Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
ansible/README.markdown | 74 +++++++++++++++++++++++++++++++------------------
1 file changed, 47 insertions(+), 27 deletions(-)
diff --git a/ansible/README.markdown b/ansible/README.markdown
index 4d464e1..b867aee 100644
--- a/ansible/README.markdown
+++ b/ansible/README.markdown
@@ -1,38 +1,40 @@
-Ansible playbooks for libvirt CI
-================================
+libvirt CI - guest management tools
+===================================
-These can be used to turn a freshly installed machine into a worker for
-the Jenkins-based libvirt CI.
+The tools contained in this directory simplify and automate the management
+of the guests used by the Jenkins-based libvirt CI environment.
-There are two main playbooks:
+There are two steps to bringing up a guest:
-* `bootstrap.yml`, used to perform the bootstrapping phase, that is, getting
- guests to the point where Ansible can manage them fully and prompting the
- user for a password is no longer required;
+* `./manage install $guest` will perform an unattended installation
+ of `$guest`. Not all guests can be installed this way: see the "FreeBSD"
+ section below;
-* `site.yml`, used for the remaining configuration steps.
+* `./manage prepare $guest` will go through all the post-installation
+ configuration steps required to make the newly-created guest usable as
+ part of the Jenkins setup.
-Although you can use the playbooks directly, it's much more convenient to
-call either `make bootstrap` or `make site` instead.
+Once those steps have been performed, maintainance will involve running:
-Each guest only needs to be bootstrapped once; that said, both playbooks are
-idempotent so there's no harm in applying them over and over again.
+* `./manage update $guest`
+periodically to ensure the guest configuration is sane and all installed
+packages are updated.
-Requirements
-------------
-SSH must be running in the guest, and root login must be permitted.
+Security warning
+----------------
+The guests created using these tools are configured to allow logging
+in remotely as root with a well-known password: because of that, they
+are *completely insecure* and must *never* be exposed on any network,
+nor should they be used to perform any privacy-sensitive activity.
-CI use
-------
-After you have reinstalled a Jenkins worker, run `make bootstrap` followed
-by `make site` and a reboot to get it ready for CI use. No further action
-should be necessary.
+Adding new guests
+-----------------
-Adding new workers will require tweaking the inventory and host variables,
+Adding new guests will require tweaking the inventory and host variables,
but it should be very easy to eg. use the Fedora 26 configuration to come
up with a working Fedora 27 configuration.
@@ -40,11 +42,11 @@ up with a working Fedora 27 configuration.
Development use
---------------
-If you are a developer trying to reproduce a bug on some OS you don't have
-easy access to, you can use these playbooks to create a suitable test
+If you are a developer trying to reproduce a bug on some OS you don't
+have easy access to, you can use these tools to create a suitable test
environment.
-Since the playbooks are intended mainly for CI use, you'll have to tweak them
+Since the tools are intended mainly for CI use, you'll have to tweak them
a bit first, including:
* trimming down the `inventory` file to just the guest you're interested in;
@@ -56,5 +58,23 @@ a bit first, including:
* deleting `host_vars/$guest/vault.yml` altogether.
-After performing these tweaks, you should be able to just run `make bootstrap`
-followed by `make site` as usual.
+After performing these tweaks, you should be able to use the same steps
+outlined above.
+
+
+FreeBSD
+-------
+
+Installation of FreeBSD guests must be performed manually; alternatively,
+the official qcow2 images can be used to quickly bring up such guests.
+
+Some manual tweaking will be needed, in particular:
+
+* `/etc/ssh/sshd_config` must contain the `PermitRootLogin yes` directive;
+
+* `/etc/rc.conf` must contain the `sshd_enable="YES"` setting;
+
+* the root password must be manually set to "root" (without quotes).
+
+Once these steps have been performed, FreeBSD guests can be managed just
+like all other guests.
--
2.13.6