--4pdsjT4L2os85dEm9kquOeQ6Ptg5l9wSs Content-Type: multipart/mixed; boundary="vlCuSqbaLt9KI0wGL5rPUod0kVrUpQ1xE"; protected-headers="v1" From: Sven Kieske <s.kieske@mittwald.de> To: devel@ovirt.org Message-ID: <9f5a0933-a32b-be8f-e33b-5e11571f70b7@mittwald.de> Subject: Re: [ovirt-devel] Firewalld migration. References: <CA+mNUtDjTH31=qb-FyTUjO0LdMW9y0kSmqizG2Pq=HnBukns1g@mail.gmail.com> <CAJ_kCt5kvevgcrcBGi_RqMPgkS1TC-9C2v_1qBtyQZpGuiPAhQ@mail.gmail.com> <CA+mNUtDLz9_D4r5L_BU_oRcyhhrc2DL=1h5WPCbWqUbLRL8xfA@mail.gmail.com> <CAJ_kCt7qjwLy+T90X_wHscqTAh-z0=t+YHCJGm0ssk=i3bC4AQ@mail.gmail.com> <CAHRwYXtr7TJZ1-CACgdJ1H2ANO=6oMujar7C3rsfNYnvQWiGmA@mail.gmail.com> <CA+mNUtDUb8RdbGgmZj0w0SXvav4+RGX_Qys5EhN-Ff=0kLS-=g@mail.gmail.com> <CAHRwYXuMxbHNYMcfBLDG0sVR1rpcsij4TG0p_3CjreGMXuGwqw@mail.gmail.com> <CA+mNUtBLPGdqR4M=yrh772F=UXj9bK+1hGfeGxunfMHnq3PecA@mail.gmail.com> <CAHRwYXv+wJwhHzMfVN3sgJ=VeDHOgL48tKYjSe6rhF4EyTQGEg@mail.gmail.com> <CA+mNUtA=xD=7x+CVme2pRpf07-Ta=K9M6b3SooMiiTBDMkL2ag@mail.gmail.com> <CAF0zDV6K4E+eBf6hzLXh5GUXO9H8F3cJkzDWx5879A3mHp64OA@mail.gmail.com> <CALmkdFRtrtCLj4g_=S_6yjz6Vegx4Y--yw2eGuo1net5AhsSeg@mail.gmail.com> <CAF0zDV6v1DYCmdniaVzbhOZy1bnzh0fNnTFHCkd1vAn_jwnyTg@mail.gmail.com> <CAJgorsauFKOpF2iCuxTXhaPAQM5AY9_T_bR+APV75iRO81PPrg@mail.gmail.com> <CAF0zDV6f38_7EwRE6nNb1WXHrAk7OEZv=wA3btvrdrBtQx3FCg@mail.gmail.com> In-Reply-To: <CAF0zDV6f38_7EwRE6nNb1WXHrAk7OEZv=wA3btvrdrBtQx3FCg@mail.gmail.com> --vlCuSqbaLt9KI0wGL5rPUod0kVrUpQ1xE Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 28/03/17 17:58, Martin Sivak wrote:
I actually like the radical option Didi mentioned -> using Ansible for the whole deploy flow. A simple host-deploy dir with playbooks (and builtin roles) is something most people would understand easily. =20 And it would even remove all the infrastructure burden from us, oVirt would not be the host management solution, Ansible would take the role and we would just invoke it when deploying a new host much like we do with host deploy now (except Ansible manages its own ssh connection too).
+1 but some drawback (actual ansible user here): you in fact need _some_ libs on the managed hosts for certain ansible features to work (e.g. if you want to respect selinux settings on the host), so you would also need to provide these or list them as prerequisites. I understand ovirt can't just provide config mgmt solutions for every tool out there (puppet, chef, ansible, saltstack, etc.). the best approach would be, if it is pluggable, like foreman did this with it's smart proxys and plugins: https://theforeman.org/plugins/ so you could provide a plugin infrastructure and maybe write the ansible integration yourself and the community can add their own plugins like puppet or chef modules at will. If they mature enough you could even ship those (optional). I really think there would be some value in this, because many small deployments use tools like puppet or ansible, while these do not scale well for large environments, where you tend to have things like salt or chef. PS: if you want to annoy some users you could even declare a hard dependency on foreman and use foreman for the host deployment (a tool that's actually written for exact this scope), others might find this higher integration nice. I'm not sure if I would like it or not. --=20 Mit freundlichen Gr=FC=DFen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG K=F6nigsberger Stra=DFe 6 32339 Espelkamp T: +495772 293100 F: +495772 293333 https://www.mittwald.de Gesch=E4ftsf=FChrer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhause= n Komplement=E4rin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynha= usen --vlCuSqbaLt9KI0wGL5rPUod0kVrUpQ1xE-- --4pdsjT4L2os85dEm9kquOeQ6Ptg5l9wSs Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJY2pCIAAoJEMby9TMDAbQRdKsQANGoClhjwMSXu1Ep/ejKbVy1 UUvXHvFLaj7Y51ZlzQrNK7NldOjQ4TvjfcFk0+EzVvdrc8dtr+gcLNBO32yv/+x5 7SlxTp3P9oKjBUzWNa5T1lUR3PsGfpuVygl11LDFN+nFiJhxE4hpxCfB6N4vbnSX w/zPAo31XZpHZaiswCrD0D3A5JMLASqd+4GWGvLFmuqYlhbwg/xUoWNORveFQ8ry ddyXnMXaMnYhy5oHkwsAdiK89EahLTgwbsd18dCM7nGtZx6XzjwDiJ6Epv5seFPS NHfTHp3zkkiS/humrnCRmqR63QjiJfFtSan+3Jl98y2lxLuhHZLTSj0uFyQxkHeN fiOM4usvBk3RY8vjJ+VuujrueDaN+0/fCvt86erJlghxhHrPFUNHU/ZHFs4lANbH pIyG8072kc7B+94CTuzNAAjzMliAn7ma7/GSRT3Ux1se/tX+Bje49lbiGDnzLrFa /7xmcJJqT6gFHInsiLT4auGKE+PJ5BI6UK87k/8jYrPovNYSc7/enM0h97qG43uF jxrT+rOFZbLptWHCp+xFCnTvB3l5c0jFVyHI4w2bYVAAj8+L45N6xbYyYL+lx9rc gBabgRezvGaP0gCMjXSPUjBJ3ALO5qzaMLNkLL/L4ClLbY6XAw/fU6UVC9EuslnK wd19j00KdJBQdsVtAxpk =ZoMB -----END PGP SIGNATURE----- --4pdsjT4L2os85dEm9kquOeQ6Ptg5l9wSs--