003 Audit iocage host
Use case
Use the role vbotka.freebsd.iocage to audit the iocage configuration.
Tree
shell> tree
.
├── ansible.cfg
├── host_vars
│ ├── iocage_02
│ │ └── iocage.yml
│ └── iocage_04
│ └── iocage.yml
├── iocage.ini
└── pb-iocage.yml
Synopsis
At the managed node
iocage_04In the playbook
pb-iocage.yml, use the rolevbotka.freebsd.iocageto:audit the iocage configuration.
Requirements
root privilege in the managed nodes
binary iocage.
Notes
Put
-l iocage_02into the run-strings to run the play on the iocage hostiocage_02Remove the limits
-l iocage_0*to run the play on all managed nodes.By default, sanity testing is enabled
freebsd_iocage_sanity: true
See also
The tasks
roles/iocage/tasks/sanity.ymlThe default variables
roles/iocage/main/sanity.yml
ansible.cfg
[defaults]
gathering = explicit
callback_result_format = yaml
display_skipped_hosts = false
[connection]
pipelining = true
Inventory iocage.ini
iocage_02 ansible_host=10.1.0.73
iocage_04 ansible_host=10.1.0.29
[iocage]
iocage_02
iocage_04
[iocage:vars]
ansible_user=admin
ansible_become=true
ansible_python_interpreter=auto_silent
host_vars
host_vars/iocage_02/iocage.yml
freebsd_iocage_pool: zroot
freebsd_iocage_pool_mount: /zroot
freebsd_iocage_sanity_zfs_pool_active: true
host_vars/iocage_04/iocage.yml
freebsd_iocage_pool: iocage
freebsd_iocage_pool_mount: /iocage
freebsd_iocage_sanity_zfs_pool_active: true
Note
By default, the activation testing is disabled
freebsd_iocage_sanity_zfs_pool_active: false
Playbook pb-iocage.yml
- hosts: iocage
gather_facts: true
roles:
- vbotka.freebsd.iocage
Playbook output - Test sanity
(env) > ansible-playbook pb-iocage.yml -i iocage.ini -l iocage_04 \
-t freebsd_iocage_sanity
PLAY [iocage] ******************************************************************
TASK [Gathering Facts] *********************************************************
ok: [iocage_04]
TASK [vbotka.freebsd.iocage : Sanity: Service start, restart, and stop are mutually exclusive] ***
ok: [iocage_04]
TASK [vbotka.freebsd.iocage : Sanity: Get environment.] ************************
ok: [iocage_04]
TASK [vbotka.freebsd.iocage : Sanity: Environment LANG = en_US.UTF-8] **********
ok: [iocage_04]
TASK [vbotka.freebsd.iocage : Sanity: Environment LC_COLLATE = C] **************
ok: [iocage_04]
TASK [vbotka.freebsd.iocage : Sanity: Get mounts] ******************************
ok: [iocage_04]
TASK [vbotka.freebsd.iocage : Sanity: /dev/fd mounted to fdescfs] **************
ok: [iocage_04]
TASK [vbotka.freebsd.iocage : Sanity: Get sysctl kern.conftxt] *****************
ok: [iocage_04]
TASK [vbotka.freebsd.iocage : Sanity: Mandatory kernel options VIMAGE, RACCT, and RCTL.] ***
ok: [iocage_04]
TASK [vbotka.freebsd.iocage : Sanity: Read /boot/loader.conf] ******************
ok: [iocage_04]
TASK [vbotka.freebsd.iocage : Sanity: kern.racct.enable = 1] *******************
ok: [iocage_04]
TASK [vbotka.freebsd.iocage : Sanity: Get sysctl security.jail.jailed] *********
ok: [iocage_04]
TASK [vbotka.freebsd.iocage : Sanity: Not in jail.] ****************************
ok: [iocage_04]
TASK [vbotka.freebsd.iocage : Sanity: Get ZFS pools.] **************************
ok: [iocage_04]
TASK [vbotka.freebsd.iocage : Sanity: ZFS pool exists.] ************************
ok: [iocage_04]
TASK [vbotka.freebsd.iocage : Sanity: Get ZFS datasets.] ***********************
ok: [iocage_04]
TASK [vbotka.freebsd.iocage : Sanity: ZFS pool activated.] *********************
ok: [iocage_04]
PLAY RECAP *********************************************************************
iocage_04 : ok=17 changed=0 unreachable=0 failed=0 skipped=9 rescued=0 ignored=0
Playbook output - Test sanity quietly
(env) > ANSIBLE_DISPLAY_OK_HOSTS=false \
ANSIBLE_DISPLAY_SKIPPED_HOSTS=false \
ansible-playbook pb-iocage.yml -i iocage.ini -l iocage_04 \
-t freebsd_iocage_sanity
PLAY [iocage] ******************************************************************
PLAY RECAP *********************************************************************
iocage_04 : ok=17 changed=0 unreachable=0 failed=0 skipped=9 rescued=0 ignored=0