Date: Sun, 6 Oct 2019 14:21:25 +0700 From: Victor Sudakov <vas@sibptus.ru> To: freebsd-questions@freebsd.org Subject: Re: Ansible for FreeBSD - use cases? Message-ID: <20191006072125.GA83898@admin.sibptus.ru> In-Reply-To: <aa417bc5-c0cf-bda3-1750-7342726633ac@osfux.nl> References: <20191005141507.GA1223@admin.sibptus.ru> <aa417bc5-c0cf-bda3-1750-7342726633ac@osfux.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
--/04w6evG8XlLl3ft Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Ruben wrote: >=20 > I've been using ansible in production for both Linux and FreeBSD for a=20 > couple of years now. There are about 150 Linux servers and 50 FreeBSD=20 > our team manages. >=20 > Our main usecases for using ansible specifically on/for FreeBSD targets: >=20 > - user management >=20 > The user modules are running fine on FreeBSD. >=20 > - pf management >=20 > The blockinfile module together with jinja2 functionality really kicks as= s. >=20 > - setting up GELI/ZFS/NFS >=20 > We use several modules to orchestrate zfs fileservers: blockinfile,=20 > raw/shell , service, etc Thanks a lot for enumerating a few modules which can be useful for FreeBSD administration. >=20 > The only stuff that - in my experience - is cumbersome to orchestrate=20 > with Ansible: >=20 > - portstree compiles (for which we (try) to use portmaster with the Q=20 > branches of the portstree) Did you consider compiling centrally in poudriere and then installing the binary packages with pkgng on the managed hosts? > - freebsd-update (crossing . releases, so using the "upgrade" switch) Do you administer freebsd-update within one release with Ansible too? >=20 > Ansible integrates quite nicely with Jinja2, which allows us to=20 > configure/adminstrate all applications we run on FreeBSD servers. Please tell if Jinja2 (which port is that?) has to be installed on the Ansible controller only, or on every managed host? > I think using a framework to administer stuff that is used by many other= =20 > sysadmins makes more sense than writing one's own framework. I don't=20 > know of any other orchestration framework out there that is OS and only= =20 > needs ssh/python in order to function, thats why I use Ansible. Thanks for the positive review! One more question: have you ever had problems and disasters caused by Ansible modules? After all, they are pieces of software written probably by a Linux-minded person modifying your FreeBSD system's vitals. Does it not sound a bit scary? --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --/04w6evG8XlLl3ft Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJdmZX1AAoJEA2k8lmbXsY0y40H/AsxwMGoxWRq2h0ped5gZt4B CNpUqrmytv5zLq2f91lImJJF5t91tmxiHQMWaaa2jofD3DpI8XUlJrijVew0zDb6 CSIfphqNWIZlo0Id09kfan6okJ6iOIdOZvSN1321HJ8SRiJLRJCArk6/iU/7nZsY 7rj1KAfQHFhmmLc5ueuZHvbQiIpnKii0bdiekK45GZhPPMzqcBnC70Cx0X7c7nv2 /So0HF/PI+bBsaUDZpWa0rkl1vT3AYmQBFtE8Okw/fBHeg4GRsI2N+4mT1O6ZvJC G0XC2XDjJnM3hkdM14UJtBlOK6zx9kwnMhdriQy2Z4WkCesSZvc+w6SsqeCFvx8= =GF++ -----END PGP SIGNATURE----- --/04w6evG8XlLl3ft--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20191006072125.GA83898>