Review for new rbac_playbook

Kevin Fenzi kevin at scrye.com
Wed Jun 11 22:27:15 UTC 2014


On Mon, 9 Jun 2014 10:13:00 -0600
Tim Flink <tflink at redhat.com> wrote:

> I've generally been using port 222 for real ssh on those hosts. We
> could set the port in the inventory file. While that would work for
> many cases, I've always used the -e directly for 2 reasons:
> 
> 1) My understanding is that ansible convention discourages putting
>    stuff like that in the inventory files

Well, it's a bit ugly, but should work I would think. 

> 2) Hosts are listening for ssh on port 22 when initially deployed.
>    Initial deployments would require changing the inventory
> information to use port 22 for initial deployment and then changing
> it back to the alternate port after running the playbook/role which
> sets up the alternate port for ssh.

True... a bit messy. 
 
> If that's the way that we want to go, we'll have some extra commits to
> the ansible repo but it'll work.

Yeah, I think a bit of messyness in the repo is better than having to
bother with -P in rbac-playbook... just to make it simplier. 

kevin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20140611/67d96bc1/attachment.sig>


More information about the infrastructure mailing list