Reorganising the plays

It is time already to reorganise the roles. We need to pick apart the "nschool" role. Under this new regime, the roles will all take an "action" parameter which can be one of the following: install, uninstall, purge, reconfigure, report, or query. This will be called as follows:

roles:
- role: webserver
  action: install

The meaning of these actions is:

  • install - Install the application. (default)
  • uninstall - Uninstall the application, but leave the data intact for later use
  • purge - Uninstall the application and remove all traces of it including data
  • reconfigure - Remove the application's configuration and re-apply it.
  • report - Produce a report on the application as installed on the machine
  • query - Gather information on the application (such as file systems, functional users and so on) and merge them into a global dictionary.

The template for one of these roles' tasks file is:

---
- debug: msg="Role called with {{action|default('no')}} action"

- name: "Uninstallation block"
  block:
  - debug: msg="We will now uninstall something"
  when: action is defined and action=="uninstall"

- name: "Purge"
  block:
  - debug: msg="We will now purge something"
  when: action is defined and action=="purge"

- name: "Installation block"
  block:
  - debug: msg="We will now install something"
  when: action is defined and action=="install"

- name: "Reconfigure"
  block:
  - debug: msg="We will now reconfigure something"
  when: action is defined and action=="reconfigure"

- name: "Report"
  block:
  - debug: msg="We will now report something"
  when: action is defined and action=="report"

- name: "Query"
  block:
  - debug: msg="We will now query something"
  when: action is defined and action=="query"

I am not using tags for this because tags have been known to behave erratically in Ansible.

Roles to implement

The roles to be implemented are:

  • funusers - Create functional users for an application
  • storage Done - Create volume groups from the host's "storage" stanzas
  • filesystems Done - Create filesystems from the "fs" stanzas
  • kvmguest - Provision a KVM guest with all its virtual hardware and storage.
  • ipaserver - Install the machine as a FreeIPA server
  • ipausers - Manage the users of the local domain
  • localusers - Manage the users locally, meant for laptops
  • mainserver - Parts of the main server that do not fall under the other roles
  • localca - Set the machine up as a local certificate authority (low prio as not currently used)
  • dnsdhcp - Configure the Name server and DHCP server

Roles to reorganise

These roles are mostly done, but they need to have the "action" parameter implemented.

  • bis - Boot/install server Done
  • ipaclient - Install the machine as an IPA client of the main server
  • kvmhost - Install a KVM host
  • printer - Attach the machine to its printers
  • pxeinstall
  • workstation
  • gdm_background

Roles to retire

The roles to be retired are:

  • nschool - Needs to be divided up into its constituent parts.

Host files

I still think NSCHOOL should be able to install a host without a host_vars entry, but I find myself in need of a way to specify what I want from a host. So every host worth its salt will get a host variable file. This is a template:

# Nerdhole Small Company or Home Office On Linux
# ==============================================
# Standard host definition file.
is_uefi: true
install_drive: /dev/disk/by-path/pci-0000 # Change this to the install disk
description: "NSCHOOL managed host"

local_storage:
  vgs: # Always specify local disks here if you have them
    datavg:
      label: datavg
      description: "Local disk used for data"
      size_gb: 0  # A size of 0 means as large as the disks
      disks:
      - /dev/disk/by-path/pci-0000 # Add the datavg disks here.
  fs: # Only file systems not part of any specific application
    - name: logapache
      desc: "Separate apache log"
      lvname: logapachelv
      vg: rootvg
      mountpoint: /var/log/apache
      size: 10G
      owner: apache
      group: apache
      mode: "0775"
    - name: wwwdb
      desc: "Database for web server"
      lvname: wwwdblv
      vg: datavg
      mountpoint: /local/wwwdb
      size: 15G
      owner: apache
      group: apache
      mode: "0775"

Unrelated notes:

Keep builder from appearing in the Gnome list:

  • create a file called /var/lib/AccountsService/users/builder
  • Add the following to the file:
[User]  
    SystemAccount=true

How to signal when a script has changed something: Stackoverflow post