Ansible implements a native jail connector. Unfortunately it doesn’t permit to connect to remote jails, only locally.
Searching on Internet, Austin Hyde produced an Ansible plugin to connect remotely to FreeBSD jails.
The only drawback is that plugins is quite old. It doesn’t work on recent Ansible versions (starting with 2.12), and there is a bug with become implementation too. I proposed a Pull Request to the author, in order to fix the problem. It adds missing Ansible 2.12 SSH parameters and fix errored enforced become call.
This plugin is really good in terms of design. It implements only the jail part over native Ansible SSH connection plugin. No wheel reinvent !
To implement this Ansible connection plugin we just have to create a folder to host our custom connection plugins at the Ansible playbook root:
~/ansible> mkdir -p plugins/connection
We edit the ansible.cfg file, which is either present at Ansible playbook code root or elsewhere on your filesystem, in order to read connection plugins:xion:
connection_plugins = ./plugins/connection
Now we can connect to our FreeBSD jail by declaring it like this in our inventory:
[jails]
jail01@jailhost.example.org ansible_connection=sshjail ansible_ssh_user=root
jail02@jailhost.example.org ansible_connection=sshjail ansible_ssh_user=nonpriv ansible_become=yes
You can see that you have 2 ways to connect to jailhost, using root user or not.
Let’s play the following playbook:
---
- hosts: jails
tasks:
- debug: var=ansible_hostname
It produces the following result:
ansible-playbook -i test_inventory playbooks/testjail.yml -D -v
Using ~/ansible/ansible.cfg as config file
PLAY [jails] ********************************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] ****************************************************************************************************************************************************************************************************************************************
[WARNING]: Platform freebsd on host jail01@jailhost.example.org is using the discovered Python interpreter at /usr/local/bin/python3.8, but future installation of another Python interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-core/2.12/reference_appendices/interpreter_discovery.html for more information.
ok: [nsd01@jailhost.example.org]
TASK [debug] **************************************************************************************************************************************************************************************************************************************************
ok: [jail01@jailhost.example.org] => {
"ansible_hostname": "jail01"
}
PLAY RECAP ****************************************************************************************************************************************************************************************************************************************************
jail01@jailhost.example.org : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
We can now manage our FreeBSD jails remotely through SSH. Don’t forget to install python package on FreeBSD jails.