| View previous topic :: View next topic |
| Author |
Message |
timeraider
n00b
Joined: 27 Jul 2015
Posts: 41
|
 Posted: Wed Nov 16, 2016 6:08 pm Post subject: [SOLVED] Managing Gentoo's world-file with Ansible? |
 |
|
Dear Gentoo community,
I would like to manage several Gentoo workstations with Ansible, but I cannot find a solution on how to properly manage the world-file.
I would like that a list of packages is actually recorded in the world-file, e.g., mail-client/thunderbird, www-client/firefox and www-plugins/adobe-flash on all desktop workstations and that others are not present in the world file, among them, for example, app-arch/lz4 and media-libs/libvpx which I accidentally upgraded with | Code: | | emerge -kv <package> |
to fix GLSA security issues.
I know that there is http://docs.ansible.com/ansible/portage_module.html but that Ansible module just takes a single package at one time if I have understood the article correctly, and it does not cover recorded in-world or present-but-not-in-world-file.
So I would like to know how you guys actually manage your stuff with Ansible....
Thanks for sharing your knowledge!
Last edited by timeraider on Thu Nov 24, 2016 4:39 pm; edited 2 times in total |
|
| Back to top |
|
 |
timeraider
n00b
Joined: 27 Jul 2015
Posts: 41
|
| Posted: Wed Nov 23, 2016 9:31 am Post subject: |
|
|
| nobody using Ansible to manage Gentoo infrastructure? |
|
| Back to top |
|
|
John R. Graham
Administrator
Joined: 08 Mar 2005
Posts: 10589
Location: Somewhere over Atlanta, Georgia
|
| Posted: Wed Nov 23, 2016 5:58 pm Post subject: |
|
|
I almost replied to this before but thought I must be misunderstanding. All you want to do is to distribute a master world file to a population of computers? If so, this seems trivial with any distributed computer management system. If not, could you explain a little further?
- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters. |
|
| Back to top |
|
|
timeraider
n00b
Joined: 27 Jul 2015
Posts: 41
|
| Posted: Thu Nov 24, 2016 4:37 pm Post subject: |
|
|
@John R. Graham: Okay, thank you for your comment. I thought that I once read editing the world-file manually is considered bad style and may lead to corruption. But according to the man page this was a delusion: | Quote: | | /var/lib/portage/world Contains a list of all user-specified packages. You can safely edit this file, adding packages that you want to be considered in world set updates and removing those that you do not want to be considered. |
|
|
| Back to top |
|
|
John R. Graham
Administrator
Joined: 08 Mar 2005
Posts: 10589
Location: Somewhere over Atlanta, Georgia
|
| Posted: Thu Nov 24, 2016 5:00 pm Post subject: |
|
|
Yes, in fact, it's good form. Most of us make mistakes from time to time and the occasional perusal of the world file to eliminate cruft is a part of regular Gentoo hygiene, kind of like flossing. After deleting lines, a quick "emerge --depclean" will clean out the cruft; conversely, after adding lines, a quick "emerge --noreplace @selected" will bring in the new things.
- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters. |
|
| Back to top |
|
|
timeraider
n00b
Joined: 27 Jul 2015
Posts: 41
|
| Posted: Wed Dec 21, 2016 9:22 am Post subject: |
|
|
@John R. Graham: Okay, good to know.
So to share my progress made so far, I have created a play-book worldfile.yaml with the following content:
| Code: |
- hosts: PC
become: true
tasks:
- name: "Manage Gentoo portage world file"
template:
backup: true
force: true
src: templates/world.j2
dest: /var/lib/portage/world
owner: root
group: root
mode: 0644
|
A template file called templates/world.j2 with this content:
| Code: |
#jinja2:trim_blocks: False
# managed by Ansible
{% include "common.j2" %}
{% for my_group in group_names %}
{%- include my_group + ".j2" -%}
{% endfor %}
{% include ansible_hostname + ".j2" ignore missing %}
|
Another template file templates/common.j2 which contains the following lines
| Code: |
...
net-analyzer/fail2ban
...
sys-fs/lvm2
...
|
And some more template files for all other groups defined in /etc/ansible/hosts,
e.g. a template for group desktop called templates/desktop.j2:
| Code: |
app-arch/p7zip
app-cdr/k3b
app-doc/doxygen
media-video/vlc
|
The problem is now that the resulting world files are not sorted anymore, e.g. it might look like this:
| Code: |
net-analyzer/fail2ban
sys-fs/lvm2
app-arch/p7zip
app-cdr/k3b
app-doc/doxygen
media-video/vlc
|
Is there any dedicated module in Ansible to sort a file in-line?
Or is the only way to sort a file using the shell-module instead like this???
| Code: |
- shell: sort < /var/lib/portage/world > /var/lib/portage/world.2 && mv /var/lib/portage/world.2 /var/lib/portage/world
args:
executable: /bin/bash
|
|
|
| Back to top |
|
|
Dr.Willy
Guru
Joined: 15 Jul 2007
Posts: 547
Location: NRW, Germany
|
| Posted: Wed Dec 21, 2016 11:06 pm Post subject: |
|
|
| timeraider wrote: | The problem is now that the resulting world files are not sorted anymore, e.g. it might look like this:
[…]
Is there any dedicated module in Ansible to sort a file in-line? |
You could just leave the file unsorted, you know? |
|
| Back to top |
|
|
Jaglover
Watchman
Joined: 29 May 2005
Posts: 8291
Location: Saint Amant, Acadiana
|
| Posted: Wed Dec 21, 2016 11:21 pm Post subject: |
|
|
| John R. Graham wrote: | Yes, in fact, it's good form. Most of us make mistakes from time to time and the occasional perusal of the world file to eliminate cruft is a part of regular Gentoo hygiene, kind of like flossing. After deleting lines, a quick "emerge --depclean" will clean out the cruft; conversely, after adding lines, a quick "emerge --noreplace @selected" will bring in the new things.
- John |
I got myself into habit to add -1 to every emerge command (unless installing new software of course), even when I upgrade a user-installed package which already is in world file. Keeps the world file clean.
_________________
My Gentoo installation notes.
Please learn how to denote units correctly! |
|
| Back to top |
|
|
Proinsias
Tux's lil' helper
Joined: 06 Oct 2014
Posts: 133
Location: Scotland
|
| Posted: Thu Dec 22, 2016 12:39 am Post subject: |
|
|
| John R. Graham wrote: | Yes, in fact, it's good form. Most of us make mistakes from time to time and the occasional perusal of the world file to eliminate cruft is a part of regular Gentoo hygiene, kind of like flossing. After deleting lines, a quick "emerge --depclean" will clean out the cruft; conversely, after adding lines, a quick "emerge --noreplace @selected" will bring in the new things.
- John |
Thanks, I recall reading something along the lines of 'here be dragons' in reference to editing the world file and thus avoided it when it seemed like the simplest course of action. |
|
| Back to top |
|
|
Dr.Willy
Guru
Joined: 15 Jul 2007
Posts: 547
Location: NRW, Germany
|
| Posted: Thu Dec 22, 2016 10:53 am Post subject: |
|
|
| Jaglover wrote: | | I got myself into habit to add -1 to every emerge command[…] |
Suggestion: Add '--oneshot' to EMERGE_DEFAULT_OPTS and use -w / --select to actually record pkgs in the world file.  |
|
| Back to top |
|
|
timeraider
n00b
Joined: 27 Jul 2015
Posts: 41
|
| Posted: Thu Dec 22, 2016 1:46 pm Post subject: |
|
|
| Dr.Willy wrote: | | You could just leave the file unsorted, you know? |
Yes, thank you, I know that the order does not matter, but I prefer them to be sorted, as my personal matter of taste |
|
| Back to top |
|
|
John R. Graham
Administrator
Joined: 08 Mar 2005
Posts: 10589
Location: Somewhere over Atlanta, Georgia
|
| Posted: Thu Dec 22, 2016 2:06 pm Post subject: |
|
|
| Jaglover wrote: | | I got myself into habit to add -1 to every emerge command (unless installing new software of course), even when I upgrade a user-installed package which already is in world file. Keeps the world file clean. |
Good point. I --oneshot a lot of things that I'm individually updating or just trying out, too.
- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters. |
|
| Back to top |
|
|
|
Other Things Gentoo
