From owner-freebsd-questions@freebsd.org Sat Oct 5 20:43:34 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4146813C9C0 for ; Sat, 5 Oct 2019 20:43:34 +0000 (UTC) (envelope-from mail@osfux.nl) Received: from vm1982.osfux.nl (vm1982.osfux.nl [79.99.187.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46lzGs16mCz46p3 for ; Sat, 5 Oct 2019 20:43:32 +0000 (UTC) (envelope-from mail@osfux.nl) Received: from vm1982.osfux.nl (localhost [127.0.0.1]) by vm1982.osfux.nl (Postfix) with ESMTP id 8D45E2011C; Sat, 5 Oct 2019 22:35:15 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=osfux.nl; s=default; t=1570307717; bh=bosakrFNYyRBoth0o+QM2rbGUkmPiu6xv162kQZFzB8=; h=Subject:To:References:From:Date:In-Reply-To; b=kpjIftBjyb/x04MHm+vJmR9vdQaDTbpH1ecF7SMZildrOcFvsp6yRxhM9Yu/RTL/V 4x0o7UlSkj24voDW+ILwAUnn8NnGJFIaxDtD6xQiRA3cTbXP67eWNMyw/B9B6SIIB+ QNbwZcKEROWkoHK8DPCk7TqOi7b6sQSR+HC2M9A9KD5O8PhJuqqiudQyZP4LMVrZYH UwOc7kiaMcFF8DzNlmpZDKGXibtXwgGYJc3y9zKaR7hdAwqYKaT877AyLBPUqJkfFN TWG7D5rsILPWtaZ6Unggw7jB6xiS0yprGWXwbKuW8/oniD7jcJ4D1xLJEVw8YQjBWl koGpwTFRnK9a/kRbj1lvcSIde7W2m961tpA1aTaa4Be/gccfBrmS33BA/l4LWWNAEk 82PRv2tRFiqXf/r0i9mlG6fbk/8P9Bqcpuu3SGK+DoAf44L3X6q1U39Vo/+Ta/RGBO oT02a4pjA3i1rsb1BZ30V+N0B4EzLSiTfzGotWaIfZaz9L1JHp7FotKCIy8L1mjDgF 6fQgvoMSdOXJ8nfPpFB+3iNZHDwKTmQUc6Ci/+BlHFwh5x9XC3yDAWQYJG2yzL6IRR xhUqUj3i9RHTXSe9AZdPPNAesl18cwQCNrT9AfblH0KGYnD5IX8qKf0FEWwK4F8qxG iabCRntXlCWIqClTqCpyB7yA= X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on vm1982.osfux.nl Received: from [192.168.178.23] (217-120-180-31.cable.dynamic.v4.ziggo.nl [217.120.180.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by vm1982.osfux.nl (Postfix) with ESMTPSA; Sat, 5 Oct 2019 22:35:15 +0200 (CEST) Subject: Re: Ansible for FreeBSD - use cases? To: Victor Sudakov , freebsd-questions@freebsd.org References: <20191005141507.GA1223@admin.sibptus.ru> From: Ruben Message-ID: Date: Sat, 5 Oct 2019 22:35:22 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <20191005141507.GA1223@admin.sibptus.ru> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 46lzGs16mCz46p3 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=osfux.nl header.s=default header.b=kpjIftBj; dmarc=pass (policy=none) header.from=osfux.nl; spf=pass (mx1.freebsd.org: domain of mail@osfux.nl designates 79.99.187.212 as permitted sender) smtp.mailfrom=mail@osfux.nl X-Spamd-Result: default: False [-1.82 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[osfux.nl:s=default]; NEURAL_HAM_MEDIUM(-0.97)[-0.967,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[osfux.nl:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[osfux.nl,none]; IP_SCORE(0.14)[asn: 8315(0.71), country: NL(0.02)]; RECEIVED_SPAMHAUS_PBL(0.00)[31.180.120.217.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8315, ipnet:79.99.184.0/21, country:NL]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Oct 2019 20:43:34 -0000 Hi, I've been using ansible in production for both Linux and FreeBSD for a couple of years now. There are about 150 Linux servers and 50 FreeBSD our team manages. Our main usecases for using ansible specifically on/for FreeBSD targets: - user management The user modules are running fine on FreeBSD. - pf management The blockinfile module together with jinja2 functionality really kicks ass. - setting up GELI/ZFS/NFS We use several modules to orchestrate zfs fileservers: blockinfile, raw/shell , service, etc - maintaining haproxy installations blockinfile (with jinja2) / service modules Using ansible to orchestrate FreeBSD servers just works. We can use native modules for most of our payloads, using the shell/raw modules for other stuff; there really is nothing we cannot do. The only stuff that - in my experience - is cumbersome to orchestrate with Ansible: - portstree compiles (for which we (try) to use portmaster with the Q branches of the portstree) - freebsd-update (crossing . releases, so using the "upgrade" switch) I, for one, cannot wait to see the functionality provided by the freebsd-update tool lifted to pkgng. From an Ansible point of view this would decomplicate stuff quite a lot. Ansible integrates quite nicely with Jinja2, which allows us to configure/adminstrate all applications we run on FreeBSD servers. I think using a framework to administer stuff that is used by many other sysadmins makes more sense than writing one's own framework. I don't know of any other orchestration framework out there that is OS and only needs ssh/python in order to function, thats why I use Ansible. Regards, Ruben On 10/5/19 4:15 PM, Victor Sudakov wrote: > Dear Colleagues, > > Is anyone using ansible on FreeBSD for anything useful in production? > > I understand the power of ansible is in its modules. If there is no > module for your task, you are in a fix. > > I've experimented with the pkgng module, it does install packages :-) > Most modules are meant for Linux however. > > What FreeBSD tasks do you automate with ansible, and with what modules? > > I use net/rdist6 to update some configs on remote hosts, so I don't > think I'll benefit much from file copying modules of ansible. >