|James Harmison 23ac6f361d||1 week ago|
|action_plugins||9 months ago|
|manage||3 months ago|
|roles||1 week ago|
|.gitignore||9 months ago|
|.gitmodules||3 months ago|
|README.md||7 months ago|
|ansible.cfg||7 months ago|
|inventory.yml||7 months ago|
|manage.yml||3 months ago|
|picl.yml||6 months ago|
|update-roles.sh||7 months ago|
To use, as root:
dnf update -y dnf install -y ansible git git clone https://git.jharmison.com/picl/ansible picl-ansible cd picl-ansible ansible-playbook manage.yml -e "state=present picl_git_server=https://git.jharmison.com"
/etc/picl/roles.yml with the following content, for example:
--- picl_roles: - base_server
base_server is a meta-role that installs the
dnf_automatic roles. Those roles may have their own variables, which you will need to provide. So, for this example, you might want to provide
/etc/picl/secrets.yml with the following content:
--- ipa_client: admin_username: admin admin_password: password domain: example.com server: ipa.example.com cert: path: /etc/pki/tls/certs/server.crt key_path: /etc/pki/tls/private/server.key tuned: profile: throughput-performance
chmod 0400 /etc/picl/secrets.yml. Friends don't let friends discover secrets.
Note that PICL roles may not all follow the same conventions for variables, and you may need to carefully read through the roles or defaults to identify how to manipulate those roles.
After installing PICL and setting up
secrets.yml you should reboot the server or, as root, execute
picl-pull passes all command line options to
ansible-pull after preparing the PICL environment, so you can pass other helpful options like
-vvv straight to it. It will now stay up to date with content from PICL's git repository on reboots, which happen on a schedule if you're using the
dnf_automatic role. When a role requires a reboot as part of its installation (for example, the IPA role), the playbook will reexecute on the reboot. This means that if your roles are not carefully idempotent, you could force a boot loop with PICL. If this happens, you should edit
/etc/crontab and temporarily comment out the
picl-pull execution, repair idempotency on your role, uncomment and reboot
picl-pull. It will update content on the reboot before applying the roles.