You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
James Harmison 3026a80313
Updated roles
1 month ago
action_plugins Adjusted keys returned on safe self-reboot 1 year ago
manage Change ansible-pull to exec 9 months ago
roles Updated roles 1 month ago
.gitignore Initial commit 1 year ago
.gitmodules Added rkvm 9 months ago
README.md Added more detail 1 year ago
ansible.cfg Moved logging into ansible.cfg 1 year ago
inventory.yml Initial commit 1 year ago
manage.yml Corrected typo 9 months ago
picl.yml force reboot if needed after galaxy update 12 months ago
update-roles.sh Added script to help with role updates 1 year ago

README.md

PICL Ansible


This is the main repository for managing PICL installation state via Ansible.

To use, as root:

dnf update -y
dnf install -y ansible git
git clone https://git.jharmison.com/picl/ansible picl-ansible
cd picl-ansible
ansible-playbook manage.yml -e "state=present picl_git_server=https://git.jharmison.com"

Then edit /etc/picl/roles.yml with the following content, for example:

---
picl_roles:
  - base_server

base_server is a meta-role that installs the ipa_client, tuned, cockpit_pcp, and dnf_automatic roles. Those roles may have their own variables, which you will need to provide. So, for this example, you might want to provide /etc/picl/secrets.yml with the following content:

---
ipa_client:
  admin_username: admin
  admin_password: password
  domain: example.com
  server: ipa.example.com
  cert:
      path: /etc/pki/tls/certs/server.crt
      key_path: /etc/pki/tls/private/server.key

tuned:
  profile: throughput-performance

NOTE:

Please chmod 0400 /etc/picl/secrets.yml. Friends don't let friends discover secrets.

Note that PICL roles may not all follow the same conventions for variables, and you may need to carefully read through the roles or defaults to identify how to manipulate those roles.

After installing PICL and setting up roles.yml and secrets.yml you should reboot the server or, as root, execute picl-pull. picl-pull passes all command line options to ansible-pull after preparing the PICL environment, so you can pass other helpful options like -vvv straight to it. It will now stay up to date with content from PICL's git repository on reboots, which happen on a schedule if you're using the dnf_automatic role. When a role requires a reboot as part of its installation (for example, the IPA role), the playbook will reexecute on the reboot. This means that if your roles are not carefully idempotent, you could force a boot loop with PICL. If this happens, you should edit /etc/crontab and temporarily comment out the picl-pull execution, repair idempotency on your role, uncomment and reboot picl-pull. It will update content on the reboot before applying the roles.