Iam running a POC for the company which i work for to use MicroOS or Leap Micro, the problem that i am facing is that the machines need to be configured in a particular way to pass compliancy/audit tests (Currently is somewhat comparable to CIS server level 2, but not the same).
I have adapted ansible code to work on opensuse, code works when running agains non-immutable distros such as tumbleweed and leap, the problem is that MicroOS and LeapMicro are immutable OSes as such writing to for eg: /etc is not possible in de default mode, one must use the transactional-update shell to make changes to the system.
I know that the ansible community.zypper module allows for installing/removing packages, but other operations are not supported, has anyone finded a solution for this ?
@string0 Hi, after the demise of Vagrant I had a play with Ansible, it’s too weird for me
/etc is writable?
But I did manage to get combustion working with it from memory, just had to add as a USB device to the VM, but one could also look at using Ignition and add as an iso image.
Hi @malcolmlewis, you are right /etc/ is writtable and i am able to write data to it using ansible, still struggling alittle with other issues. So i am very curious about ansible usage against these immutable systems.
@string0 That’s the purpose of Combustion and Ignition, when the system is booting and either is detected it will perform the tasks all before the system goes read-only. I add users, configure the likes of ssh, sysctl, setup the network, install packages with zypper.
It’s all doable, just have to configure ansible to see either of those mediums present for it to action.
Yes, you make a good point there, i would need to install some packages(ansible, git) to be able to pull and run the ansible code, after everything is configured i would probably do some cleanup and it would work. i could even do this with Packer i think to create some sort of golden image(as we do now with EL) in this way.
