442 Connection jailexec instead of ssh

Extending example 441 Redirect SHH to jails.

Use case

Use the connection plugin vbotka.freebsd.jailexec instead of the default ansible.builtin.ssh.

Tree

shell> tree .
.
├── ansible.cfg
├── hosts
│   ├── 05_iocage.yml
│   └── 99_constructed.yml
└── pb-test.yml

Synopsis

• Create dynamic inventory to connect the jails by connection plugin vbotka.freebsd.jailexec.

• At all created jails, in the playbook pb-test.yml:

  • connect to the jails

  • display basic configuration of the jails.

Requirements

• connection plugin vbotka.freebsd.jailexec

• inventory plugin vbotka.freebsd.iocage

• root privilege in the managed nodes

Notes

The only difference between this example and the example 441 Redirect SHH to jails are the following three lines in the file hosts/05_iocage.yml

ansible_connection: "'vbotka.freebsd.jailexec'"
ansible_jail_host: dict(iocage_properties.notes | regex_findall('(\w+)=([\w\-]+)')).vmm
ansible_jail_privilege_escalation: "'sudo'"

See also

example 050 Connection jailexec

ansible.cfg

[defaults]
callback_result_format = yaml
deprecation_warnings = false
display_skipped_hosts = false
gathering = explicit

[connection]
pipelining = true

Jails at iocage_05

[iocage_05]# iocage list -l

+-----+----------+------+-------+------+--------------+----------------------+-----+----------------+----------+
| JID |   NAME   | BOOT | STATE | TYPE |   RELEASE    |         IP4          | IP6 |    TEMPLATE    | BASEJAIL |
+=====+==========+======+=======+======+==============+======================+=====+================+==========+
| 31  | 4a8426e6 | off  | up    | jail | 15.0-RELEASE | epair0b|10.10.99.130 | -   | ansible_client | no       |
+-----+----------+------+-------+------+--------------+----------------------+-----+----------------+----------+
| 32  | cbe505b1 | off  | up    | jail | 15.0-RELEASE | epair0b|10.10.99.161 | -   | ansible_client | no       |
+-----+----------+------+-------+------+--------------+----------------------+-----+----------------+----------+
| 33  | f4073d63 | off  | up    | jail | 15.0-RELEASE | epair0b|10.10.99.162 | -   | ansible_client | no       |
+-----+----------+------+-------+------+--------------+----------------------+-----+----------------+----------+

Inventory hosts

hosts/05_iocage.yml

plugin: vbotka.freebsd.iocage
host: iocage_05
user: admin
sudo: true
get_properties: true
compose:
  ansible_connection: "'vbotka.freebsd.jailexec'"
  ansible_jail_host: dict(iocage_properties.notes | regex_findall('(\w+)=([\w\-]+)')).vmm | d('none')
  ansible_jail_privilege_escalation: "'sudo'"
  ansible_user: "'admin'"
  ansible_python_interpreter: "'auto_silent'"
  iocage_tags: dict(iocage_properties.notes | regex_findall('(\w+)=([\w\-]+)'))

Note

• The default value of the option ansible_jail_privilege_escalation is doas

• See connection plugin vbotka.freebsd.jailexec

• In FreeBSD, doas is not installed by default.

hosts/99_constructed.yml

plugin: ansible.builtin.constructed
keyed_groups:
  - prefix: swarm
    key: iocage_tags.swarm
  - prefix: vmm
    key: iocage_tags.vmm

Display inventory

(env) > ansible-inventory -i hosts --graph

@all:
  |--@ungrouped:
  |--@swarm_sw_01:
  |  |--4a8426e6
  |  |--cbe505b1
  |  |--f4073d63
  |--@vmm_iocage_05:
  |  |--4a8426e6
  |  |--cbe505b1
  |  |--f4073d63

Playbook pb-test.yml

- name: Test the connection plugin jailexec.
  hosts: swarm_sw_01
  gather_facts: false
    
  tasks:
    
    - ansible.builtin.debug:
        msg: |
          ansible_connection: {{ ansible_connection }}
          ansible_host: {{ ansible_host }}
          ansible_user: {{ ansible_user }}

          ansible_jail_host: {{ ansible_jail_host }}
          ansible_jail_privilege_escalation: {{ ansible_jail_privilege_escalation }}

          iocage_ip4: {{ iocage_ip4 }}
          iocage_tags: {{ iocage_tags }}

Playbook output - Test jailexec connection plugin

(env) > ansible-playbook pb-test.yml -i hosts

PLAY [Test the connection plugin jailexec.] ************************************

TASK [ansible.builtin.debug] ***************************************************
ok: [4a8426e6] => 
    msg: |-
        ansible_connection: vbotka.freebsd.jailexec
        ansible_host: 4a8426e6
        ansible_user: admin

        ansible_jail_host: iocage_05
        ansible_jail_privilege_escalation: sudo

        iocage_ip4: 10.10.99.130
        iocage_tags: {'vmm': 'iocage_05', 'swarm': 'sw_01'}
ok: [cbe505b1] => 
    msg: |-
        ansible_connection: vbotka.freebsd.jailexec
        ansible_host: cbe505b1
        ansible_user: admin

        ansible_jail_host: iocage_05
        ansible_jail_privilege_escalation: sudo

        iocage_ip4: 10.10.99.161
        iocage_tags: {'vmm': 'iocage_05', 'swarm': 'sw_01'}
ok: [f4073d63] => 
    msg: |-
        ansible_connection: vbotka.freebsd.jailexec
        ansible_host: f4073d63
        ansible_user: admin

        ansible_jail_host: iocage_05
        ansible_jail_privilege_escalation: sudo

        iocage_ip4: 10.10.99.162
        iocage_tags: {'vmm': 'iocage_05', 'swarm': 'sw_01'}

PLAY RECAP *********************************************************************
4a8426e6                   : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
cbe505b1                   : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
f4073d63                   : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0