Ansible for FreeBSD - use cases?

Mon Oct 7 07:19:12 UTC 2019

stuff snipped

On 10/7/19 6:22 AM, Victor Sudakov wrote:
> Ruben wrote:
>>>> - freebsd-update (crossing . releases, so using the "upgrade" switch)
>>>
>>> Do you administer freebsd-update within one release with Ansible too?
>>>
>>
>> Yes, that works nicely (since it doesn't require interaction).
> 
> Maybe you have been lucky, but for me freebsd-update sometimes drops
> into interactive mode to resolve conflicts in /etc
> freebsd-update within the same point release works nicely. So 11.2.* . 
The moment I use the upgrade switch to change to 11.3 for instance, the 
pain starts.

Its a real shame its this difficult. I've tried all sorts of pre-seeding 
, freebsd-update.conf options, caching servers, adjusting 
freebsd-update, etc. I spent hours on trying to smoothe this. A 
co-worker came up with a better solution I think: just unpack the new 
distribution on top of everything that is in place (keep a list of 
configfiles that were overwritten, script script etc). Ofc , this has 
its drawbacks as wel, but should we decide to spend any more time on 
this (prior to the pkgng of base solution) that will be our next 
attempt. The situation atm is terrible if I compare it to other OS'ses I 
manage with ansible.

Normally we just delete a vm and redeploy it with the new OS, but since 
we use FreeBSD a lot for fileservers, this is not always possible.

Im curious how others solve this (freebsd-update with orchestration tools).

>> What other modules were you contemplating on using / what is your usecase?
> 
> A good question. Let me remember the most tedious tasks.
> 
> 1. I already distribute some configuration files (like
> squid white- and blacklists, hosts.allow, sysutils/vm-bhyve templates
> etc) with net/rdist6. I may replace rdist by ansible if it's more
> flexible (rdist cannot edit files, only replaces if newer).
> The "copy", "lineinfile" and "blockinfile" modules are for that, right?
> 

Yes. You could also try using the "template" module. If you use the 
template module, you can generate the configfiles (or feed "blockinfile" 
for instance)  based on jinja2 templates you keep.

> 2. Installation of packages (from the single repo I keep) and keeping
> them up-to-date. In jails too.
> 
> 3. User and group management certainly. In jails too.
> 
> 4. Creation/destruction/configuraton of a) jails and b) VMs in vm-bhyve.
> 

I have very limited experience with running jails, let alone managing 
them with ansible. I do manage a couple of bhyve machines, but without 
the vm-bhyve framework. I just use ansible to execute shellscripts on 
the hypvervisors, no fancy stuff there.

> 5. The management of Let's Encrypt certs (I use acme.sh currently). Do I
> even need ansible for that?
> 
I don't think you "need" ansible, cron might be better suited?

Regards,

Ruben