From owner-freebsd-questions@freebsd.org Sun Nov 27 14:08:08 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 54545C55EC0 for ; Sun, 27 Nov 2016 14:08:08 +0000 (UTC) (envelope-from ml@netfence.it) Received: from smtp206.alice.it (smtp206.alice.it [82.57.200.102]) by mx1.freebsd.org (Postfix) with ESMTP id DC973A68 for ; Sun, 27 Nov 2016 14:08:07 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.ventu (79.50.22.100) by smtp206.alice.it (8.6.060.28) (authenticated as acanedi@alice.it) id 583578F40106461C for freebsd-questions@freebsd.org; Sun, 27 Nov 2016 15:02:23 +0100 Received: from alamar.ventu (alamar.local.netfence.it [10.1.2.18]) by soth.ventu (8.15.2/8.15.2) with ESMTP id uARE2K5e061878 for ; Sun, 27 Nov 2016 15:02:23 +0100 (CET) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.ventu: Host alamar.local.netfence.it [10.1.2.18] claimed to be alamar.ventu From: Andrea Venturoli Subject: Ansible and jails To: freebsd-questions@freebsd.org Message-ID: <34b5beb3-b942-d1c9-aa67-25bb9597ea98@netfence.it> Date: Sun, 27 Nov 2016 15:02:20 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.5.0 MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Nov 2016 14:08:08 -0000 Hello. I'm digging into sysutil/ansible and I'd welcome some suggestion on how to manage jails. Right now I'm still trying to be able to run simple commands and I'll deal with playbooks later. Since I've already an ssh user with a proper key in place, I'm able to run commands on every host as an unprivileged user. I've put root passwords in vaults, so I can "become" through su. So now I can issue commands like: > ansible basehost --ask-vault-pass -b -m shell -a "ezjail-admin console -e 'command' jailname" This however has two disadvantages: it's not simple and requires me to issue multiple commands, since I cannot address base hosts and jails at the same time. I'd like to be able to get info from every base host and every jail within, with something like: > ansible all --ask-vault-pass -b -m shell -a "perl -v" So I looked if there's a way to do this and found several solutions; none works for me though. Bundled with Ansible comes a "jail" connector plugin, also described here: > https://www.keltia.net/howtos/jail-mgmt-with-ansible/ However, it looks like it's a "local" plugin, so it won't work on jails on remote hosts. I guess I could setup ansible on every base host and let a "main" ansible instance control "child" ansible instances, but that would be a quite complicated setup. There's >https://github.com/austinhyde/ansible-sshjail However, it's only compatible with sysutil/ansible1, not sysutil/ansible and I'd like to use the latter. Furthermore I wasn't able to make it work: it seems to get stuck in the "become" phase (possibly because I want to use su, not sudo?). Any other hint? How do you manage jails with ansible? bye & Thanks av.