From owner-freebsd-questions@freebsd.org Sun Oct 6 07:21:29 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4215412F1BD for ; Sun, 6 Oct 2019 07:21:29 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46mFQw0nm2z3GkW for ; Sun, 6 Oct 2019 07:21:27 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=SAE7wMIk06OlyW0tuFygKvcoycDlA6z6cv/el/OfGeE=; b=YGGzTK6xRNmVpnW9YxPQfXRXfg 94wHhLqatVQMZXJCQ/AYC3O5KP0+Z1aVIXacIJ9v7oICKrspvCCzDiNk8gLxJIayf7FzEcQ9GZDCB uGzqWgfhdCurGlClCyOUCf1v6qGRLqCazwoRqZC6oJeGANE67ArADqhx6uBSD0qPtxzw=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1iH0r7-000Okb-P2 for freebsd-questions@freebsd.org; Sun, 06 Oct 2019 14:21:25 +0700 Date: Sun, 6 Oct 2019 14:21:25 +0700 From: Victor Sudakov To: freebsd-questions@freebsd.org Subject: Re: Ansible for FreeBSD - use cases? Message-ID: <20191006072125.GA83898@admin.sibptus.ru> References: <20191005141507.GA1223@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/04w6evG8XlLl3ft" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 46mFQw0nm2z3GkW X-Spamd-Bar: ------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=YGGzTK6x; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-7.30 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; RCVD_TLS_LAST(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2]; IP_SCORE(-3.20)[ip: (-9.80), ipnet: 2001:19f0:5000::/38(-4.90), asn: 20473(-1.25), country: US(-0.05)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Oct 2019 07:21:29 -0000 --/04w6evG8XlLl3ft Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Ruben wrote: >=20 > I've been using ansible in production for both Linux and FreeBSD for a=20 > couple of years now. There are about 150 Linux servers and 50 FreeBSD=20 > our team manages. >=20 > Our main usecases for using ansible specifically on/for FreeBSD targets: >=20 > - user management >=20 > The user modules are running fine on FreeBSD. >=20 > - pf management >=20 > The blockinfile module together with jinja2 functionality really kicks as= s. >=20 > - setting up GELI/ZFS/NFS >=20 > We use several modules to orchestrate zfs fileservers: blockinfile,=20 > raw/shell , service, etc Thanks a lot for enumerating a few modules which can be useful for FreeBSD administration. >=20 > The only stuff that - in my experience - is cumbersome to orchestrate=20 > with Ansible: >=20 > - portstree compiles (for which we (try) to use portmaster with the Q=20 > branches of the portstree) Did you consider compiling centrally in poudriere and then installing the binary packages with pkgng on the managed hosts? > - freebsd-update (crossing . releases, so using the "upgrade" switch) Do you administer freebsd-update within one release with Ansible too? >=20 > Ansible integrates quite nicely with Jinja2, which allows us to=20 > configure/adminstrate all applications we run on FreeBSD servers. Please tell if Jinja2 (which port is that?) has to be installed on the Ansible controller only, or on every managed host? > I think using a framework to administer stuff that is used by many other= =20 > sysadmins makes more sense than writing one's own framework. I don't=20 > know of any other orchestration framework out there that is OS and only= =20 > needs ssh/python in order to function, thats why I use Ansible. Thanks for the positive review! One more question: have you ever had problems and disasters caused by Ansible modules? After all, they are pieces of software written probably by a Linux-minded person modifying your FreeBSD system's vitals. Does it not sound a bit scary? --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --/04w6evG8XlLl3ft Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJdmZX1AAoJEA2k8lmbXsY0y40H/AsxwMGoxWRq2h0ped5gZt4B CNpUqrmytv5zLq2f91lImJJF5t91tmxiHQMWaaa2jofD3DpI8XUlJrijVew0zDb6 CSIfphqNWIZlo0Id09kfan6okJ6iOIdOZvSN1321HJ8SRiJLRJCArk6/iU/7nZsY 7rj1KAfQHFhmmLc5ueuZHvbQiIpnKii0bdiekK45GZhPPMzqcBnC70Cx0X7c7nv2 /So0HF/PI+bBsaUDZpWa0rkl1vT3AYmQBFtE8Okw/fBHeg4GRsI2N+4mT1O6ZvJC G0XC2XDjJnM3hkdM14UJtBlOK6zx9kwnMhdriQy2Z4WkCesSZvc+w6SsqeCFvx8= =GF++ -----END PGP SIGNATURE----- --/04w6evG8XlLl3ft--