Ansible for FreeBSD - use cases?

Ruben mail at osfux.nl
Sun Oct 6 08:25:30 UTC 2019 

Hi Victor,

On 10/6/19 9:21 AM, Victor Sudakov wrote:
> Ruben wrote:
>>

Stuff snipped.

> 
> Did you consider compiling centrally in poudriere and then installing
> the binary packages with pkgng on the managed hosts?

I haven't considered it seriously. Mainly because I have no experience 
with using poudriere whatsoever, partly because it only covers 
fringe-cases in our usage.

> 
>> - freebsd-update (crossing . releases, so using the "upgrade" switch)
> 
> Do you administer freebsd-update within one release with Ansible too?
> 

Yes, that works nicely (since it doesn't require interaction).

>>
>> Ansible integrates quite nicely with Jinja2, which allows us to
>> configure/adminstrate all applications we run on FreeBSD servers.
> 
> Please tell if Jinja2 (which port is that?) has to be installed on the
> Ansible controller only, or on every managed host?

You would only need it on the ansible host. I think it's even a 
requirement for running ansible, but i'm not sure. The package I have 
currently installed on an FreeBSD ansible controller: py27-Jinja2-2.10.1 .

> 
>> I think using a framework to administer stuff that is used by many other
>> sysadmins makes more sense than writing one's own framework. I don't
>> know of any other orchestration framework out there that is OS and only
>> needs ssh/python in order to function, thats why I use Ansible.
> 
> Thanks for the positive review! One more question: have you ever had
> problems and disasters caused by Ansible modules? After all, they are
> pieces of software written probably by a Linux-minded person modifying
> your FreeBSD system's vitals. Does it not sound a bit scary?

I totally agree : it is scary. Especially the packetfilter/firewall and 
user management stuff. As you are probably well aware AWS for instance 
doesn't provide console access to its ec2 instances. If a playbook/role 
screws up, customers miss an often very vital part of their infrastructure.

If you test playbooks/roles on non-production deployments prior to 
running them on live stuff its suddenly a lot less scary and I have 
never come accross disaster scenarios. The user management modules - in 
my experience - are rock-solid. The 
"lininfile,blockinfile,raw,shell,command" modules as well. What other 
modules were you contemplating on using / what is your usecase?

Regards,

Ruben









> 
>

More information about the freebsd-questions mailing list