I've been looking at OpenShift Origin documentation and tutorials for the past two days and I have a few questions if you guys can help me;
To put you in context, now the command-line administration tasks are done on a remote administration machine, it's only a lightweight minimal installation we use to access to other machines on the network, and where new systems are configured from using Chef.
I'm not much into Ruby but Chef gets away very easily because it allows us to simply execute bash commands on the remote machine and thus it's very easy that way to bring a new machine with a given role to a desired state. Also, user data is configured on encrypted data bags using json format and there's a knife file with profiles and the configuration for chef to run, it's a chef workstations where cookbooks (playbooks) are made and easily tested with kitchen. (some but not all questions are about ansible)
Looking at it I initially enjoyed it's simplicity and I'm really looking forward to try it out but this comes on testing OpenShift so first I would like to understand somethings like:
1. Some of the editing going on takes place on /etc/ansible/ - upon installation using yum the folder permissions are set to 755 which means only privileged mode/root is able to edit. Is there any special reason for this?
2. With Chef it's very easy to change push a file using templates, and to set the proper permissions and selinux context, the first using chef's template rollout and the second with bash. how well goes ansible with this? giving a recent example, for the grav cms that's installed by git clone there is the need to run 'chcon -Rv --type=httpd_sys_rw_content_t .' otherwise it doesn't work. Ansible supports these tasks with ease?
3. On the OpenShift context, is the machine where ansible runs from supposed to be the master? Is this a requirement? Or can ansible be called remotely from another machine like with Chef?
4. Using firewalld and setting the option 'os_firewall_use_firewalld = true' is it necessary to install the package iptables-services ?
5. On all the documentation they tell you to
# yum install wget git net-tools bind-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct
before talking about ansible playbooks. Aren't these supposed to be packages installed by the openshift-ansible playbooks as well, or should they exist before running the ansible playbooks?
6. For Docker’s thin provisioning using direct-lvm the most common approach (not to say all I encountered) is to use a separate physical drive setup with LVM for the volume group.
Is there a problem with using one partitioned hard drive shared between the root system?
This comes as some of the machines we use (which are rented) come with large hard drives on the initial configuration, and it’s easier to partition one big drive and mirror it than doing this with several, no? Are there disadvantages?
Two machines have been configured with initial disk setup, one has boot + root and swap, where root and swap sit on LVM on a volume group /dev/sda2 and /dev/sda3 is the docker volume group, and the other has boot, root and swap as separate devices and only the remaining space is a volume group. Are both approaches correct or are there considerations to have in mind regarding these setups?
Thank you all, cheers!