018 Clone basejails. Use DHCP.
Extending example 010 Clone basejails and create inventory.
Use case
Use DHCP to configure the interfaces.
Tree
shell> tree .
.
├── ansible.cfg
├── host_vars
│ ├── iocage_02
│ │ └── iocage.yml
│ └── iocage_04
│ └── iocage.yml
├── iocage.ini
├── iocage.yml
├── pb-iocage-clone-list.yml
└── pb-test.yml
Synopsis
At two managed nodes:
iocage_02
iocage_04
In the playbook
pb-iocage-clone-list.yml, use the module vbotka.freebsd.iocage to:clone 3 jails from the basejail
start all jails
display lists of jails.
At the iocage host
iocage_02In the playbook
pb-test.yml, use the inventory plugin vbotka.freebsd.iocage to:create the inventory groups and compose variables
display the hosts and composed variables in the group
test.
Requirements
jails
ansible_clientcreated in 010 Clone basejails and create inventory
Jails at iocage_02
[iocage_02]# iocage list -l
+------+----------------+------+-------+------+-----------------+-----+-----+----------+----------+
| JID | NAME | BOOT | STATE | TYPE | RELEASE | IP4 | IP6 | TEMPLATE | BASEJAIL |
+======+================+======+=======+======+=================+=====+=====+==========+==========+
| None | ansible_client | off | down | jail | 14.3-RELEASE-p8 | - | - | - | yes |
+------+----------------+------+-------+------+-----------------+-----+-----+----------+----------+
Jails at iocage_04
[iocage_04]# iocage list -l
+------+----------------+------+-------+------+-----------------+-----+-----+----------+----------+
| JID | NAME | BOOT | STATE | TYPE | RELEASE | IP4 | IP6 | TEMPLATE | BASEJAIL |
+======+================+======+=======+======+=================+=====+=====+==========+==========+
| None | ansible_client | off | down | jail | 15.0-RELEASE-p3 | - | - | - | yes |
+------+----------------+------+-------+------+-----------------+-----+-----+----------+----------+
ansible.cfg
[defaults]
gathering = explicit
callback_result_format = yaml
display_skipped_hosts = false
[connection]
pipelining = true
Inventory iocage.ini
iocage_02 ansible_host=10.1.0.73
iocage_04 ansible_host=10.1.0.29
[iocage]
iocage_02
iocage_04
[iocage:vars]
ansible_user=admin
ansible_become=true
ansible_python_interpreter=auto_silent
host_vars
host_vars/iocage_02/iocage.yml
properties:
bpf: 1
dhcp: 1
vnet: 1
clones:
- {name: test_111, clone_from: ansible_client}
- {name: test_112, clone_from: ansible_client}
- {name: test_113, clone_from: ansible_client}
iocage_env:
CRYPTOGRAPHY_OPENSSL_NO_LEGACY: 1
host_vars/iocage_04/iocage.yml
properties:
bpf: 1
dhcp: 1
vnet: 1
clones:
- {name: test_131, clone_from: ansible_client}
- {name: test_132, clone_from: ansible_client}
- {name: test_133, clone_from: ansible_client}
Playbook pb-iocage-clone-list.yml
- hosts: iocage
environment: "{{ iocage_env | d({}) }}"
vars:
attr_debug: [jid, ip4, release, state]
tasks:
- name: Clone basejail.
tags: clone
vbotka.freebsd.iocage:
state: cloned
clone_from: "{{ item.clone_from }}"
name: "{{ item.name }}"
properties: "{{ [properties, item.properties|d({})] | combine }}"
loop: "{{ clones }}"
- name: Start clones.
tags: start
vbotka.freebsd.iocage:
state: started
name: "{{ item.name }}"
loop: "{{ clones }}"
loop_control:
label: "{{ item.name }}"
- name: Display jails
tags: debug
block:
- name: Create Ansible facts iocage_*
vbotka.freebsd.iocage:
- name: Display jails.
debug:
msg: |
{% for jail, attr in ansible_facts.iocage_jails.items() %}
{{ jail }} {{ attr_debug | map('extract', attr) | join(' ') }}
{% endfor %}
Playbook output - clone, start, and list
(env) > ansible-playbook pb-iocage-clone-list.yml -i iocage.ini
PLAY [iocage] ******************************************************************
TASK [Clone basejail.] *********************************************************
changed: [iocage_04] => (item={'name': 'test_131', 'clone_from': 'ansible_client'})
changed: [iocage_04] => (item={'name': 'test_132', 'clone_from': 'ansible_client'})
changed: [iocage_04] => (item={'name': 'test_133', 'clone_from': 'ansible_client'})
changed: [iocage_02] => (item={'name': 'test_111', 'clone_from': 'ansible_client'})
changed: [iocage_02] => (item={'name': 'test_112', 'clone_from': 'ansible_client'})
changed: [iocage_02] => (item={'name': 'test_113', 'clone_from': 'ansible_client'})
TASK [Start clones.] ***********************************************************
changed: [iocage_04] => (item=test_131)
changed: [iocage_04] => (item=test_132)
changed: [iocage_04] => (item=test_133)
changed: [iocage_02] => (item=test_111)
changed: [iocage_02] => (item=test_112)
changed: [iocage_02] => (item=test_113)
TASK [Create Ansible facts iocage_*] *******************************************
ok: [iocage_04]
ok: [iocage_02]
TASK [Display jails.] **********************************************************
ok: [iocage_02] =>
msg: |-
ansible_client None - 14.3-RELEASE-p8 down
test_111 67 epair0b|10.1.0.174 14.3-RELEASE-p8 up
test_112 68 epair0b|10.1.0.147 14.3-RELEASE-p8 up
test_113 69 epair0b|10.1.0.231 14.3-RELEASE-p8 up
ok: [iocage_04] =>
msg: |-
ansible_client None - 15.0-RELEASE-p3 down
test_131 46 epair0b|10.1.0.224 15.0-RELEASE-p3 up
test_132 47 epair0b|10.1.0.185 15.0-RELEASE-p3 up
test_133 48 epair0b|10.1.0.225 15.0-RELEASE-p3 up
PLAY RECAP *********************************************************************
iocage_02 : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
iocage_04 : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Jails at iocage_02
[iocage_02]# iocage list -l
+------+----------------+------+-------+------+-----------------+--------------------+-----+----------------+----------+
| JID | NAME | BOOT | STATE | TYPE | RELEASE | IP4 | IP6 | TEMPLATE | BASEJAIL |
+======+================+======+=======+======+=================+====================+=====+================+==========+
| None | ansible_client | off | down | jail | 14.3-RELEASE-p8 | - | - | - | yes |
+------+----------------+------+-------+------+-----------------+--------------------+-----+----------------+----------+
| 67 | test_111 | off | up | jail | 14.3-RELEASE-p8 | epair0b|10.1.0.174 | - | ansible_client | yes |
+------+----------------+------+-------+------+-----------------+--------------------+-----+----------------+----------+
| 68 | test_112 | off | up | jail | 14.3-RELEASE-p8 | epair0b|10.1.0.147 | - | ansible_client | yes |
+------+----------------+------+-------+------+-----------------+--------------------+-----+----------------+----------+
| 69 | test_113 | off | up | jail | 14.3-RELEASE-p8 | epair0b|10.1.0.231 | - | ansible_client | yes |
+------+----------------+------+-------+------+-----------------+--------------------+-----+----------------+----------+
Jails at iocage_04
[iocage_04]# iocage list -l
+------+----------------+------+-------+------+-----------------+--------------------+-----+----------------+----------+
| JID | NAME | BOOT | STATE | TYPE | RELEASE | IP4 | IP6 | TEMPLATE | BASEJAIL |
+======+================+======+=======+======+=================+====================+=====+================+==========+
| None | ansible_client | off | down | jail | 15.0-RELEASE-p3 | - | - | - | yes |
+------+----------------+------+-------+------+-----------------+--------------------+-----+----------------+----------+
| 46 | test_131 | off | up | jail | 15.0-RELEASE-p3 | epair0b|10.1.0.224 | - | ansible_client | yes |
+------+----------------+------+-------+------+-----------------+--------------------+-----+----------------+----------+
| 47 | test_132 | off | up | jail | 15.0-RELEASE-p3 | epair0b|10.1.0.185 | - | ansible_client | yes |
+------+----------------+------+-------+------+-----------------+--------------------+-----+----------------+----------+
| 48 | test_133 | off | up | jail | 15.0-RELEASE-p3 | epair0b|10.1.0.225 | - | ansible_client | yes |
+------+----------------+------+-------+------+-----------------+--------------------+-----+----------------+----------+
Inventory iocage.yml
Enable sudo: true. Otherwise, iocage will complain DHCP (running -- address requires
root). Enable also sudo_preserve_env: true if env is used.
plugin: vbotka.freebsd.iocage
host: 10.1.0.73
user: admin
sudo: true
sudo_preserve_env: true
env:
CRYPTOGRAPHY_OPENSSL_NO_LEGACY: 1
Hint
Optionally, limit admins sudo to the command
iocage listshell> grep iocage /usr/local/etc/sudoers admin ALL=(ALL) NOPASSWD:SETENV: /usr/local/bin/iocage list*
The tag
SETENV, to preserve the environment, is needed whenenvis used.
Display inventory
(env) > ansible-inventory -i iocage.yml --list --yaml
all:
children:
ungrouped:
hosts:
ansible_client:
iocage_basejail: 'yes'
iocage_boot: 'off'
iocage_ip4: '-'
iocage_ip4_dict:
ip4: []
msg: '-'
iocage_ip6: '-'
iocage_jid: None
iocage_release: 14.3-RELEASE-p8
iocage_state: down
iocage_template: '-'
iocage_type: jail
test_111:
iocage_basejail: 'yes'
iocage_boot: 'off'
iocage_ip4: 10.1.0.174
iocage_ip4_dict:
ip4:
- ifc: epair0b
ip: 10.1.0.174
mask: '-'
msg: ''
iocage_ip6: '-'
iocage_jid: '67'
iocage_release: 14.3-RELEASE-p8
iocage_state: up
iocage_template: ansible_client
iocage_type: jail
test_112:
iocage_basejail: 'yes'
iocage_boot: 'off'
iocage_ip4: 10.1.0.147
iocage_ip4_dict:
ip4:
- ifc: epair0b
ip: 10.1.0.147
mask: '-'
msg: ''
iocage_ip6: '-'
iocage_jid: '68'
iocage_release: 14.3-RELEASE-p8
iocage_state: up
iocage_template: ansible_client
iocage_type: jail
test_113:
iocage_basejail: 'yes'
iocage_boot: 'off'
iocage_ip4: 10.1.0.231
iocage_ip4_dict:
ip4:
- ifc: epair0b
ip: 10.1.0.231
mask: '-'
msg: ''
iocage_ip6: '-'
iocage_jid: '69'
iocage_release: 14.3-RELEASE-p8
iocage_state: up
iocage_template: ansible_client
iocage_type: jail
Playbook pb-test.yml
- hosts: all
tasks:
- debug:
msg: >
{{ ansible_host }}
{{ iocage_jid }}
{{ iocage_release }}
{{ iocage_ip4 }}
{{ iocage_ip4_dict.ip4 | map(attribute='ip') }}
{{ iocage_state }}
'{{ iocage_ip4_dict.msg }}'
Playbook output - vars iocage_*
(env) > ansible-playbook pb-test.yml -i iocage.yml
PLAY [all] *********************************************************************
TASK [debug] *******************************************************************
ok: [test_111] =>
msg: |-
test_111 67 14.3-RELEASE-p8 10.1.0.174 ['10.1.0.174'] up ''
ok: [ansible_client] =>
msg: |-
ansible_client None 14.3-RELEASE-p8 - [] down '-'
ok: [test_112] =>
msg: |-
test_112 68 14.3-RELEASE-p8 10.1.0.147 ['10.1.0.147'] up ''
ok: [test_113] =>
msg: |-
test_113 69 14.3-RELEASE-p8 10.1.0.231 ['10.1.0.231'] up ''
PLAY RECAP *********************************************************************
ansible_client : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
test_111 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
test_112 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
test_113 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Jails at iocage_02
If a jail is stopped, the IP4 tab says: DHCP (not running).
[iocage_02]# iocage stop test_112 test_113
[iocage_02]# iocage list -l
+------+----------------+------+-------+------+-----------------+--------------------+-----+----------------+----------+
| JID | NAME | BOOT | STATE | TYPE | RELEASE | IP4 | IP6 | TEMPLATE | BASEJAIL |
+======+================+======+=======+======+=================+====================+=====+================+==========+
| None | ansible_client | off | down | jail | 14.3-RELEASE-p8 | - | - | - | yes |
+------+----------------+------+-------+------+-----------------+--------------------+-----+----------------+----------+
| 67 | test_111 | off | up | jail | 14.3-RELEASE-p8 | epair0b|10.1.0.174 | - | ansible_client | yes |
+------+----------------+------+-------+------+-----------------+--------------------+-----+----------------+----------+
| None | test_112 | off | down | jail | 14.3-RELEASE-p8 | DHCP (not running) | - | ansible_client | yes |
+------+----------------+------+-------+------+-----------------+--------------------+-----+----------------+----------+
| None | test_113 | off | down | jail | 14.3-RELEASE-p8 | DHCP (not running) | - | ansible_client | yes |
+------+----------------+------+-------+------+-----------------+--------------------+-----+----------------+----------+
Playbook output - vars iocage_*
(env) > ansible-playbook pb-test.yml -i iocage.yml
PLAY [all] *********************************************************************
TASK [debug] *******************************************************************
ok: [ansible_client] =>
msg: |-
ansible_client None 14.3-RELEASE-p8 - [] down '-'
ok: [test_111] =>
msg: |-
test_111 67 14.3-RELEASE-p8 10.1.0.174 ['10.1.0.174'] up ''
ok: [test_112] =>
msg: |-
test_112 None 14.3-RELEASE-p8 - [] down 'DHCP (not running)'
ok: [test_113] =>
msg: |-
test_113 None 14.3-RELEASE-p8 - [] down 'DHCP (not running)'
PLAY RECAP *********************************************************************
ansible_client : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
test_111 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
test_112 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
test_113 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0