Ansible and jails
ml at netfence.it
Sun Nov 27 14:08:08 UTC 2016
I'm digging into sysutil/ansible and I'd welcome some suggestion on how
to manage jails.
Right now I'm still trying to be able to run simple commands and I'll
deal with playbooks later.
Since I've already an ssh user with a proper key in place, I'm able to
run commands on every host as an unprivileged user.
I've put root passwords in vaults, so I can "become" through su.
So now I can issue commands like:
> ansible basehost --ask-vault-pass -b -m shell -a "ezjail-admin console -e 'command' jailname"
This however has two disadvantages: it's not simple and requires me to
issue multiple commands, since I cannot address base hosts and jails at
the same time.
I'd like to be able to get info from every base host and every jail
within, with something like:
> ansible all --ask-vault-pass -b -m shell -a "perl -v"
So I looked if there's a way to do this and found several solutions;
none works for me though.
Bundled with Ansible comes a "jail" connector plugin, also described here:
However, it looks like it's a "local" plugin, so it won't work on jails
on remote hosts.
I guess I could setup ansible on every base host and let a "main"
ansible instance control "child" ansible instances, but that would be a
quite complicated setup.
However, it's only compatible with sysutil/ansible1, not sysutil/ansible
and I'd like to use the latter.
Furthermore I wasn't able to make it work: it seems to get stuck in the
"become" phase (possibly because I want to use su, not sudo?).
Any other hint?
How do you manage jails with ansible?
bye & Thanks
More information about the freebsd-questions