Ansible¶
Ansible is the configuration management tool used for the infra.
The main reasons to use it are familiarity by the community, ease of use, and synergy with others projects using it.
Setup¶
The current setup is using a trusted server that do the deployment based on git commit. The setup details are documented on https://github.com/OSAS/ansible-role-ansible_bastion.
The trusted server is ant-queen.int.rht.gluster.org, and requires to jump from a bastion, any of the current hypervisors would do the trick for now.
Running a playbook or a ansible ad-hoc command¶
For security reasons, ansible should be run with a specific user on ant-queen.int.rht.gluster.org. The specific user is set in order to restrict usage of the ssh keys and/or salt bus access. There is work on going to let people in a specific unix group do all the work with sudo, but this is not finished yet.
So to run anything, just connect as root, then use su to switch to ansible_admin:
su - ansible_admin
From here, ansible and ansible-playbook can be run directly:
ansible all -m ping
Pushing a change¶
The setup uses 2 git repositories. The public repository is automatically synced to github on push. The push of a commit also trigger a deployment to apply changes right away.
To push for a change, start by cloning the repository:
git clone https://github.com/gluster/gluster.org_ansible_configuration.git ansible_gluster_public
cd ansible_gluster_public
git remote set-url --push ssh://ant-queen.int.rht.gluster.org/srv/git_repos/public
Then modify and push to the same repository. If you are in the group admins
,
then you will be able to push. If not, then you can send the patch on
gluster-infra mailling list with git send-email
.
Fetching a PR from github¶
If anyone opens a PR on github, you can merge it (after proper review) using the following process, for the PR number 4. I will assume that the repository is setup like as explained in the previous pragraph.
Then you can use the following commands to fetch and merge 1 specific PR (for example, the PR 4):
git fetch origin pull/4/head:pr_4
git checkout master
git cherry-pick pr_4
git push
Running ansible from a admin workstation¶
In order to run a command on all the servers (or a subset), you can use the following command from a git checkout, provided you have root access:
ansible -i hosts -l some_group -m ping
You can also adjust if you want to use sudo with -u and -K.