Message: 2
    Date: Fri, 09 Feb 2018 17:56:01 +0000
    From: Ricardo Mendes <maveric...@icloud.com>
    To: users <users@lists.openshift.redhat.com>
    Subject: Newcomer to OpenShift Origin: a few questions
    Message-ID: <e4e9bf3d-08c5-4a52-a71c-330b0be2c...@icloud.com>
    Content-Type: text/plain; charset="utf-8"

    Hi all,

     Looking at it I initially enjoyed it's simplicity and I'm really looking 
forward to try it out but this comes on testing OpenShift so first I would like 
to understand somethings like:

1. Some of the editing going on takes place on /etc/ansible/ - upon 
installation using yum the folder permissions are set to 755 which means only 
privileged mode/root is able to edit. Is there any special reason for this?

Answer: you can change the permission if you like. You can also specify any 
directory or user to run ansible  and anywhere to place your ansible.cfg and 
inventory/hosts file.

    2. With Chef it's very easy to change push a file using templates, and to 
set the proper permissions and selinux context, the first using chef's template 
rollout and the second with bash. how well goes ansible with this? giving a 
recent example, for the grav cms that's installed by git clone there is the 
need to run 'chcon -Rv --type=httpd_sys_rw_content_t .' otherwise it doesn't 
work. Ansible supports these tasks with ease?

Answer:  yes, ansible tasks do this with ease. 1 example, use the ansible 
‘file’ module to chown or chmod the file. For your example, instead of using 
chcon, maybe use restorecon and use the sefcontext ansible module.

2. On the OpenShift context, is the machine where ansible runs from supposed to 
be the master? Is this a requirement? Or can ansible be called remotely from 
another machine like with Chef?

Answer:  You can use any machine you’d like to do the install from. On prem, we 
used the master, in aws we setup a ansible server as bastion.

    4. Using firewalld and setting the option 'os_firewall_use_firewalld = 
true' is it necessary to install the package iptables-services ?

Answer: you can setup a pre task in ansible to check the basic packages, but I 
believe the installer will install this if it’s set to true.

    5. On all the documentation they tell you to
    # yum install wget git net-tools bind-utils iptables-services bridge-utils 
bash-completion kexec-tools sos psacct

    before talking about ansible playbooks. Aren't these supposed to be 
packages installed by the openshift-ansible playbooks as well, or should they 
exist before running the ansible playbooks?

Answer: I believe the new installer will take care of these. However, we use 
satellite to install and just include the packages in our config, this case 
puppet, but you could do it however you want, ansible, chef, etc..

    6. For Docker?s thin provisioning using direct-lvm the most common approach 
(not to say all I encountered) is to use a separate physical drive setup with 
LVM for the volume group.
    Is there a problem with using one partitioned hard drive shared between the 
root system?
    This comes as some of the machines we use (which are rented) come with 
large hard drives on the initial configuration, and it?s easier to partition 
one big drive and mirror it than doing this with several, no? Are there 
disadvantages?

    Two machines have been configured with initial disk setup, one has boot + 
root and swap, where root and swap sit on LVM on a volume group /dev/sda2 and 
/dev/sda3 is the docker volume group, and the other has boot, root and swap as 
separate devices and only the remaining space is a volume group. Are both 
approaches correct or are there considerations to have in mind regarding these 
setups?

Answer: you should be able to use any partition or any raw disk.  We have used 
volume groups as part of existing PV or have our separate disk. Either way 
seems to work fine. Fyi for our aws config we use overlay2 and a separate ebs 
vol like this

DEVS='/dev/xvdb'
VG='docker_vg'
DATA_SIZE='95%VG'
STORAGE_DRIVER='overlay2'

    Thank you all, cheers!

    Ricardo M

Hope this helps
Todd


########################################################################
The information contained in this message, and any attachments thereto,
is intended solely for the use of the addressee(s) and may contain
confidential and/or privileged material. Any review, retransmission,
dissemination, copying, or other use of the transmitted information is
prohibited. If you received this in error, please contact the sender
and delete the material from any computer. UNIGROUP.COM
########################################################################


_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Reply via email to