Ansible for FreeBSD - use cases?
mail at osfux.nl
Mon Oct 7 07:19:12 UTC 2019
On 10/7/19 6:22 AM, Victor Sudakov wrote:
> Ruben wrote:
>>>> - freebsd-update (crossing . releases, so using the "upgrade" switch)
>>> Do you administer freebsd-update within one release with Ansible too?
>> Yes, that works nicely (since it doesn't require interaction).
> Maybe you have been lucky, but for me freebsd-update sometimes drops
> into interactive mode to resolve conflicts in /etc
> freebsd-update within the same point release works nicely. So 11.2.* .
The moment I use the upgrade switch to change to 11.3 for instance, the
Its a real shame its this difficult. I've tried all sorts of pre-seeding
, freebsd-update.conf options, caching servers, adjusting
freebsd-update, etc. I spent hours on trying to smoothe this. A
co-worker came up with a better solution I think: just unpack the new
distribution on top of everything that is in place (keep a list of
configfiles that were overwritten, script script etc). Ofc , this has
its drawbacks as wel, but should we decide to spend any more time on
this (prior to the pkgng of base solution) that will be our next
attempt. The situation atm is terrible if I compare it to other OS'ses I
manage with ansible.
Normally we just delete a vm and redeploy it with the new OS, but since
we use FreeBSD a lot for fileservers, this is not always possible.
Im curious how others solve this (freebsd-update with orchestration tools).
>> What other modules were you contemplating on using / what is your usecase?
> A good question. Let me remember the most tedious tasks.
> 1. I already distribute some configuration files (like
> squid white- and blacklists, hosts.allow, sysutils/vm-bhyve templates
> etc) with net/rdist6. I may replace rdist by ansible if it's more
> flexible (rdist cannot edit files, only replaces if newer).
> The "copy", "lineinfile" and "blockinfile" modules are for that, right?
Yes. You could also try using the "template" module. If you use the
template module, you can generate the configfiles (or feed "blockinfile"
for instance) based on jinja2 templates you keep.
> 2. Installation of packages (from the single repo I keep) and keeping
> them up-to-date. In jails too.
> 3. User and group management certainly. In jails too.
> 4. Creation/destruction/configuraton of a) jails and b) VMs in vm-bhyve.
I have very limited experience with running jails, let alone managing
them with ansible. I do manage a couple of bhyve machines, but without
the vm-bhyve framework. I just use ansible to execute shellscripts on
the hypvervisors, no fancy stuff there.
> 5. The management of Let's Encrypt certs (I use acme.sh currently). Do I
> even need ansible for that?
I don't think you "need" ansible, cron might be better suited?
More information about the freebsd-questions