All,
The Fedora Server WG is planning to release a series of rpms to allow sysadmins to use pre-defined (by the Fedora Server WG) ansible roles to install and configure linux services such as nfs, mail. dns, dhcp, etc that will provide a secure and known-to-work set of (some or all) said services.
I am attempting to create a "config" rpm that will create the necessary directories and default configuration files to be used by subsequent rpm packages providing these roles. This is much in the same manner as the filesystem rpm provides directories to the base o/s.
I envision this rpm to create: a) A fedora_server userid and group id that has write access to the directories/files created below. b) An ansible inventory directory c) A directory to create executable and yml files necessary to invoke said roles d) A directory to contain the subdirectories to define the provided ansible roles (tasks, defaults, files, templates, vars, etc)
The userids for the sysadmins using these new roles, would be added to the fedora-server group via linux commands in order to access/modify the provided roles.
I was thinking the inventory directory should go in /etc/ansible. Where the sysadmin would be a member of the newly generated "fedora_server" group with write permissions.
I am in a quandary about where to place the executes and yml files necessary to invode the new roles. Should I create a directory under /usr/local somwhere? Should I create a directory under /var/local somewhere? Or do I create a directory under /opt somewhere? Or is there somewhere else that makes more sense? Please keep in mind these directories will be provided by a Fedora Server WG rpm that should be included in a normal Fedora Server distribution media.
I have the same questions regarding the "roles" directory.
Any thoughts on the subject would be greatly appreciated.
John
/usr/share/<>
?
On Mon, May 5, 2025, 16:42 John W. Himpel via server < server@lists.fedoraproject.org> wrote:
All,
The Fedora Server WG is planning to release a series of rpms to allow sysadmins to use pre-defined (by the Fedora Server WG) ansible roles to install and configure linux services such as nfs, mail. dns, dhcp, etc that will provide a secure and known-to-work set of (some or all) said services.
I am attempting to create a "config" rpm that will create the necessary directories and default configuration files to be used by subsequent rpm packages providing these roles. This is much in the same manner as the filesystem rpm provides directories to the base o/s.
I envision this rpm to create: a) A fedora_server userid and group id that has write access to the directories/files created below. b) An ansible inventory directory c) A directory to create executable and yml files necessary to invoke said roles d) A directory to contain the subdirectories to define the provided ansible roles (tasks, defaults, files, templates, vars, etc)
The userids for the sysadmins using these new roles, would be added to the fedora-server group via linux commands in order to access/modify the provided roles.
I was thinking the inventory directory should go in /etc/ansible. Where the sysadmin would be a member of the newly generated "fedora_server" group with write permissions.
I am in a quandary about where to place the executes and yml files necessary to invode the new roles. Should I create a directory under /usr/local somwhere? Should I create a directory under /var/local somewhere? Or do I create a directory under /opt somewhere? Or is there somewhere else that makes more sense? Please keep in mind these directories will be provided by a Fedora Server WG rpm that should be included in a normal Fedora Server distribution media.
I have the same questions regarding the "roles" directory.
Any thoughts on the subject would be greatly appreciated.
John
server mailing list -- server@lists.fedoraproject.org To unsubscribe send an email to server-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/server@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
On Mon, May 05, 2025 at 03:41:49PM -0500, John W. Himpel via server wrote: ...snip...
Any thoughts on the subject would be greatly appreciated.
So, we have a bunch of ansible collections packaged in fedora already. Could this just package things up as collections?
Those end up under /usr/share/ansible/collections/ansible_collections/
and linux-system-roles packages does ship roles under there.
kevin
* Kevin Fenzi via server [06/05/2025 09:54] :
So, we have a bunch of ansible collections packaged in fedora already. Could this just package things up as collections?
The guidelines for packaging Ansible collections are pretty strict and assume the collections come from Ansible galaxy. I don't know that this is a good fit for what John is trying to do. https://docs.fedoraproject.org/en-US/packaging-guidelines/Ansible_collection...
I also suspect John want these roles to be as standalone as possible. Packaging them as a collection might send the message that you can't use any one role without using the others.
Emmanuel
On Tue, 2025-05-06 at 23:22 +0200, Emmanuel Seyman via server wrote:
- Kevin Fenzi via server [06/05/2025 09:54] :
So, we have a bunch of ansible collections packaged in fedora already. Could this just package things up as collections?
The guidelines for packaging Ansible collections are pretty strict and assume the collections come from Ansible galaxy. I don't know that this is a good fit for what John is trying to do. https://docs.fedoraproject.org/en-US/packaging-guidelines/Ansible_collection...
I also suspect John want these roles to be as standalone as possible. Packaging them as a collection might send the message that you can't use any one role without using the others.
Emmanuel
Unfortunately, I think the ansible term "collections" is a bit mis-leading. While it may refer to a group of roles/playbooks/etc., it is also a filesystem layout and a packaging format.
I did a "dnf5 list ansible-collection*" command and see many rpms containing individual ansible collection. Most of the collections seem to be aimed at managing a single service.
So Kevin's suggestion of using the packaging format for each service seems to make some sense rather than packaging individual roles/playbooks.
We can talk about this more at today's WG meeting.
* John W. Himpel via server [05/05/2025 15:41] :
This is much in the same manner as the filesystem rpm provides directories to the base o/s.
Running the command "dnf search 'basic directory layout'" will give you the name of a number of rpms that do something similar to what you're trying to do.
I envision this rpm to create: a) A fedora_server userid and group id that has write access to the directories/files created below.
I find 'fedora_server' to be a bit long for a username (and the 'fedora' part seems redundant) but YMMV.
I'm curious as to why you would this user to have write access to the layout or the files contained within.
I was thinking the inventory directory should go in /etc/ansible.
The "stateless" gang has been praching an empty /etc for years now, argueing that /etc should contain only stuff the sysadmin create and create an 'ansible' directory would go against that.
Where the sysadminwould be a member of the newly generated "fedora_server" group with write permissions.
I wonder if the 'wheel' group isn't a better choice here...
I am in a quandary about where to place the executes and yml files necessary to invode the new roles. Should I create a directory under /usr/local somwhere? Should I create a directory under /var/local somewhere? Or do I create a directory under /opt somewhere? Or is there somewhere else that makes more sense? Please keep in mind these directories will be provided by a Fedora Server WG rpm that should be included in a normal Fedora Server distribution media.
I have the same questions regarding the "roles" directory.
By default, ansible searches for roles in the following directories: * $HOME/.ansible/roles * /usr/share/ansible/roles * /etc/ansible/roles
I don't think using any other option than one of those three makes much sense...
Emmanuel
server@lists.fedoraproject.org
-
Emmanuel Seyman -
John W. Himpel -
Kevin Fenzi -
Subhendu Ghosh