Date: Mon, 7 Oct 2019 11:22:35 +0700 From: Victor Sudakov <vas@sibptus.ru> To: freebsd-questions@freebsd.org Subject: Re: Ansible for FreeBSD - use cases? Message-ID: <20191007042235.GA98441@admin.sibptus.ru> In-Reply-To: <8f645b64-059d-dab2-d08c-d608b645451b@osfux.nl> References: <20191005141507.GA1223@admin.sibptus.ru> <aa417bc5-c0cf-bda3-1750-7342726633ac@osfux.nl> <20191006072125.GA83898@admin.sibptus.ru> <8f645b64-059d-dab2-d08c-d608b645451b@osfux.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
--lrZ03NoBR/3+SXJZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Ruben wrote: > >> - freebsd-update (crossing . releases, so using the "upgrade" switch) > >=20 > > Do you administer freebsd-update within one release with Ansible too? > >=20 >=20 > Yes, that works nicely (since it doesn't require interaction). Maybe you have been lucky, but for me freebsd-update sometimes drops into interactive mode to resolve conflicts in /etc > >> > >> Ansible integrates quite nicely with Jinja2, which allows us to > >> configure/adminstrate all applications we run on FreeBSD servers. > >=20 > > Please tell if Jinja2 (which port is that?) has to be installed on the > > Ansible controller only, or on every managed host? >=20 > You would only need it on the ansible host. I think it's even a=20 > requirement for running ansible, but i'm not sure. The package I have=20 > currently installed on an FreeBSD ansible controller: py27-Jinja2-2.10.1 . You are right, in my test setup py36-Jinja2-2.10.1 is already a requirement for sysutils/ansible. [dd] > > Thanks for the positive review! One more question: have you ever had > > problems and disasters caused by Ansible modules? After all, they are > > pieces of software written probably by a Linux-minded person modifying > > your FreeBSD system's vitals. Does it not sound a bit scary? >=20 > I totally agree : it is scary. Especially the packetfilter/firewall and= =20 > user management stuff. As you are probably well aware AWS for instance=20 > doesn't provide console access to its ec2 instances. If a playbook/role= =20 > screws up, customers miss an often very vital part of their infrastructur= e. >=20 > If you test playbooks/roles on non-production deployments prior to=20 > running them on live stuff its suddenly a lot less scary and I have=20 > never come accross disaster scenarios.=20 I see. > The user management modules - in=20 > my experience - are rock-solid. The=20 > "lininfile,blockinfile,raw,shell,command" modules as well. What other=20 > modules were you contemplating on using / what is your usecase? A good question. Let me remember the most tedious tasks. 1. I already distribute some configuration files (like squid white- and blacklists, hosts.allow, sysutils/vm-bhyve templates etc) with net/rdist6. I may replace rdist by ansible if it's more flexible (rdist cannot edit files, only replaces if newer). The "copy", "lineinfile" and "blockinfile" modules are for that, right? 2. Installation of packages (from the single repo I keep) and keeping them up-to-date. In jails too. 3. User and group management certainly. In jails too. 4. Creation/destruction/configuraton of a) jails and b) VMs in vm-bhyve. 5. The management of Let's Encrypt certs (I use acme.sh currently). Do I even need ansible for that? --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --lrZ03NoBR/3+SXJZ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJdmr2LAAoJEA2k8lmbXsY0VHgIAKq7RNPMlS8u56tsI4STCbpt M9zK//YV2ZVT5MoOJOk0TruNi9AT8qe3QaQoM495l5H+C8lblyv3osPDxR4L5Hhl xXk6oP4FMToIQp6GfU5HgG0y8PYRBgcpqF9wRxJFnqqNU9/QfSsowZ/B3m7ILkXK sWb2/I3Nnx4b03aUw/fuMex2LperIev4fiOj3dylYOpaum9kq00482dzUF1X5cYk yWYD2jR+p9yo20ZKf28fNVHzi9lisW3GSlVxLU271iLmjT1ChgXPeQq+v1yJhXbF iscQsX/aerCqoRNBcnJNzkHhNfhm/cozHjyB6y2B5gl8OuPYMiqzhhKwDD/SU7Q= =sWSP -----END PGP SIGNATURE----- --lrZ03NoBR/3+SXJZ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20191007042235.GA98441>