I've been looking at OpenShift Origin documentation and tutorials for the past
two days and I have a few questions if you guys can help me;
To put you in context, now the command-line administration tasks are done on a
remote administration machine, it's only a lightweight minimal installation we
use to access to other machines on the network, and where new systems are
configured from using Chef.
I'm not much into Ruby but Chef gets away very easily because it allows us to
simply execute bash commands on the remote machine and thus it's very easy that
way to bring a new machine with a given role to a desired state. Also, user
data is configured on encrypted data bags using json format and there's a knife
file with profiles and the configuration for chef to run, it's a chef
workstations where cookbooks (playbooks) are made and easily tested with
kitchen. (some but not all questions are about ansible)
Looking at it I initially enjoyed it's simplicity and I'm really looking
forward to try it out but this comes on testing OpenShift so first I would like
to understand somethings like:
1. Some of the editing going on takes place on /etc/ansible/ - upon
installation using yum the folder permissions are set to 755 which means only
privileged mode/root is able to edit. Is there any special reason for this?
2. With Chef it's very easy to change push a file using templates, and to set
the proper permissions and selinux context, the first using chef's template
rollout and the second with bash. how well goes ansible with this? giving a
recent example, for the grav cms that's installed by git clone there is the
need to run 'chcon -Rv --type=httpd_sys_rw_content_t .' otherwise it doesn't
work. Ansible supports these tasks with ease?
3. On the OpenShift context, is the machine where ansible runs from supposed to
be the master? Is this a requirement? Or can ansible be called remotely from
another machine like with Chef?
4. Using firewalld and setting the option 'os_firewall_use_firewalld = true' is
it necessary to install the package iptables-services ?
5. On all the documentation they tell you to
# yum install wget git net-tools bind-utils iptables-services bridge-utils
bash-completion kexec-tools sos psacct
before talking about ansible playbooks. Aren't these supposed to be packages
installed by the openshift-ansible playbooks as well, or should they exist
before running the ansible playbooks?
6. For Docker’s thin provisioning using direct-lvm the most common approach
(not to say all I encountered) is to use a separate physical drive setup with
LVM for the volume group.
Is there a problem with using one partitioned hard drive shared between the
This comes as some of the machines we use (which are rented) come with large
hard drives on the initial configuration, and it’s easier to partition one big
drive and mirror it than doing this with several, no? Are there disadvantages?
Two machines have been configured with initial disk setup, one has boot + root
and swap, where root and swap sit on LVM on a volume group /dev/sda2 and
/dev/sda3 is the docker volume group, and the other has boot, root and swap as
separate devices and only the remaining space is a volume group. Are both
approaches correct or are there considerations to have in mind regarding these
Thank you all, cheers!
users mailing list