From owner-freebsd-questions@freebsd.org Tue Oct 8 15:26:45 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A0D7612D2FA for ; Tue, 8 Oct 2019 15:26:45 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46nh5w4v7bz46Wv for ; Tue, 8 Oct 2019 15:26:44 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=+uHdVfxFkB/vTvAlv+TxjyBLpB2X2ud0Cx4A+g4VDJ4=; b=LJeL2r9Xs98w6jvCptiLTn3H81 hGTFDcTI/6excdz9XiytoOj2FHVneingHYCZENp0KDdqY/jHPWKMx/y5JYnzVX0iVjQEnc52PMyLI DDLajv2Q9wHGcmBqP9mReXN3wkdoSbEvv5BWrCN2q080FeniAYBWfffy1IfFkswDLPMY=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1iHrNl-000GbD-5L for freebsd-questions@freebsd.org; Tue, 08 Oct 2019 22:26:37 +0700 Date: Tue, 8 Oct 2019 22:26:37 +0700 From: Victor Sudakov To: freebsd-questions@freebsd.org Subject: Re: Ansible for FreeBSD - use cases? Message-ID: <20191008152637.GA63418@admin.sibptus.ru> References: <20191005141507.GA1223@admin.sibptus.ru> <20191006184205.sr4gt3gmnzzzuzua@deathbolt.927589452.space> <20191007042856.GB98441@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ReaqsoxgOBHFXBhH" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 46nh5w4v7bz46Wv X-Spamd-Bar: ------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=LJeL2r9X; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-7.31 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; RCVD_TLS_LAST(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2]; IP_SCORE(-3.21)[ip: (-9.81), ipnet: 2001:19f0:5000::/38(-4.90), asn: 20473(-1.29), country: US(-0.05)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Oct 2019 15:26:45 -0000 --ReaqsoxgOBHFXBhH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Matthew Seaman wrote: > On 07/10/2019 05:28, Victor Sudakov wrote: > > If I have packages in multiple jails, can ansible help me keep them all > > up-to-date? Without sshd inside jails? >=20 > Yes. Ansible has a 'jail connector' which effectively lets you use > jexec(8) to run programs within your jails. It has some limitations: >=20 > - you can only run ansible on the host system to access jails on the > same machine Alas, this would not be useful to me. >=20 > - you have to run ansible as root >=20 > Aside from that, basically you can do anything with ansible inside a > jail that you could do by ssh'ing in. >=20 > There is an improved version of the jail connector floating around on > GitHub which those limitations -- see > https://github.com/austinhyde/ansible-sshjail >=20 > Of course, pkg(8) also has native functionality for managing packages in > jails. eg: Well, ansible's pkgng module does have the "jail" parameter, I've tried it and it works. But it is not very useful because the service module does not have this parameter. This means you can install a daemon in a jail, but you cannot make it start on boot, restart after update etc. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --ReaqsoxgOBHFXBhH Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJdnKqtAAoJEA2k8lmbXsY0PEYH/3IlZ2rggkQfYgXEshSDDNbJ 1SSiXWoCGOVOBrtxV06VkKBsrREXefk4Tm3WWB0gf3wG/NEwzaJPDqqdBM8KF1lV 1c3t1h9Hnkb8YTuRcvZCiC+Ce/yFrvI6mU8sAs6fYUNXfoGpyzjgQ+9WIBQlNMy9 nJkAVRHiZzWTriFWwGzHhXlQPDmVXNsaqBTE/1vth837GjzGZFPHjGqutE+e1R4d 3mwja8axPWtHIhJ2NnIaGwyzZncgKqYDPGGyxF2z1/AziZepQS5TU4m8x/nYhZ+l KXCdO5knGSfClZZuzoVy396BxtiQ5y1quH1CjvO7VoTm+KtGI+1PIqyKrTGezzg= =6QfO -----END PGP SIGNATURE----- --ReaqsoxgOBHFXBhH--