523 iocage template ansible_repos
Use case
Create a jail that provides git repos for ansible-pull. Create iocage template
ansible_repos and configure git-daemon. Create jails from the template and clone repos to the
base-path.
Tree
shell > tree .
.
├── ansible.cfg
├── files
│ └── pkgs.json
├── group_vars
│ ├── all
│ │ └── hosts.yml
│ └── pull_repos
│ └── repos.yml
├── hosts
│ └── 05_iocage.yml
├── host_vars
│ └── iocage_05
│ ├── project.yml
│ └── template.yml
├── iocage.ini
├── pb-iocage-template.yml
└── pb-repos.yml
Synopsis
At a managed node:
Use the role vbotka.freebsd.iocage_template to create the template
ansible_reposIn the playbook vbotka.freebsd.pb_iocage_project_create_from_templates.yml create jails from the template.
In the inventory group
pull_reposclone the repos that will be used by ansible-pull.
Requirements
Note
See the example 311 Configure and start git_daemon
See also
GitHub repositories:
ansible.cfg
[defaults]
callback_result_format = yaml
deprecation_warnings = false
display_skipped_hosts = false
gathering = explicit
interpreter_python = auto_silent
log_path = /var/log/ansible.log
[connection]
pipelining = true
Inventory iocage.ini
iocage_05
[iocage]
iocage_05
[iocage:vars]
ansible_user=admin
ansible_become=true
ansible_python_interpreter=auto_silent
hosts
hosts/05_iocage.yml
plugin: vbotka.freebsd.iocage
host: iocage_05
user: admin
sudo: true
get_properties: true
compose:
iocage_tags: dict(iocage_properties.notes | regex_findall('(\w+)=([\w\-]+)'))
iocage_classes: iocage_properties.notes | regex_findall('(?<=class=)[\w\-]+|(?<=,)[\w\-]+')
# connection plugin vbotka.freebsd.jailexec
ansible_connection: "'vbotka.freebsd.jailexec'"
ansible_jail_host: dict(iocage_properties.notes | regex_findall('(\w+)=([\w\-]+)')).vmm | d('none')
ansible_jail_name: iocage_jid
ansible_jail_privilege_escalation: "'sudo'"
# ansible options
ansible_python_interpreter: "'auto_silent'"
groups:
pull_repos: iocage_classes is contains('repos')
keyed_groups:
- prefix: state
key: iocage_state
- prefix: vmm
key: iocage_tags.vmm
group_vars
group_vars/all/hosts.yml
project_hosts:
defaultrouter: 172.16.99.1
log_server: 172.16.99.10
repos: 172.16.99.21
repos_devel: 172.16.99.22
group_vars/pull_repos/repos.yml
git_daemon_directory: /usr/local/git
git_server: 172.16.97.2
repos:
repos:
ansible-conf-init:
repo: git://{{ git_server }}/ansible-conf-init
ansible-conf-syslogng-server:
repo: git://{{ git_server }}/ansible-conf-syslogng-server
ansible-conf-syslogng-client:
repo: git://{{ git_server }}/ansible-conf-syslogng-client
ansible-conf-test:
repo: git://{{ git_server }}/ansible-conf-test
repos-devel:
ansible-conf-init:
repo: git://{{ git_server }}/ansible-conf-init
ansible-conf-syslogng-server:
repo: git://{{ git_server }}/ansible-conf-syslogng-server
ansible-conf-syslogng-client:
repo: git://{{ git_server }}/ansible-conf-syslogng-client
ansible-conf-test:
repo: git://{{ git_server }}/ansible-conf-test
Note
The repos are cloned from the local mirror at git_server. To reproduce this example, create
your mirror and fit the IP to your needs. See 311 Configure and start git_daemon. Optionally, for testing, clone
the repos from GitHub.
host_vars
host_vars/iocage_05/project.yml
project:
repos:
class: [repos]
template: ansible_repos
vmm: iocage_05
properties:
vnet: 1
defaultrouter: "{{ project_hosts.defaultrouter }}"
ip4_addr: 'vnet0|{{ project_hosts.repos }}/24'
boot: 1
repos-devel:
class: [repos]
template: ansible_repos
vmm: iocage_05
properties:
vnet: 1
defaultrouter: "{{ project_hosts.defaultrouter }}"
ip4_addr: 'vnet0|{{ project_hosts.repos_devel }}/24'
boot: 1
vmm_groups: "{{ dict(project | dict2items | groupby('value.vmm')) }}"
vmm: "{{ dict(vmm_groups.keys() | zip(vmm_groups.values() | map('items2dict'))) }}"
host_vars/iocage_05/template.yml
fit_templates:
ansible_repos:
release: 15.0-RELEASE
pkglist: /tmp/ansible/ansible_pull_repos/pkgs.json
commands: "{{ fit_commands }}"
rcconf: "{{ fit_rcconf | dict2items }}"
properties:
bpf: 1
dhcp: 1
vnet: 1
notes: class=repos
fit_rcconf:
git_daemon_enable: "YES"
git_daemon_directory: "/usr/local/git"
git_daemon_flags: "--syslog --base-path=/usr/local/git --export-all --reuseaddr --detach"
fit_commands:
- mkdir -p /usr/local/git
- chown -R git_daemon:git_daemon /usr/local/git
- chmod -R 755 /usr/local/git
Important
Running git daemon with these specific flags sets up a public, unauthenticated Git server. This configuration is highly efficient for local mirroring, but it completely bypasses authentication and authorization. Ensure the daemon is strictly read-only (which is the default).
files
files/pkgs.json
{
"pkgs": [
"git"
]
}
Playbook pb-iocage-template.yml
---
- name: Create iocage templates.
hosts: iocage
roles:
- vbotka.freebsd.iocage_template
Playbook output - Create iocage templates
(env) > ansible-playbook pb-iocage-template.yml -i iocage.ini
PLAY [Create iocage templates.] ************************************************
TASK [vbotka.freebsd.iocage_template : Setup: Get iocage list of templates.] ***
ok: [iocage_05]
TASK [vbotka.freebsd.iocage_template : Setup: Get activated pool.] *************
ok: [iocage_05]
TASK [vbotka.freebsd.iocage_template : Pkglist: Create directories for pkglist files.] ***
ok: [iocage_05] => (item=ansible_repos /tmp/ansible/ansible_pull_repos)
TASK [vbotka.freebsd.iocage_template : Pkglist: Copy pkglist files.] ***********
ok: [iocage_05] => (item=ansible_repos /tmp/ansible/ansible_pull_repos/pkgs.json)
TASK [vbotka.freebsd.iocage_template : Create: Get iocage list of jails.] ******
ok: [iocage_05]
TASK [vbotka.freebsd.iocage_template : Create: Create templates.] **************
changed: [iocage_05] => (item=ansible_repos 15.0-RELEASE)
TASK [vbotka.freebsd.iocage_template : Start: Get iocage list of jails.] *******
ok: [iocage_05]
TASK [vbotka.freebsd.iocage_template : Start: Start created templates.] ********
ok: [iocage_05]
TASK [vbotka.freebsd.iocage_template : Commands: Execute commands.] ************
ok: [iocage_05] => (item=ansible_repos > mkdir -p /usr/local/git)
ok: [iocage_05] => (item=ansible_repos > chown -R git_daemon:git_daemon /usr/local/git)
ok: [iocage_05] => (item=ansible_repos > chmod -R 755 /usr/local/git)
TASK [vbotka.freebsd.iocage_template : Rcconf: Configure /etc/rc.conf] *********
changed: [iocage_05] => (item=ansible_repos git_daemon_enable YES)
changed: [iocage_05] => (item=ansible_repos git_daemon_directory /usr/local/git)
changed: [iocage_05] => (item=ansible_repos git_daemon_flags --syslog --base-path=/usr/local/git --export-all --reuseaddr --detach)
TASK [vbotka.freebsd.iocage_template : Stop: Get iocage list of jails.] ********
ok: [iocage_05]
TASK [vbotka.freebsd.iocage_template : Stop: Stop jails.] **********************
ok: [iocage_05]
TASK [vbotka.freebsd.iocage_template : Template: Set template.] ****************
ok: [iocage_05] => (item=ansible_repos)
PLAY RECAP *********************************************************************
iocage_05 : ok=13 changed=2 unreachable=0 failed=0 skipped=32 rescued=0 ignored=0
List templates
shell > ssh admin@iocage_05 sudo iocage list -lt
+------+---------------+------+-------+----------+--------------+--------------------+-----+----------+----------+
| JID | NAME | BOOT | STATE | TYPE | RELEASE | IP4 | IP6 | TEMPLATE | BASEJAIL |
+======+===============+======+=======+==========+==============+====================+=====+==========+==========+
| None | ansible_repos | off | down | template | 15.0-RELEASE | DHCP (not running) | - | - | no |
+------+---------------+------+-------+----------+--------------+--------------------+-----+----------+----------+
Playbook output - Create project jails from iocage templates
(env) > ansible-playbook vbotka.freebsd.pb_iocage_project_create_from_templates.yml -i iocage.ini -i hosts
PLAY [Create and start project jails from iocage templates.] *******************
TASK [Setup: Get activated pool.] **********************************************
ok: [iocage_05]
TASK [Create jails.] ***********************************************************
ok: [iocage_05] => (item=repos-devel)
ok: [iocage_05] => (item=repos)
TASK [Set properties.] *********************************************************
ok: [iocage_05] => (item=repos)
ok: [iocage_05] => (item=repos-devel)
TASK [Start jails.] ************************************************************
ok: [iocage_05]
PLAY RECAP *********************************************************************
iocage_05 : ok=4 changed=0 unreachable=0 failed=0 skipped=8 rescued=0 ignored=0
List jails
shell > ssh admin@iocage_05 sudo iocage list -l
+-----+-------------+------+-------+------+--------------+-----------------------+-----+---------------+----------+
| JID | NAME | BOOT | STATE | TYPE | RELEASE | IP4 | IP6 | TEMPLATE | BASEJAIL |
+=====+=============+======+=======+======+==============+=======================+=====+===============+==========+
| 12 | repos | on | up | jail | 15.0-RELEASE | vnet0|172.16.99.21/24 | - | ansible_repos | no |
+-----+-------------+------+-------+------+--------------+-----------------------+-----+---------------+----------+
| 13 | repos-devel | on | up | jail | 15.0-RELEASE | vnet0|172.16.99.22/24 | - | ansible_repos | no |
+-----+-------------+------+-------+------+--------------+-----------------------+-----+---------------+----------+
Playbook pb-repos.yml
---
- name: Clone repos.
hosts: pull_repos
tasks:
- name: Clone repos.
ansible.builtin.git:
repo: "{{ item.value.repo }}"
dest: "{{ git_daemon_directory }}/{{ item.key }}"
loop: "{{ repos[inventory_hostname] | dict2items }}"
- name: Git config safe.directory.
ansible.builtin.shell:
cmd: >
cd {{ git_daemon_directory }}/{{ item.key }};
git config --global --add safe.directory {{ git_daemon_directory }}/{{ item.key }}
loop: "{{ repos[inventory_hostname] | dict2items }}"
- name: Change ownership of repos.
ansible.builtin.file:
path: "{{ git_daemon_directory }}/{{ item.key }}"
state: directory
owner: git_daemon
group: git_daemon
recurse: true
loop: "{{ repos[inventory_hostname] | dict2items }}"
Playbook output - Clone repos
(env) > ansible-playbook pb-repos.yml -i hosts
PLAY [Clone repos.] ************************************************************
TASK [Clone repos.] ************************************************************
changed: [repos-devel] => (item={'key': 'ansible-conf-init', 'value': {'repo': 'git://172.16.97.2/ansible-conf-init'}})
changed: [repos] => (item={'key': 'ansible-conf-init', 'value': {'repo': 'git://172.16.97.2/ansible-conf-init'}})
changed: [repos-devel] => (item={'key': 'ansible-conf-syslogng-server', 'value': {'repo': 'git://172.16.97.2/ansible-conf-syslogng-server'}})
changed: [repos] => (item={'key': 'ansible-conf-syslogng-server', 'value': {'repo': 'git://172.16.97.2/ansible-conf-syslogng-server'}})
changed: [repos-devel] => (item={'key': 'ansible-conf-syslogng-client', 'value': {'repo': 'git://172.16.97.2/ansible-conf-syslogng-client'}})
changed: [repos] => (item={'key': 'ansible-conf-syslogng-client', 'value': {'repo': 'git://172.16.97.2/ansible-conf-syslogng-client'}})
changed: [repos-devel] => (item={'key': 'ansible-conf-test', 'value': {'repo': 'git://172.16.97.2/ansible-conf-test'}})
changed: [repos] => (item={'key': 'ansible-conf-test', 'value': {'repo': 'git://172.16.97.2/ansible-conf-test'}})
TASK [Git config safe.directory.] **********************************************
changed: [repos-devel] => (item={'key': 'ansible-conf-init', 'value': {'repo': 'git://172.16.97.2/ansible-conf-init'}})
changed: [repos] => (item={'key': 'ansible-conf-init', 'value': {'repo': 'git://172.16.97.2/ansible-conf-init'}})
changed: [repos-devel] => (item={'key': 'ansible-conf-syslogng-server', 'value': {'repo': 'git://172.16.97.2/ansible-conf-syslogng-server'}})
changed: [repos] => (item={'key': 'ansible-conf-syslogng-server', 'value': {'repo': 'git://172.16.97.2/ansible-conf-syslogng-server'}})
changed: [repos-devel] => (item={'key': 'ansible-conf-syslogng-client', 'value': {'repo': 'git://172.16.97.2/ansible-conf-syslogng-client'}})
changed: [repos] => (item={'key': 'ansible-conf-syslogng-client', 'value': {'repo': 'git://172.16.97.2/ansible-conf-syslogng-client'}})
changed: [repos] => (item={'key': 'ansible-conf-test', 'value': {'repo': 'git://172.16.97.2/ansible-conf-test'}})
changed: [repos-devel] => (item={'key': 'ansible-conf-test', 'value': {'repo': 'git://172.16.97.2/ansible-conf-test'}})
TASK [Change ownership of repos.] **********************************************
changed: [repos-devel] => (item={'key': 'ansible-conf-init', 'value': {'repo': 'git://172.16.97.2/ansible-conf-init'}})
changed: [repos] => (item={'key': 'ansible-conf-init', 'value': {'repo': 'git://172.16.97.2/ansible-conf-init'}})
changed: [repos-devel] => (item={'key': 'ansible-conf-syslogng-server', 'value': {'repo': 'git://172.16.97.2/ansible-conf-syslogng-server'}})
changed: [repos] => (item={'key': 'ansible-conf-syslogng-server', 'value': {'repo': 'git://172.16.97.2/ansible-conf-syslogng-server'}})
changed: [repos] => (item={'key': 'ansible-conf-syslogng-client', 'value': {'repo': 'git://172.16.97.2/ansible-conf-syslogng-client'}})
changed: [repos-devel] => (item={'key': 'ansible-conf-syslogng-client', 'value': {'repo': 'git://172.16.97.2/ansible-conf-syslogng-client'}})
changed: [repos] => (item={'key': 'ansible-conf-test', 'value': {'repo': 'git://172.16.97.2/ansible-conf-test'}})
changed: [repos-devel] => (item={'key': 'ansible-conf-test', 'value': {'repo': 'git://172.16.97.2/ansible-conf-test'}})
PLAY RECAP *********************************************************************
repos : ok=3 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
repos-devel : ok=3 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
List repos
shell > ssh admin@iocage_05 sudo iocage exec repos ls -la /usr/local/git
total 195
drwxr-xr-x 6 git_daemon git_daemon 6 Jun 18 05:10 .
drwxr-xr-x 11 root wheel 11 Jun 18 05:09 ..
drwxr-xr-x 6 git_daemon git_daemon 12 Jun 18 05:10 ansible-conf-init
drwxr-xr-x 6 git_daemon git_daemon 12 Jun 18 05:10 ansible-conf-syslogng-client
drwxr-xr-x 5 git_daemon git_daemon 11 Jun 18 05:10 ansible-conf-syslogng-server
drwxr-xr-x 3 git_daemon git_daemon 9 Jun 18 05:10 ansible-conf-test