This won't be needed anymore once the ubuntu stuff gets merged. It includes a commit that adds the 'always' tag to vars.yml ensuring that those will get ran every time --tags is used.
It should be fine to merge before the ubuntu port as well.
Andrew Schoen [Tue, 7 Apr 2015 20:28:08 +0000 (15:28 -0500)]
Add user_xattr to root mount options in fstab and enable it on boot.
I had quite a bit of confusion on what the original chef code was trying
to accomplish here. There is quite possibly a better way to do this but for
the sake of this port I wanted to stay as close to chef as possible.
In the PR with the ubuntu port, I create the teuthology_user for every distro so we have that covered. I'm thinking I could probably write a simple playbook to create this cm user for any existing nodes that haven't be reimaged with the new kickstarts. That'd be nice so we could start fixing ssh keys with ansible and change the default ansible_user in ansible.cfg.
Andrew Schoen [Fri, 10 Apr 2015 14:50:22 +0000 (09:50 -0500)]
Have cobbler create a user for ansible.
Currently everything is using the teuthology_user. I think it'd be
smart to have ansible use a separate user than teuthology. This way if
something happens to the teuthology user then ansible can just recreate
it.
Andrew Schoen [Tue, 14 Apr 2015 21:00:17 +0000 (16:00 -0500)]
Removed check for the packages var in yum/packages.yml
I originally added this to remind me to include the 'vars' tag when
using --tags. However, this isn't necessary once we put the 'always'
tag on vars.yml which makes it run everytime --tags is used.
Andrew Schoen [Thu, 9 Apr 2015 21:43:45 +0000 (16:43 -0500)]
Adds a new cobbler role.
All this does currently is upload some of the custom templates we've
built. We should come back later and create the profiles and install
cobbler, etc.
Merge branch 'remove-obsolete-repos' into 'master'
Make rhsm_repos major version specific and delete obsoleted repos.
This should delete all the repos that have been obsoleted by rhel entitlements. @kdreyer please double-check that I've removed the right ones or if there are others that we should remove.
Also, trying to activate rhel 7 repos on a rhel 6 node fails. I've made rhsm_repos major version specific and added the rhel 6 repos we want to enable to fix that.
These are harmless since they simply contain older versions of packages and yum will prefer the CDN repositories since the packages there are newer. Eventually we should figure out a way to remove these, though.
These are harmless since they simply contain older versions of packages.
Yum will prefer the CDN repositories, since the packages there are
newer. Eventually we should figure out a way to remove these, though.
Chef only had minor support for fedora 18 & 19 - which was only changing the version of mod_fastcgi that was installed. I discussed with Ken in irc and we thought it'd be ok to only port for fedora 20 at this point. We could try this playbook out on fedora 21, but I don't believe we build packages for that version anyway.
Andrew Schoen [Thu, 2 Apr 2015 14:29:57 +0000 (10:29 -0400)]
Merge branch 'abstract-subscription-manager' into 'master'
move Red Hat entitlements into "common" role
Prior to this commit, entitling a system with Red Hat was a part of the testnode role.
Move the Red Hat entitlement tasks into a new "common" role so that it can apply to other systems besides testnodes.
This will allow us to register other systems to consume updates from Red Hat's CDN.
Also, switch the "when" clause to evalute "`ansible_distribution`" instead of "`ansible_os_family`". Prior to this change, Ansible would include `setup-redhat.yml` on RHEL, Fedora and CentOS. The `ansible_os_family` fact was overly-broad there, because we do not want to run `subscription-manager` on Fedora and CentOS.
Ken Dreyer [Tue, 31 Mar 2015 00:04:35 +0000 (18:04 -0600)]
move Red Hat entitlements into "common" role
Prior to this commit, entitling a system with Red Hat was a part of the
testnode role.
Move the Red Hat entitlement tasks into a new "common" role so that it
can apply to other systems besides testnodes.
This will allow us to register other systems to consume updates from Red
Hat's CDN.
Also, switch the "when" clause to evalute "ansible_distribution" instead
of "ansible_os_family". Prior to this change, Ansible would include
setup-redhat.yml on RHEL, Fedora and CentOS. The ansible_os_family fact
was overly-broad there, because we do not want to run
subscription-manager on Fedora and CentOS.
I've retested this on rhel 6.5, rhel 7.0, centos 6.5 and centos 7.0.
Centos was able to share a majority of the config with rhel, so I moved what was common into a yum_systems.yml file. I also made a switch to only storing sshd_configs for each distro's major version - it was getting difficult to maintain a sshd_config for each minor version of a distro. Plus, I noticed rhel 6.4 and rhel 6.5 had the same sshd_config anyway.
There are also quite a few file renames from rhel_* to redhat_* so that I can dynamically import based on ansible_distribution. These files are otherwise unchanged.
Andrew Schoen [Tue, 31 Mar 2015 16:48:24 +0000 (11:48 -0500)]
Add sshd_config for centos 6; make sshd_config major version specific.
We used to store sshd_configs for each minor version of a distro, which
was not necessary. This changes those to major version specific
sshd_configs per distro.
Andrew Schoen [Mon, 30 Mar 2015 20:17:27 +0000 (15:17 -0500)]
Rename the common role to testnode
The common role was always wrongly named. Some of the plays in the
testnode role might very well be common with other machines not used for
testing, but we're not sure exactly what those things are just yet.
Andrew Schoen [Thu, 26 Mar 2015 21:22:34 +0000 (14:22 -0700)]
Remove secrets from this repo and create a secrets role
The secrets role provides a var 'secrets_path' we can use to access
secrets stored outside of this repo. We will store the inventory and
secrets in lab specific repos.
Zack Cerza [Tue, 24 Mar 2015 16:55:52 +0000 (12:55 -0400)]
Merge branch 'rhel7' into 'master'
Support for rhel 7 provisioning for lab test nodes
I might end up tweaking this a bit more, but I didn't want to wait to any longer to create this PR.
If you've got any questions about how to run this, let me know. This is the command I've been using though.
ansible-playbook -i octo testnodes.yml -vv --limit magna085*
You can use --limit there to target any specific node or set of nodes (look at the octo file for available nodes). If you want to make sure what nodes or tasks will run for that playbook --list-tasks and --list-hosts are really helpful. I believe you can also just say -i fqdn
You'll need to get the key to unlock the subscription_manager secrets. You can find that at magna002:/etc/ansible/.vault_pass.txt. Move that file to ~/.vault_pass.txt wherever you plan to run ansible from.
Note: I'm unsure how well rhel 7.1 will actually work, so I changed the title.
projects / ceph-cm-ansible.git / log