423 Role vbotka.freebsd.apache Poudriere

Use case

Use iocage property host_hostname to create a jail. Mount host directory /usr/local/poudriere in the jail. Use the role vbotka.freebsd.certificate to create SSL certificate for build.foo.bar. Use the role vbotka.freebsd.apache to configure Apache HTTP Server Virtual Host build.foo.bar to access /usr/local/poudriere.

Tree

shell> tree .
.
├── ansible.cfg
├── hosts
├── host_vars
│   ├── iocage_04
│   │   └── ansible-client-apache.yml
│   └── www-5
│       ├── apache.yml
│       └── certificate.yml
├── iocage.ini
├── pb-apache.yml
└── pb-certificate.yml

Synopsis

Requirements

Notes

  • iocage option --name provides “NAME instead of a UUID for the new jail”.

  • iocage property host_hostname provides “The hostname of the jail. Default: UUID”.

  • Make sure DHCP and dynamic DNS are configured so that host_hostname and --name resolve.

See also

ansible.cfg

[defaults]
gathering = explicit
callback_result_format = yaml
display_skipped_hosts = false
host_key_checking = false

[connection]
pipelining = true

Inventory iocage.ini

iocage_04 ansible_host=10.1.0.29

[iocage]
iocage_04

[iocage:vars]
ansible_user=admin
ansible_become=true
ansible_python_interpreter=auto_silent

host_vars

host_vars/iocage_04/ansible-client-apache.yml
properties:
  notes: "vmm={{ inventory_hostname }}"
  bpf: 1
  dhcp: 1
  vnet: 1
  allow_mount: 1
  allow_mount_zfs: 1
  jail_zfs: 1

clones_host_hostname:
  www-5:
    template: ansible_client_apache
    fstab:
      - spec: /usr/local/poudriere
        file: /usr/local/poudriere
        type: nullfs
        options: ro 0 0
host_vars/www-5/apache.yml
apache_install: false
apache_confd: false
apache_servername: www-5
apache_serveradmin: admin@www-5

apache_ssl: true
apache_sslengine: 'on'
apache_sslcertificatekeyfile: "/usr/local/etc/ssl/private/{{ apache_servername }}.key"
apache_sslcertificatefile: "/usr/local/etc/ssl/certs/{{ apache_servername }}.crt"

apache_httpd_conf_modules:
  - {module: socache_shmcb_module, mod: mod_socache_shmcb.so}
  - {module: ssl_module, mod: mod_ssl.so}

apache_vhosts: true
apache_vhost:
  - ServerName: build.foo.bar
    DocumentRoot: /usr/local/poudriere/data/
    SSLCertificateFile: "/usr/local/etc/ssl/certs/build.foo.bar.crt"
    SSLCertificateKeyFile: "/usr/local/etc/ssl/private/build.foo.bar.key"
    redirect: false

apache_directory_blocks:
  - Directory: /usr/local/www/apache24/data/
    Includefile: usr-local-www-apache-data.conf
    Conf:
      - "DirectoryIndex index.html index.htm"
      - "Options Indexes FollowSymLinks"
      - "AllowOverride All"
      - "Require all granted"
  - Directory: /usr/local/poudriere/data
    Includefile: usr-local-poudriere-data.conf
    Conf:
      - "Options Indexes FollowSymLinks"
      - "AllowOverride All"
      - "Require all granted"
host_vars/www-5/certificate.yml
certificate_data_simple:
  - www-5
  - build.foo.bar

Create and start the jail

(env) > ansible-playbook vbotka.freebsd.pb_iocage_ansible_clients.yml \
                         -i iocage.ini \
                         -t clone_host_hostname -e clone_host_hostname=true

PLAY [Create and start jails. Optionally stop and destroy jails.] **************

TASK [Get pool.] ***************************************************************
ok: [iocage_04]

TASK [Create clones host_hostname] *********************************************
changed: [iocage_04] => (item=www-5 ansible_client_apache)

TASK [Create mount points.] ****************************************************
changed: [iocage_04] => (item=www-5 /usr/local/poudriere)

TASK [Add fstab] ***************************************************************
changed: [iocage_04] => (item=www-5 /usr/local/poudriere /usr/local/poudriere)

TASK [Start clones host_hostname] **********************************************
changed: [iocage_04]

PLAY RECAP *********************************************************************
iocage_04                  : ok=5    changed=4    unreachable=0    failed=0    skipped=6    rescued=0    ignored=0

Inventory hosts

hosts
www-5

[www]
www-5

[www:vars]
ansible_user=admin
ansible_become=true
ansible_python_interpreter=auto_silent

Playbook pb-certificate.yml

- name: Create SSL certificate.
  hosts: www
  gather_facts: true

  roles:
    - vbotka.freebsd.certificate

Playbook output - Display variables

(env) > ansible-playbook pb-certificate.yml -i hosts \
                         -t certificate_debug -e certificate_debug=true

PLAY [Create SSL certificate.] *************************************************

TASK [Gathering Facts] *********************************************************
[ERROR]: Task failed: Failed to connect to the host via ssh: ssh: Could not resolve hostname www-5: Temporary failure in name resolution

Task failed.

<<< caused by >>>

Failed to connect to the host via ssh: ssh: Could not resolve hostname www-5: Temporary failure in name resolution

fatal: [www-5]: UNREACHABLE! => 
    changed: false
    msg: 'Task failed: Failed to connect to the host via ssh: ssh: Could not resolve hostname
        www-5: Temporary failure in name resolution'
    unreachable: true

PLAY RECAP *********************************************************************
www-5                      : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0

Playbook output - Setup

(env) > ansible-playbook pb-certificate.yml -i hosts -t certificate_setup

PLAY [Create SSL certificate.] *************************************************

TASK [Gathering Facts] *********************************************************
[ERROR]: Task failed: Failed to connect to the host via ssh: ssh: Could not resolve hostname www-5: Temporary failure in name resolution

Task failed.

<<< caused by >>>

Failed to connect to the host via ssh: ssh: Could not resolve hostname www-5: Temporary failure in name resolution

fatal: [www-5]: UNREACHABLE! => 
    changed: false
    msg: 'Task failed: Failed to connect to the host via ssh: ssh: Could not resolve hostname
        www-5: Temporary failure in name resolution'
    unreachable: true

PLAY RECAP *********************************************************************
www-5                      : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0

Playbook output - Create certificate

(env) > ansible-playbook pb-certificate.yml -i hosts -t certificate_openssl

PLAY [Create SSL certificate.] *************************************************

TASK [Gathering Facts] *********************************************************
[ERROR]: Task failed: Failed to connect to the host via ssh: ssh: Could not resolve hostname www-5: Temporary failure in name resolution

Task failed.

<<< caused by >>>

Failed to connect to the host via ssh: ssh: Could not resolve hostname www-5: Temporary failure in name resolution

fatal: [www-5]: UNREACHABLE! => 
    changed: false
    msg: 'Task failed: Failed to connect to the host via ssh: ssh: Could not resolve hostname
        www-5: Temporary failure in name resolution'
    unreachable: true

PLAY RECAP *********************************************************************
www-5                      : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0

Playbook output - Display status

(env) > ansible-playbook pb-certificate.yml -i hosts -t certificate_openssl_stat

PLAY [Create SSL certificate.] *************************************************

TASK [Gathering Facts] *********************************************************
[ERROR]: Task failed: Failed to connect to the host via ssh: ssh: Could not resolve hostname www-5: Temporary failure in name resolution

Task failed.

<<< caused by >>>

Failed to connect to the host via ssh: ssh: Could not resolve hostname www-5: Temporary failure in name resolution

fatal: [www-5]: UNREACHABLE! => 
    changed: false
    msg: 'Task failed: Failed to connect to the host via ssh: ssh: Could not resolve hostname
        www-5: Temporary failure in name resolution'
    unreachable: true

PLAY RECAP *********************************************************************
www-5                      : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0

Playbook pb-apache.yml

- name: Create Apache HTTP Server.
  hosts: www
  gather_facts: true

  roles:
    - vbotka.freebsd.apache

Playbook output - Create server

(env) > ansible-playbook pb-apache.yml -i hosts

PLAY [Create Apache HTTP Server.] **********************************************

TASK [Gathering Facts] *********************************************************
[ERROR]: Task failed: Failed to connect to the host via ssh: ssh: Could not resolve hostname www-5: Temporary failure in name resolution

Task failed.

<<< caused by >>>

Failed to connect to the host via ssh: ssh: Could not resolve hostname www-5: Temporary failure in name resolution

fatal: [www-5]: UNREACHABLE! => 
    changed: false
    msg: 'Task failed: Failed to connect to the host via ssh: ssh: Could not resolve hostname
        www-5: Temporary failure in name resolution'
    unreachable: true

PLAY RECAP *********************************************************************
www-5                      : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0

Results

  • Test the configuration

    (env) > ssh admin@www-5 sudo service apache24 configtest
Performing sanity check on apache24 configuration:
Syntax OK

  • The virtual host build.foo.bar must resolve. For example,

    (env) > nslookup www-5
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:    www-5.example.com
Address: 10.1.0.159

(env) > grep build.foo.bar /etc/hosts
10.1.0.159 build.foo.bar

  • In a browser, open the logs. For example,

https://build.foo.bar/logs/bulk/143amd64-default-devel/2025-08-12_13h34m10s/build.html
../../_images/screenshot_build.png

See also

390 Build packages