Hi all,

I've been looking at OpenShift Origin documentation and tutorials for the past 
two days and I have a few questions if you guys can help me;

To put you in context, now the command-line administration tasks are done on a 
remote administration machine, it's only a lightweight minimal installation we 
use to access to other machines on the network, and where new systems are 
configured from using Chef.
I'm not much into Ruby but Chef gets away very easily because it allows us to 
simply execute bash commands on the remote machine and thus it's very easy that 
way to bring a new machine with a given role to a desired state. Also, user 
data is configured on encrypted data bags using json format and there's a knife 
file with profiles and the configuration for chef to run, it's a chef 
workstations where cookbooks (playbooks) are made and easily tested with 
kitchen. (some but not all questions are about ansible)

Looking at it I initially enjoyed it's simplicity and I'm really looking 
forward to try it out but this comes on testing OpenShift so first I would like 
to understand somethings like:

1. Some of the editing going on takes place on /etc/ansible/ - upon 
installation using yum the folder permissions are set to 755 which means only 
privileged mode/root is able to edit. Is there any special reason for this?

2. With Chef it's very easy to change push a file using templates, and to set 
the proper permissions and selinux context, the first using chef's template 
rollout and the second with bash. how well goes ansible with this? giving a 
recent example, for the grav cms that's installed by git clone there is the 
need to run 'chcon -Rv --type=httpd_sys_rw_content_t .' otherwise it doesn't 
work. Ansible supports these tasks with ease?

3. On the OpenShift context, is the machine where ansible runs from supposed to 
be the master? Is this a requirement? Or can ansible be called remotely from 
another machine like with Chef?

4. Using firewalld and setting the option 'os_firewall_use_firewalld = true' is 
it necessary to install the package iptables-services ?

5. On all the documentation they tell you to
# yum install wget git net-tools bind-utils iptables-services bridge-utils 
bash-completion kexec-tools sos psacct

before talking about ansible playbooks. Aren't these supposed to be packages 
installed by the openshift-ansible playbooks as well, or should they exist 
before running the ansible playbooks?

6. For Docker’s thin provisioning using direct-lvm the most common approach 
(not to say all I encountered) is to use a separate physical drive setup with 
LVM for the volume group.
Is there a problem with using one partitioned hard drive shared between the 
root system?
This comes as some of the machines we use (which are rented) come with large 
hard drives on the initial configuration, and it’s easier to partition one big 
drive and mirror it than doing this with several, no? Are there disadvantages?

Two machines have been configured with initial disk setup, one has boot + root 
and swap, where root and swap sit on LVM on a volume group /dev/sda2 and 
/dev/sda3 is the docker volume group, and the other has boot, root and swap as 
separate devices and only the remaining space is a volume group. Are both 
approaches correct or are there considerations to have in mind regarding these 

Thank you all, cheers!

Ricardo M
users mailing list

Reply via email to