510 project ansible-pull

Use case

Use the template ansible_client_pull to create project jails.

Tree

shell> tree .
.
├── ansible.cfg
├── hosts
│   ├── 04_iocage.yml
│   └── 99_constructed.yml
├── host_vars
│   └── iocage_04
│       └── iocage.yml
├── iocage.ini
└── pb-test-all.yml

Synopsis

• At the managed node iocage_04 in the playbook vbotka.freebsd.pb_iocage_project_create.yml create project. TBD

Requirements

• inventory plugin vbotka.freebsd.iocage

• root privilege in the managed nodes

• template ansible_client_pull created in 208 Create iocage template for ansible-pull

Notes

TBD

See also

• TBD

ansible.cfg

[defaults]
gathering = explicit
callback_result_format = yaml
display_skipped_hosts = false
host_key_checking = false

[connection]
pipelining = true

Inventory iocage.ini

iocage_04 ansible_host=10.1.0.29

[iocage]
iocage_04

[iocage:vars]
ansible_user=admin
ansible_become=true
ansible_python_interpreter=auto_silent

Templates at iocage_04

[iocage_04]# iocage list -lt

+------+-----------------------+------+-------+----------+-----------------+--------------------+-----+----------+----------+
| JID  |         NAME          | BOOT | STATE |   TYPE   |     RELEASE     |        IP4         | IP6 | TEMPLATE | BASEJAIL |
+======+=======================+======+=======+==========+=================+====================+=====+==========+==========+
| None | ansible_client        | off  | down  | template | 15.0-RELEASE-p3 | DHCP (not running) | -   | -        | no       |
+------+-----------------------+------+-------+----------+-----------------+--------------------+-----+----------+----------+
| None | ansible_client_apache | off  | down  | template | 15.0-RELEASE-p3 | DHCP (not running) | -   | -        | no       |
+------+-----------------------+------+-------+----------+-----------------+--------------------+-----+----------+----------+
| None | ansible_client_pull   | off  | down  | template | 15.0-RELEASE-p3 | DHCP (not running) | -   | -        | no       |
+------+-----------------------+------+-------+----------+-----------------+--------------------+-----+----------+----------+

host_vars

host_vars/iocage_04/project.yml

# The project keys are jails aliases.
project_template: ansible_client_pull
project:
  db_3:
    class: [logclient, db]
    vmm: iocage_04
  http_3:
    class: [logclient, http]
    vmm: iocage_04

# Put the dictionary iocage_tags into the file /var/db/iocage-tags.yml
project_create_iocage_tags: true

# Declare vmm. Dictionary of iocage hosts.
vmm_groups: "{{ dict(project | dict2items | groupby('value.vmm')) }}"
vmm: "{{ dict(vmm_groups.keys() | zip(vmm_groups.values() | map('items2dict'))) }}"

# Declare class. Dictionary of classes.
class_list: "{{ project | dict2items }}"
class_keys: "{{ class_list | map(attribute='value.class') | flatten | unique | sort }}"
class: |
  {% filter from_yaml %}
  {% for k in class_keys %}
  {{ k }}: {{ class_list | selectattr('value.class', 'contains', k) | map(attribute='key') }}
  {% endfor %}
  {% endfilter %}

# Jail properties.
properties: "bpf=1 dhcp=1 vnet=1"

Inventory hosts

hosts/04_iocage.yml

plugin: vbotka.freebsd.iocage
host: 10.1.0.29
user: admin
get_properties: true
inventory_hostname_tag: alias
hooks_results:
  - /var/db/dhclient-hook.address.epair0b

hosts/99_constructed.yml

plugin: ansible.builtin.constructed
compose:
  ansible_host: (iocage_hooks.0 == '-') | ternary(iocage_ip4, iocage_hooks.0)
  iocage_tags: dict(iocage_properties.notes | regex_findall('(\w+)=([\w\-]+)'))
  iocage_classes: iocage_properties.notes | regex_findall('class=(\w+)')
groups:
  db: "'db' in iocage_classes"
  http: "'http' in iocage_classes"
  logclient: "'logclient' in iocage_classes"
  logserv: "'logserv' in iocage_classes"
keyed_groups:
  - prefix: state
    key: iocage_state
  - prefix: vmm
    key: iocage_tags.vmm

Playbook output - Create and start project jails

(env) > ansible-playbook vbotka.freebsd.pb_iocage_project_create.yml \
                         -i hosts -i iocage.ini -e debug=true

See also

The playbook pb_iocage_project_create

Note

The inventory -i hosts provides the group of all created jails. The play can use it and create only the missing project jails. This makes the play idempotent despite the module ansible.builtin.command and iocage option --count being used.

PLAY [Create and start project jails.] *****************************************

TASK [Display vars.] ***********************************************************
ok: [iocage_04] => 
    msg: |-
        project_template: ansible_client_pull
        project_create_iocage_tags: True
        vmm:
          iocage_04:
            db_3:
              class: [logclient, db]
              vmm: iocage_04
            http_3:
              class: [logclient, http]
              vmm: iocage_04

        class:
          db: [db_3]
          http: [http_3]
          logclient: [db_3, http_3]

        groups.all: ['iocage_04']
        project_jails_present: []
        project_jails_absent: ['db_3', 'http_3']

TASK [Create jails.] ***********************************************************
changed: [iocage_04]

TASK [Set notes.] **************************************************************
changed: [iocage_04] => (item=db_3 alias=db_3 class=logclient,db vmm=iocage_04)
changed: [iocage_04] => (item=http_3 alias=http_3 class=logclient,http vmm=iocage_04)

TASK [Get pool.] ***************************************************************
ok: [iocage_04]

TASK [Create /var/db/iocage-tags.yml] ******************************************
changed: [iocage_04] => (item=db_3 {'alias': 'db_3', 'class': ['logclient', 'db'], 'vmm': 'iocage_04'})
changed: [iocage_04] => (item=http_3 {'alias': 'http_3', 'class': ['logclient', 'http'], 'vmm': 'iocage_04'})

TASK [Start created jails.] ****************************************************
changed: [iocage_04]

PLAY RECAP *********************************************************************
iocage_04                  : ok=6    changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

Playbook pb-test-all.yml

- name: Display all groups.
  hosts: all

  tasks:

    - debug:
        msg: |
          ansible_host: {{ ansible_host | d('UNDEFINED') }}
          iocage_properties.host_hostuuid: {{ iocage_properties.host_hostuuid | d('UNDEFINED') }}
          iocage_classes: {{ iocage_classes | d([]) | to_yaml }}
          iocage_tags: {{ iocage_tags | d({}) | to_yaml }}

    - debug:
        msg: |
          {% for group in groups %}
          {{ group }}: {{ groups[group] }}
          {% endfor %}
      run_once: true

Playbook output - Display all groups

(env) > ansible-playbook pb-test-all.yml -i hosts --flush-cache

Note

• The inventory configuration files hosts/*.yml enable cache.

• Flush the cache. Otherwise, the jails created in the previous play won’t be included.

PLAY [Display all groups.] *****************************************************

TASK [debug] *******************************************************************
ok: [http_3] => 
    msg: |-
        ansible_host: 10.1.0.207
        iocage_properties.host_hostuuid: 49646fd0
        iocage_classes: [logclient, http]

        iocage_tags: {alias: http_3, class: 'logclient,http', vmm: iocage_04}
ok: [db_3] => 
    msg: |-
        ansible_host: 10.1.0.202
        iocage_properties.host_hostuuid: e5f7d10b
        iocage_classes: [logclient, db]

        iocage_tags: {alias: db_3, class: 'logclient,db', vmm: iocage_04}

TASK [debug] *******************************************************************
ok: [http_3] => 
    msg: |-
        all: ['http_3', 'db_3']
        ungrouped: []
        http: ['http_3']
        logclient: ['http_3', 'db_3']
        state_up: ['http_3', 'db_3']
        vmm_iocage_04: ['http_3', 'db_3']
        db: ['db_3']

PLAY RECAP *********************************************************************
db_3                       : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
http_3                     : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

Playbook output - Stop and destroy jails

(env) > ansible-playbook vbotka.freebsd.pb_iocage_project_destroy.yml \
                         -i hosts -i iocage.ini -e debug=true

See also

The playbook pb_iocage_project_destroy

PLAY [Stop and destroy jails.] *************************************************

TASK [Display vars.] ***********************************************************
ok: [iocage_04] => 
    msg: |-
        vmm:
          iocage_04:
            db_3:
              class: [logclient, db]
              vmm: iocage_04
            http_3:
              class: [logclient, http]
              vmm: iocage_04

        class:
          db: [db_3]
          http: [http_3]
          logclient: [db_3, http_3]

        groups.all: ['http_3', 'db_3', 'iocage_04']
        project_jails_present: ['db_3', 'http_3']

TASK [Stop jails.] *************************************************************
changed: [iocage_04]

TASK [Destroy jails.] **********************************************************
changed: [iocage_04]

PLAY RECAP *********************************************************************
iocage_04                  : ok=3    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

Playbook output - Display all groups

(env) > ansible-playbook -i hosts pb-test-all.yml --flush-cache

PLAY [Display all groups.] *****************************************************
skipping: no hosts matched

PLAY RECAP *********************************************************************