Message: 2 Date: Fri, 09 Feb 2018 17:56:01 +0000 From: Ricardo Mendes <maveric...@icloud.com> To: users <users@lists.openshift.redhat.com> Subject: Newcomer to OpenShift Origin: a few questions Message-ID: <e4e9bf3d-08c5-4a52-a71c-330b0be2c...@icloud.com> Content-Type: text/plain; charset="utf-8"
Hi all, Looking at it I initially enjoyed it's simplicity and I'm really looking forward to try it out but this comes on testing OpenShift so first I would like to understand somethings like: 1. Some of the editing going on takes place on /etc/ansible/ - upon installation using yum the folder permissions are set to 755 which means only privileged mode/root is able to edit. Is there any special reason for this? Answer: you can change the permission if you like. You can also specify any directory or user to run ansible and anywhere to place your ansible.cfg and inventory/hosts file. 2. With Chef it's very easy to change push a file using templates, and to set the proper permissions and selinux context, the first using chef's template rollout and the second with bash. how well goes ansible with this? giving a recent example, for the grav cms that's installed by git clone there is the need to run 'chcon -Rv --type=httpd_sys_rw_content_t .' otherwise it doesn't work. Ansible supports these tasks with ease? Answer: yes, ansible tasks do this with ease. 1 example, use the ansible ‘file’ module to chown or chmod the file. For your example, instead of using chcon, maybe use restorecon and use the sefcontext ansible module. 2. On the OpenShift context, is the machine where ansible runs from supposed to be the master? Is this a requirement? Or can ansible be called remotely from another machine like with Chef? Answer: You can use any machine you’d like to do the install from. On prem, we used the master, in aws we setup a ansible server as bastion. 4. Using firewalld and setting the option 'os_firewall_use_firewalld = true' is it necessary to install the package iptables-services ? Answer: you can setup a pre task in ansible to check the basic packages, but I believe the installer will install this if it’s set to true. 5. On all the documentation they tell you to # yum install wget git net-tools bind-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct before talking about ansible playbooks. Aren't these supposed to be packages installed by the openshift-ansible playbooks as well, or should they exist before running the ansible playbooks? Answer: I believe the new installer will take care of these. However, we use satellite to install and just include the packages in our config, this case puppet, but you could do it however you want, ansible, chef, etc.. 6. For Docker?s thin provisioning using direct-lvm the most common approach (not to say all I encountered) is to use a separate physical drive setup with LVM for the volume group. Is there a problem with using one partitioned hard drive shared between the root system? This comes as some of the machines we use (which are rented) come with large hard drives on the initial configuration, and it?s easier to partition one big drive and mirror it than doing this with several, no? Are there disadvantages? Two machines have been configured with initial disk setup, one has boot + root and swap, where root and swap sit on LVM on a volume group /dev/sda2 and /dev/sda3 is the docker volume group, and the other has boot, root and swap as separate devices and only the remaining space is a volume group. Are both approaches correct or are there considerations to have in mind regarding these setups? Answer: you should be able to use any partition or any raw disk. We have used volume groups as part of existing PV or have our separate disk. Either way seems to work fine. Fyi for our aws config we use overlay2 and a separate ebs vol like this DEVS='/dev/xvdb' VG='docker_vg' DATA_SIZE='95%VG' STORAGE_DRIVER='overlay2' Thank you all, cheers! Ricardo M Hope this helps Todd ######################################################################## The information contained in this message, and any attachments thereto, is intended solely for the use of the addressee(s) and may contain confidential and/or privileged material. Any review, retransmission, dissemination, copying, or other use of the transmitted information is prohibited. If you received this in error, please contact the sender and delete the material from any computer. UNIGROUP.COM ######################################################################## _______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users