Ansible and jails

Andrea Venturoli ml at
Sun Nov 27 14:08:08 UTC 2016


I'm digging into sysutil/ansible and I'd welcome some suggestion on how 
to manage jails.

Right now I'm still trying to be able to run simple commands and I'll 
deal with playbooks later.

Since I've already an ssh user with a proper key in place, I'm able to 
run commands on every host as an unprivileged user.

I've put root passwords in vaults, so I can "become" through su.

So now I can issue commands like:
> ansible basehost --ask-vault-pass -b -m shell -a "ezjail-admin console -e 'command' jailname"

This however has two disadvantages: it's not simple and requires me to 
issue multiple commands, since I cannot address base hosts and jails at 
the same time.
I'd like to be able to get info from every base host and every jail 
within, with something like:
> ansible all --ask-vault-pass -b -m shell -a "perl -v"

So I looked if there's a way to do this and found several solutions; 
none works for me though.

Bundled with Ansible comes a "jail" connector plugin, also described here:
However, it looks like it's a "local" plugin, so it won't work on jails 
on remote hosts.
I guess I could setup ansible on every base host and let a "main" 
ansible instance control "child" ansible instances, but that would be a 
quite complicated setup.

However, it's only compatible with sysutil/ansible1, not sysutil/ansible 
and I'd like to use the latter.
Furthermore I wasn't able to make it work: it seems to get stuck in the 
"become" phase (possibly because I want to use su, not sudo?).

Any other hint?
How do you manage jails with ansible?

  bye & Thanks

More information about the freebsd-questions mailing list