Ansible for FreeBSD - use cases?
Victor Sudakov
vas at sibptus.ru
Sun Oct 6 07:21:29 UTC 2019
Ruben wrote:
>
> I've been using ansible in production for both Linux and FreeBSD for a
> couple of years now. There are about 150 Linux servers and 50 FreeBSD
> our team manages.
>
> Our main usecases for using ansible specifically on/for FreeBSD targets:
>
> - user management
>
> The user modules are running fine on FreeBSD.
>
> - pf management
>
> The blockinfile module together with jinja2 functionality really kicks ass.
>
> - setting up GELI/ZFS/NFS
>
> We use several modules to orchestrate zfs fileservers: blockinfile,
> raw/shell , service, etc
Thanks a lot for enumerating a few modules which can be useful for FreeBSD
administration.
>
> The only stuff that - in my experience - is cumbersome to orchestrate
> with Ansible:
>
> - portstree compiles (for which we (try) to use portmaster with the Q
> branches of the portstree)
Did you consider compiling centrally in poudriere and then installing
the binary packages with pkgng on the managed hosts?
> - freebsd-update (crossing . releases, so using the "upgrade" switch)
Do you administer freebsd-update within one release with Ansible too?
>
> Ansible integrates quite nicely with Jinja2, which allows us to
> configure/adminstrate all applications we run on FreeBSD servers.
Please tell if Jinja2 (which port is that?) has to be installed on the
Ansible controller only, or on every managed host?
> I think using a framework to administer stuff that is used by many other
> sysadmins makes more sense than writing one's own framework. I don't
> know of any other orchestration framework out there that is OS and only
> needs ssh/python in order to function, thats why I use Ansible.
Thanks for the positive review! One more question: have you ever had
problems and disasters caused by Ansible modules? After all, they are
pieces of software written probably by a Linux-minded person modifying
your FreeBSD system's vitals. Does it not sound a bit scary?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20191006/e5db3e86/attachment.sig>
More information about the freebsd-questions
mailing list