WARNING: These roles can be dangerous to use. They are experimental, proof of concepts that may or may not reach a usable state in the future.
A collection of modules and supporting roles to configure common system subsystems utilizing the subsystems APIs whenever possible rather than common CLI tools. This should allow improved performance, error handling, and consistency across future releases.
Each subsystem role should follow the file and directory layout as described in the Playbooks Best Practices guide, as well as including an example-plbk.yml file in the top level directory that demonstrates its usage.
- Kernel crash dump
- Networking
- Red Hat Subscription Manager
- SELinux
- Timesync
- DNS
- Firewall
- Storage
- SystemLog
- more to come...
Current testing and development is primarily on RHEL/CentOS/Fedora applying the playbooks against KVM virtual machines.
You can use vagrant to quickly test the example playbooks. The Vagrantfile in this repository defines multiple machines (for now fedora and centos) and runs all vagrant commands on all of them by default. To only run one machine, use
vagrant up MACHINENone of the playbooks are run when creating and starting the VM with vagrant up. Instead, you can run then manually with
vagrant provision [MACHINE] --provision-with NAMEWhere NAME is one of selinux, kdump, system-api, etc.
The System API is a generic way to configure a system according to formally defined API.
Various roles contribute toward the implementation of that API. The API is formally
described in the api/ directory and an example-system-api.yml playbook example
that calls it.
If using the optional Red Hat Subscription Manager example role, you will probably want to securely store your credentials in an encrypted ansible vault file. Currently this is the only role/module for this project that requires sensitive information. It will need to include the following:
- rhn_username: your RHN user account
- rhn_password: your RHN password
- POOL_ID: your paid entitlement Pool ID to access content from Red Hat Subscription Manager
This is an example playbook using the redhat_subscription Ansible Core module (Preview status). This will register a guest, attach the entitlement, and enable the common server channels to install packages. Note: This calls verify_supported_platform to fail if not RHEL 6.4 or later in order to meet the scope of this Proof of Concept project. It does all this using an intermediary role called common_RHSM to simplify the process and auto-define appropriate repository channels based on the major release. This will most certainly be refined and possibly renamed or merged into something else.
This role can be used by other roles using the include_role directive to help ensure that the minimum supported platform requirements are met. It is really nothing more than a predefined set of conditional tasks.
This role is explained in README-kdump.md and demonstrated in example-plbk-kdump.yml.
This module and role has not yet been merged into this repository and can instead be found at https://github.com/NetworkManager/ansible-network-role.
This role is explained in this README.me which includes an example playbook.
This role is explained in README.SELinux.adoc and demonstrated in example-SELinux.yml playbook.
Example playbook example-storage.yml is provided which demonstrates basic storage configuration using the existing roles & modules already provided by Ansible. This will provision LVM, filesystem, mount and user ownership of disks. Modules used include:
- user
- lvg
- lvol
- filesystem
- file
- mount
This role is explained in this README.md which includes example playbooks.
This role is explained in this README.md which includes an example playbook.