diff options
| author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-03-09 07:05:07 -0500 |
|---|---|---|
| committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-03-09 07:14:48 -0500 |
| commit | 79794a00ef832365959404ca8499a545b6202d7c (patch) | |
| tree | 45ccfb6abfcc6e24f290c79de3869410f4cc6c2a /inventory-example | |
| parent | 0a41c066909d8ff76f0306ea8450ecbfb48a5b6d (diff) | |
| download | selfhosted-79794a00ef832365959404ca8499a545b6202d7c.tar.gz selfhosted-79794a00ef832365959404ca8499a545b6202d7c.zip | |
dnf_automatic: don't automatically restart services on ipa servers
Turns out that restarting individual units on a freeipa server can leave
it in a bad state. Systemd isn't smart enough to restart things in the
right order - you have to use `ipactl restart`.
There's probably a way to make the daemon restart script smarter with
regard to IPA hosts, but since an IPA outage is incredibly disruptive,
I'm just disabling auto-restart on IPA hosts for now.
Diffstat (limited to 'inventory-example')
| -rw-r--r-- | inventory-example/30-constructed.yml | 1 | ||||
| -rw-r--r-- | inventory-example/40-groups | 10 |
2 files changed, 9 insertions, 2 deletions
diff --git a/inventory-example/30-constructed.yml b/inventory-example/30-constructed.yml index f519d22..5a776a1 100644 --- a/inventory-example/30-constructed.yml +++ b/inventory-example/30-constructed.yml @@ -10,6 +10,7 @@ compose: proxmox_memory: (ram | default('4g') | human_to_bytes / 1048576) | int proxmox_cores: cores | default(2) groups: + freeipa_replicas: "'freeipa_servers' in group_names and 'freeipa_master' not in group_names" el: (group_names | intersect(['unmanaged','opnsense_firewalls','proxmox_hypervisors']) | length) == 0 nagios_ansible_managed_clients: (group_names | intersect(['unmanaged','opnsense_firewalls','linux_laptops']) | length) == 0 nagios_el_clients: (group_names | intersect(['unmanaged','opnsense_firewalls','linux_laptops','proxmox_hypervisors']) | length) == 0 diff --git a/inventory-example/40-groups b/inventory-example/40-groups index 0b3f935..4e10ce7 100644 --- a/inventory-example/40-groups +++ b/inventory-example/40-groups @@ -43,10 +43,16 @@ proxmox_bios = seabios [freeipa_master:vars] # The initial FreeIPA installation requires an upstream DNS server to bootstrap itself. proxmox_nameservers = '{{ freeipa_dns_forwarders }}' -# Update the FreeIPA master every _other_ day. If there's a botched automatic -# update, we don't want to take the entire domain down overnight. +# Don't update all freeipa servers at once dnf_automatic_on_calendar = '*-*-1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31 04:00:00' +[freeipa_replicas:vars] +# Don't update all freeipa servers at once +dnf_automatic_on_calendar = '*-*-2,4,6,8,10,12,14,16,18,20,22,24,26,28,30 04:00:00' + +[freeipa_servers:vars] +dnf_automatic_restart = False + [git_servers:vars] apache_gssapi = True |