Date: Sun, 27 Nov 2016 15:02:20 +0100 From: Andrea Venturoli <ml@netfence.it> To: freebsd-questions@freebsd.org Subject: Ansible and jails Message-ID: <34b5beb3-b942-d1c9-aa67-25bb9597ea98@netfence.it>
next in thread | raw e-mail | index | archive | help
Hello. I'm digging into sysutil/ansible and I'd welcome some suggestion on how to manage jails. Right now I'm still trying to be able to run simple commands and I'll deal with playbooks later. Since I've already an ssh user with a proper key in place, I'm able to run commands on every host as an unprivileged user. I've put root passwords in vaults, so I can "become" through su. So now I can issue commands like: > ansible basehost --ask-vault-pass -b -m shell -a "ezjail-admin console -e 'command' jailname" This however has two disadvantages: it's not simple and requires me to issue multiple commands, since I cannot address base hosts and jails at the same time. I'd like to be able to get info from every base host and every jail within, with something like: > ansible all --ask-vault-pass -b -m shell -a "perl -v" So I looked if there's a way to do this and found several solutions; none works for me though. Bundled with Ansible comes a "jail" connector plugin, also described here: > https://www.keltia.net/howtos/jail-mgmt-with-ansible/ However, it looks like it's a "local" plugin, so it won't work on jails on remote hosts. I guess I could setup ansible on every base host and let a "main" ansible instance control "child" ansible instances, but that would be a quite complicated setup. There's >https://github.com/austinhyde/ansible-sshjail However, it's only compatible with sysutil/ansible1, not sysutil/ansible and I'd like to use the latter. Furthermore I wasn't able to make it work: it seems to get stuck in the "become" phase (possibly because I want to use su, not sudo?). Any other hint? How do you manage jails with ansible? bye & Thanks av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34b5beb3-b942-d1c9-aa67-25bb9597ea98>