Message: 2
Date: Fri, 09 Feb 2018 17:56:01 +0000
From: Ricardo Mendes <maveric...@icloud.com>
To: users <users@lists.openshift.redhat.com>
Subject: Newcomer to OpenShift Origin: a few questions
Message-ID: <e4e9bf3d-08c5-4a52-a71c-330b0be2c...@icloud.com>
Content-Type: text/plain; charset="utf-8"
Hi all,
Looking at it I initially enjoyed it's simplicity and I'm really looking
forward to try it out but this comes on testing OpenShift so first I would like
to understand somethings like:
1. Some of the editing going on takes place on /etc/ansible/ - upon
installation using yum the folder permissions are set to 755 which means only
privileged mode/root is able to edit. Is there any special reason for this?
Answer: you can change the permission if you like. You can also specify any
directory or user to run ansible and anywhere to place your ansible.cfg and
inventory/hosts file.
2. With Chef it's very easy to change push a file using templates, and to
set the proper permissions and selinux context, the first using chef's template
rollout and the second with bash. how well goes ansible with this? giving a
recent example, for the grav cms that's installed by git clone there is the
need to run 'chcon -Rv --type=httpd_sys_rw_content_t .' otherwise it doesn't
work. Ansible supports these tasks with ease?
Answer: yes, ansible tasks do this with ease. 1 example, use the ansible
‘file’ module to chown or chmod the file. For your example, instead of using
chcon, maybe use restorecon and use the sefcontext ansible module.
2. On the OpenShift context, is the machine where ansible runs from supposed to
be the master? Is this a requirement? Or can ansible be called remotely from
another machine like with Chef?
Answer: You can use any machine you’d like to do the install from. On prem, we
used the master, in aws we setup a ansible server as bastion.
4. Using firewalld and setting the option 'os_firewall_use_firewalld =
true' is it necessary to install the package iptables-services ?
Answer: you can setup a pre task in ansible to check the basic packages, but I
believe the installer will install this if it’s set to true.
5. On all the documentation they tell you to
# yum install wget git net-tools bind-utils iptables-services bridge-utils
bash-completion kexec-tools sos psacct
before talking about ansible playbooks. Aren't these supposed to be
packages installed by the openshift-ansible playbooks as well, or should they
exist before running the ansible playbooks?
Answer: I believe the new installer will take care of these. However, we use
satellite to install and just include the packages in our config, this case
puppet, but you could do it however you want, ansible, chef, etc..
6. For Docker?s thin provisioning using direct-lvm the most common approach
(not to say all I encountered) is to use a separate physical drive setup with
LVM for the volume group.
Is there a problem with using one partitioned hard drive shared between the
root system?
This comes as some of the machines we use (which are rented) come with
large hard drives on the initial configuration, and it?s easier to partition
one big drive and mirror it than doing this with several, no? Are there
disadvantages?
Two machines have been configured with initial disk setup, one has boot +
root and swap, where root and swap sit on LVM on a volume group /dev/sda2 and
/dev/sda3 is the docker volume group, and the other has boot, root and swap as
separate devices and only the remaining space is a volume group. Are both
approaches correct or are there considerations to have in mind regarding these
setups?
Answer: you should be able to use any partition or any raw disk. We have used
volume groups as part of existing PV or have our separate disk. Either way
seems to work fine. Fyi for our aws config we use overlay2 and a separate ebs
vol like this
DEVS='/dev/xvdb'
VG='docker_vg'
DATA_SIZE='95%VG'
STORAGE_DRIVER='overlay2'
Thank you all, cheers!
Ricardo M
Hope this helps
Todd
########################################################################
The information contained in this message, and any attachments thereto,
is intended solely for the use of the addressee(s) and may contain
confidential and/or privileged material. Any review, retransmission,
dissemination, copying, or other use of the transmitted information is
prohibited. If you received this in error, please contact the sender
and delete the material from any computer. UNIGROUP.COM
########################################################################
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
