Ken Dreyer [Thu, 30 Apr 2015 15:29:49 +0000 (09:29 -0600)]
move default rhsm vars to "common" role
Commit 3d1ecaac01f9ed7a589741700fdb7fc22056218c moved the Red Hat
subscription bits into the "common" role, but I neglected to move the
default variables to "common" as well. Move them here.
Andrew Schoen [Thu, 30 Apr 2015 14:43:40 +0000 (09:43 -0500)]
Add defaults for the puddle and distill hashes.
This is just helpful as a guide to know what vars are being used in the
puddle role. These will actually get their values from a group_vars
file for the puddle node.
Andrew Schoen [Wed, 22 Apr 2015 15:23:27 +0000 (10:23 -0500)]
Adds epel-testing to the list of epel repos we install in common.
This also restructures the task a bit so that we can easily add new
repos as vars. The epel-testing repo is disabled by defaulti and will
be activated by the roles that need it.
Andrew Schoen [Tue, 21 Apr 2015 16:27:31 +0000 (11:27 -0500)]
Make sure yum clean all is ran after repos are changed.
There was a bug here because the repo_file registered variable was being
overwritten causing the yum clean all not to run even though the first
block using repo_file had changed. Not reusing the same var for both the
blocks fixed the issue.
Ken Dreyer [Mon, 20 Apr 2015 20:46:21 +0000 (16:46 -0400)]
Merge branch 'initial-playbook' into 'master'
Create a playbook to run for initial node setup.
This playbook is meant to be pointed at a node after it's been freshly created. It will ensure that the node is setup to be managed by ansible and then provision it according to it's role set in the hosts file.
All I've included now is the testnodes.yml playbook, but we could include cobbler.yml and any future playbook we write here. Playbooks will be skipped that don't match up with the current host being provisioned. For example, if we add cobbler.yml to this playbook and run it against a testnode the cobbler setup would be skipped because it is not in the 'cobbler' group which constrains the plays in cobbler.yml.
Andrew Schoen [Mon, 20 Apr 2015 20:38:50 +0000 (16:38 -0400)]
Merge branch 'wip-kerberos-common' into 'master'
common: add kerberos task
Add a new "kerberos" task to the common role. This will install the kerberos client (kinit) on all hosts and configure /etc/krb5.conf with the appropriate realm.
On our internal lab, ansible will insert our Red Hat kerberos realm into the default_realm. In the community lab, this will use a dummy EXAMPLE.COM realm, similar to what the packages install by default.
Ken Dreyer [Mon, 20 Apr 2015 19:06:55 +0000 (13:06 -0600)]
common: add kerberos task
Add a new "kerberos" task to the common role. This will install the
kerberos client (kinit) on all hosts and configure /etc/krb5.conf with
the appropriate realm.
On our internal lab, ansible will insert our Red Hat kerberos realm into
the default_realm. In the community lab, this will use a dummy
EXAMPLE.COM realm, similar to what the packages install by default.
Andrew Schoen [Mon, 20 Apr 2015 19:46:49 +0000 (14:46 -0500)]
Creates a new playbook to run for initial node setup.
This playbook is meant to be pointed at a freshly reimaged node to
ensure that it's setup to be managed by ansible and provisioned
according to its defined role in the inventory.
I noticed that when running the ansible_managed.yml playbook against a rhel node that had already been provisioned that the cm user did not have sudo privs. This was because there was no #includedir directive in /etc/sudoers to activate anything inside of sudoers.d.
This fixes that in the sudoers template for yum systems as well as ensuring the #includedir is present in ansible_managed.yml.
This is mainly just moving things around so that ubuntu and debian can both use those. Also, a few debian specific things and repos / packages for debian.
This won't be needed anymore once the ubuntu stuff gets merged. It includes a commit that adds the 'always' tag to vars.yml ensuring that those will get ran every time --tags is used.
It should be fine to merge before the ubuntu port as well.
Andrew Schoen [Fri, 17 Apr 2015 14:59:38 +0000 (09:59 -0500)]
Ensure sudoers.d will work with ansible_managed.yml.
If the includedir directive isn't enabled in /etc/sudoers then our
custom cephlab_sudo file in sudoers.d won't be loaded. This means that
our new ansible user can't use sudo and nothing works.
Andrew Schoen [Tue, 7 Apr 2015 20:28:08 +0000 (15:28 -0500)]
Add user_xattr to root mount options in fstab and enable it on boot.
I had quite a bit of confusion on what the original chef code was trying
to accomplish here. There is quite possibly a better way to do this but for
the sake of this port I wanted to stay as close to chef as possible.
In the PR with the ubuntu port, I create the teuthology_user for every distro so we have that covered. I'm thinking I could probably write a simple playbook to create this cm user for any existing nodes that haven't be reimaged with the new kickstarts. That'd be nice so we could start fixing ssh keys with ansible and change the default ansible_user in ansible.cfg.
Andrew Schoen [Fri, 10 Apr 2015 14:50:22 +0000 (09:50 -0500)]
Have cobbler create a user for ansible.
Currently everything is using the teuthology_user. I think it'd be
smart to have ansible use a separate user than teuthology. This way if
something happens to the teuthology user then ansible can just recreate
it.
Andrew Schoen [Tue, 14 Apr 2015 21:00:17 +0000 (16:00 -0500)]
Removed check for the packages var in yum/packages.yml
I originally added this to remind me to include the 'vars' tag when
using --tags. However, this isn't necessary once we put the 'always'
tag on vars.yml which makes it run everytime --tags is used.
Andrew Schoen [Thu, 9 Apr 2015 21:43:45 +0000 (16:43 -0500)]
Adds a new cobbler role.
All this does currently is upload some of the custom templates we've
built. We should come back later and create the profiles and install
cobbler, etc.
Merge branch 'remove-obsolete-repos' into 'master'
Make rhsm_repos major version specific and delete obsoleted repos.
This should delete all the repos that have been obsoleted by rhel entitlements. @kdreyer please double-check that I've removed the right ones or if there are others that we should remove.
Also, trying to activate rhel 7 repos on a rhel 6 node fails. I've made rhsm_repos major version specific and added the rhel 6 repos we want to enable to fix that.
These are harmless since they simply contain older versions of packages and yum will prefer the CDN repositories since the packages there are newer. Eventually we should figure out a way to remove these, though.
These are harmless since they simply contain older versions of packages.
Yum will prefer the CDN repositories, since the packages there are
newer. Eventually we should figure out a way to remove these, though.
Chef only had minor support for fedora 18 & 19 - which was only changing the version of mod_fastcgi that was installed. I discussed with Ken in irc and we thought it'd be ok to only port for fedora 20 at this point. We could try this playbook out on fedora 21, but I don't believe we build packages for that version anyway.
projects / ceph-cm-ansible.git / log