mon, 20 Apr 2015 19:46:49 +0000 (14:46 -0500)]
Creates a new playbook to run for initial node setup.
This playbook is meant to be pointed at a freshly reimaged node to
ensure that it's setup to be managed by ansible and provisioned
according to its defined role in the inventory.
I noticed that when running the ansible_managed.yml playbook against a rhel node that had already been provisioned that the cm user did not have sudo privs. This was because there was no #includedir directive in /etc/sudoers to activate anything inside of sudoers.d.
This fixes that in the sudoers template for yum systems as well as ensuring the #includedir is present in ansible_managed.yml.
This is mainly just moving things around so that ubuntu and debian can both use those. Also, a few debian specific things and repos / packages for debian.
This won't be needed anymore once the ubuntu stuff gets merged. It includes a commit that adds the 'always' tag to vars.yml ensuring that those will get ran every time --tags is used.
It should be fine to merge before the ubuntu port as well.
Andrew Schoen [Fri, 17 Apr 2015 14:59:38 +0000 (09:59 -0500)]
Ensure sudoers.d will work with ansible_managed.yml.
If the includedir directive isn't enabled in /etc/sudoers then our
custom cephlab_sudo file in sudoers.d won't be loaded. This means that
our new ansible user can't use sudo and nothing works.
Andrew Schoen [Tue, 7 Apr 2015 20:28:08 +0000 (15:28 -0500)]
Add user_xattr to root mount options in fstab and enable it on boot.
I had quite a bit of confusion on what the original chef code was trying
to accomplish here. There is quite possibly a better way to do this but for
the sake of this port I wanted to stay as close to chef as possible.
projects / ceph-cm-ansible.git / log