WARNING: This API is not yet stable. Testing of this API should happen on non-production systems.
A collection of modules and supporting roles to configure common system subsystems utilizing the subsystems APIs whenever possible rather than common CLI tools. This should allow improved performance, error handling, and consistency across future releases.
The System API is a generic way to configure a system according to formally defined API.
Various roles contribute toward the implementation of that API. The API is formally
described in the api/ directory and an example-system-api.yml playbook example
that calls it.
- Networking
- Red Hat Subscription Manager
- SELinux
- Timesync
- DNS
- Firewall
- Storage
- SystemLog
- more to come...
Current testing and development is primarily on RHEL/CentOS/Fedora applying the playbooks against KVM virtual machines.
You can use vagrant to quickly test the example playbooks. The Vagrantfile in this repository defines multiple machines (for now fedora and centos) and runs all vagrant commands on all of them by default. To only run one machine, use
vagrant up MACHINENone of the playbooks are run when creating and starting the VM with vagrant up. Instead, you can run then manually with
vagrant provision [MACHINE] --provision-with NAMEWhere NAME is one of selinux, kdump, system-api, etc.
This is an example playbook using the redhat_subscription Ansible Core module (Preview status). This will register a guest, attach the entitlement, and enable the common server channels to install packages. Note: This calls verify_supported_platform to fail if not RHEL 6.4 or later in order to meet the scope of this Proof of Concept project. It does all this using an intermediary role called common_RHSM to simplify the process and auto-define appropriate repository channels based on the major release. This will most certainly be refined and possibly renamed or merged into something else.
If using the optional Red Hat Subscription Manager example role, you will probably want to securely store your credentials in an encrypted ansible vault file. Currently this is the only role/module for this project that requires sensitive information. It will need to include the following:
- rhn_username: your RHN user account
- rhn_password: your RHN password
- POOL_ID: your paid entitlement Pool ID to access content from Red Hat Subscription Manager
This role can be used by other roles using the include_role directive to help ensure that the minimum supported platform requirements are met. It is really nothing more than a predefined set of conditional tasks.
This module and role has not yet been merged into this repository and can instead be found at https://github.com/NetworkManager/ansible-network-role.
This role is explained in this roles/postfix/README.md which includes an example playbook.
This role is explained in roles/SELinux/README.adoc and demonstrated in example-SELinux.yml playbook.
Example playbook roles/storage/example-playbook.yml is provided which demonstrates basic storage configuration using the existing roles & modules already provided by Ansible.
This will provision LVM, filesystem, mount and user ownership of disks. Modules used include:
- user
- lvg
- lvol
- filesystem
- file
- mount
This role is explained in this roles/timesync/README.md which includes example playbooks.
Ansible roles that are included in this project are individually licensed. Licensing information can be found in each role's README.md, under License.
Tests are licensed under GPLv3. See test/COPYING.