jails and ansible

Alain De Vos


Reaction score: 755
Messages: 2,494

This is rather an open question.
I have a jail, i have ansible installed.
To which use can , or do you use ansible, to do what, in the jail.
Maybe you have interesting uses.


Aspiring Daemon

Reaction score: 421
Messages: 727

I once had all of our infrastructure services (e.g. dns slaves, dhcp, radius) set up and managed via ansible.
Each type of service was defined in a playbook, config in git repositories (some with branches for each instance or site if necessary) and e.g. the jail/zone setup boilerplate was defined in other playbooks.
This way the whole installation of a jail or zone for such a service could be performed fully automated. Some jails even ran ansible in pull-configuration (via cron) to automatically pull config updates and e.g. DNS entries and firewall rules got updated upon setup of the new service.

At the time I thought this is a good strategy for disaster-recovery as I could basically spin up all essential services fully automated within a few minutes. OTOH our infrastructure isn't THAT huge and with template jails and configs that reside in git repos anyways, doing it manual won't take that long to justify the overhead and extra time I often had to spend to get/keep this working. Especially because a lot of FreeBSD/Jail/smartOS/zones-related modules had inconsistencies, quirks, bugs or were simply broken and more than once a simple "just add this small thing to the playbook" ended in hour-long bugfixing sessions or even complete rewrites of modules (usually in shell or perl because I absolutely hate Python...)
Plus with basejails and zfs snapshots backups are extremely cheap and simple and just as fast to restore, so my motivation to keep/get this working dwindled more and more...

In theory ansible (or any other orchestration/configuration management system) is really nice to automate and at the same time document everything in your network. If you have a lot of boilerplate stuff on a daily basis going on, this stuff truly shines and will save you a lot of time and prevent errors.
If you have a relatively static network and server landscape, and most servers and service installs are unique, I'd say just install and manage them by hand and put configurations in version control (e.g. git) together with their documentation. Even if you have to reinstall some of them once or twice a year, this is still quicker than the hours spent building and maintaining an orchestration system.