Date: Mon, 7 Oct 2019 09:18:55 +0200 From: Ruben <mail@osfux.nl> To: Victor Sudakov <vas@sibptus.ru>, freebsd-questions@freebsd.org Subject: Re: Ansible for FreeBSD - use cases? Message-ID: <ea2911cf-4787-18e9-95a9-02b24720f4c9@osfux.nl> In-Reply-To: <20191007042235.GA98441@admin.sibptus.ru> References: <20191005141507.GA1223@admin.sibptus.ru> <aa417bc5-c0cf-bda3-1750-7342726633ac@osfux.nl> <20191006072125.GA83898@admin.sibptus.ru> <8f645b64-059d-dab2-d08c-d608b645451b@osfux.nl> <20191007042235.GA98441@admin.sibptus.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
stuff snipped On 10/7/19 6:22 AM, Victor Sudakov wrote: > Ruben wrote: >>>> - freebsd-update (crossing . releases, so using the "upgrade" switch) >>> >>> Do you administer freebsd-update within one release with Ansible too? >>> >> >> Yes, that works nicely (since it doesn't require interaction). > > Maybe you have been lucky, but for me freebsd-update sometimes drops > into interactive mode to resolve conflicts in /etc > freebsd-update within the same point release works nicely. So 11.2.* . The moment I use the upgrade switch to change to 11.3 for instance, the pain starts. Its a real shame its this difficult. I've tried all sorts of pre-seeding , freebsd-update.conf options, caching servers, adjusting freebsd-update, etc. I spent hours on trying to smoothe this. A co-worker came up with a better solution I think: just unpack the new distribution on top of everything that is in place (keep a list of configfiles that were overwritten, script script etc). Ofc , this has its drawbacks as wel, but should we decide to spend any more time on this (prior to the pkgng of base solution) that will be our next attempt. The situation atm is terrible if I compare it to other OS'ses I manage with ansible. Normally we just delete a vm and redeploy it with the new OS, but since we use FreeBSD a lot for fileservers, this is not always possible. Im curious how others solve this (freebsd-update with orchestration tools). >> What other modules were you contemplating on using / what is your usecase? > > A good question. Let me remember the most tedious tasks. > > 1. I already distribute some configuration files (like > squid white- and blacklists, hosts.allow, sysutils/vm-bhyve templates > etc) with net/rdist6. I may replace rdist by ansible if it's more > flexible (rdist cannot edit files, only replaces if newer). > The "copy", "lineinfile" and "blockinfile" modules are for that, right? > Yes. You could also try using the "template" module. If you use the template module, you can generate the configfiles (or feed "blockinfile" for instance) based on jinja2 templates you keep. > 2. Installation of packages (from the single repo I keep) and keeping > them up-to-date. In jails too. > > 3. User and group management certainly. In jails too. > > 4. Creation/destruction/configuraton of a) jails and b) VMs in vm-bhyve. > I have very limited experience with running jails, let alone managing them with ansible. I do manage a couple of bhyve machines, but without the vm-bhyve framework. I just use ansible to execute shellscripts on the hypvervisors, no fancy stuff there. > 5. The management of Let's Encrypt certs (I use acme.sh currently). Do I > even need ansible for that? > I don't think you "need" ansible, cron might be better suited? Regards, Ruben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ea2911cf-4787-18e9-95a9-02b24720f4c9>