You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
James Harmison 23ac6f361d
Updated roles
1 week ago
action_plugins Adjusted keys returned on safe self-reboot 9 months ago
manage Change ansible-pull to exec 3 months ago
roles Updated roles 1 week ago
.gitignore Initial commit 9 months ago
.gitmodules Added rkvm 3 months ago
README.md Added more detail 7 months ago
ansible.cfg Moved logging into ansible.cfg 7 months ago
inventory.yml Cleaned up whitespace 7 months ago
manage.yml Corrected typo 3 months ago
picl.yml force reboot if needed after galaxy update 6 months ago
update-roles.sh Added script to help with role updates 7 months ago

README.md

PICL Ansible


This is the main repository for managing PICL installation state via Ansible.

To use, as root:

dnf update -y
dnf install -y ansible git
git clone https://git.jharmison.com/picl/ansible picl-ansible
cd picl-ansible
ansible-playbook manage.yml -e "state=present picl_git_server=https://git.jharmison.com"

Then edit /etc/picl/roles.yml with the following content, for example:

---
picl_roles:
  - base_server

base_server is a meta-role that installs the ipa_client, tuned, cockpit_pcp, and dnf_automatic roles. Those roles may have their own variables, which you will need to provide. So, for this example, you might want to provide /etc/picl/secrets.yml with the following content:

---
ipa_client:
  admin_username: admin
  admin_password: password
  domain: example.com
  server: ipa.example.com
  cert:
      path: /etc/pki/tls/certs/server.crt
      key_path: /etc/pki/tls/private/server.key

tuned:
  profile: throughput-performance

NOTE:

Please chmod 0400 /etc/picl/secrets.yml. Friends don't let friends discover secrets.

Note that PICL roles may not all follow the same conventions for variables, and you may need to carefully read through the roles or defaults to identify how to manipulate those roles.

After installing PICL and setting up roles.yml and secrets.yml you should reboot the server or, as root, execute picl-pull. picl-pull passes all command line options to ansible-pull after preparing the PICL environment, so you can pass other helpful options like -vvv straight to it. It will now stay up to date with content from PICL's git repository on reboots, which happen on a schedule if you're using the dnf_automatic role. When a role requires a reboot as part of its installation (for example, the IPA role), the playbook will reexecute on the reboot. This means that if your roles are not carefully idempotent, you could force a boot loop with PICL. If this happens, you should edit /etc/crontab and temporarily comment out the picl-pull execution, repair idempotency on your role, uncomment and reboot picl-pull. It will update content on the reboot before applying the roles.