Date: Sun, 6 Oct 2019 10:25:14 +0200 From: Ruben <mail@osfux.nl> To: Victor Sudakov <vas@sibptus.ru>, freebsd-questions@freebsd.org Subject: Re: Ansible for FreeBSD - use cases? Message-ID: <8f645b64-059d-dab2-d08c-d608b645451b@osfux.nl> In-Reply-To: <20191006072125.GA83898@admin.sibptus.ru> References: <20191005141507.GA1223@admin.sibptus.ru> <aa417bc5-c0cf-bda3-1750-7342726633ac@osfux.nl> <20191006072125.GA83898@admin.sibptus.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Victor, On 10/6/19 9:21 AM, Victor Sudakov wrote: > Ruben wrote: >> Stuff snipped. > > Did you consider compiling centrally in poudriere and then installing > the binary packages with pkgng on the managed hosts? I haven't considered it seriously. Mainly because I have no experience with using poudriere whatsoever, partly because it only covers fringe-cases in our usage. > >> - freebsd-update (crossing . releases, so using the "upgrade" switch) > > Do you administer freebsd-update within one release with Ansible too? > Yes, that works nicely (since it doesn't require interaction). >> >> Ansible integrates quite nicely with Jinja2, which allows us to >> configure/adminstrate all applications we run on FreeBSD servers. > > Please tell if Jinja2 (which port is that?) has to be installed on the > Ansible controller only, or on every managed host? You would only need it on the ansible host. I think it's even a requirement for running ansible, but i'm not sure. The package I have currently installed on an FreeBSD ansible controller: py27-Jinja2-2.10.1 . > >> I think using a framework to administer stuff that is used by many other >> sysadmins makes more sense than writing one's own framework. I don't >> know of any other orchestration framework out there that is OS and only >> needs ssh/python in order to function, thats why I use Ansible. > > Thanks for the positive review! One more question: have you ever had > problems and disasters caused by Ansible modules? After all, they are > pieces of software written probably by a Linux-minded person modifying > your FreeBSD system's vitals. Does it not sound a bit scary? I totally agree : it is scary. Especially the packetfilter/firewall and user management stuff. As you are probably well aware AWS for instance doesn't provide console access to its ec2 instances. If a playbook/role screws up, customers miss an often very vital part of their infrastructure. If you test playbooks/roles on non-production deployments prior to running them on live stuff its suddenly a lot less scary and I have never come accross disaster scenarios. The user management modules - in my experience - are rock-solid. The "lininfile,blockinfile,raw,shell,command" modules as well. What other modules were you contemplating on using / what is your usecase? Regards, Ruben > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8f645b64-059d-dab2-d08c-d608b645451b>