A tool to provision, configure and maintain FreeBSD jails
Project description
BSDploy is a tool to deploy FreeBSD jails.
Not wanting to re-invent the wheel, under the hood it uses mr.awsome for provisioning, ansible for configuration and fabric for maintenance.
Features
configure multiple hosts and jails in one canonical ini-file
bootstrap complete jail hosts from scratch - both virtual machines, as well as physical ones. bsdploy will take care of installing FreeBSD for you, including configuration of ZFS pools and even encrypts them using GELI.
create new jails simply by adding two or more lines to your configuration file and running ploy start – bsdploy will take care of configuring the required IP address on the host
ansible support – no more mucking about with host files: all hosts and their variables defined in ploy.conf are automatically exposed to ansible. Run them with ploy playbook path/to/playbook.yml.
ditto for Fabric – run fabric scripts with ploy do JAILNAME TASKNAME and have all your hosts and their variables at your disposal in fab.env.
jails receive private IP addresses by default, so they are not reachable from the outside - for configuration access (i.e. applying ansible playbooks to them or running fabric scripts inside of them) bsdploy transparently configures SSH ProxyCommand based access.
Easily configure ipnat on the jail host to white-list access from the outside – this greatly reduces the chance of accidentally exposing services to the outside world that shouldn’t be.
Amazon EC2 support – provision and configure jailhosts on EC2.
With bsdploy you can create and configure one or more jail hosts with one or more jails inside them, all configured in one canonical ini style configuration file (by default in etc/ploy.conf):
[ez-master:vm-master] host = 127.0.0.1 port = 47022 [ez-instance:webserver] ip = 10.0.0.2 fqdn = test.local fabfile = deployment/webserver.py [ez-instance:database] ip = 10.0.0.3 dbname = production [ez-instance:application] ip = 10.0.0.4 version = 1.2.3
Examples
To give it a spin, best check out the example repository.
Full documentation
The full documentation is [hosted at RTD](http://bsdploy.readthedocs.org/) or you can peek at the identical contents here under docs/.
Development
To develop bsdploy itself use the provided Makfile – running make will install a development version of itself and its direct dependencies (i.e. the mr.awsome.* packages).
For more details, [check the documentation](http://bsdploy.readthedocs.org/en/latest/installation.html#installing-from-github).
Misc
Miscellaneous notes that should eventually make their way into the proper documentation.
Selectively applying jailhost configuration
ploy configure-jailhost applies the jails_host role (see roles/jails_host. if you don’t want to apply it wholesale or want to re-apply certain tags of it, you can use a top-level playbook like so:
- hosts: my-jailhost user: root roles: - { role: jails_host, tags: ['configure'] }
i.e. to then only update the ipnat rules, do this:
bin/ploy playbook staging.yml -t configure -t ipnat_rules
the ‘trick’ is to use multiple tags to narrow down the tasks to only what you need.
TODO
[ ] documentation cough [x] make rc.conf a template (to support non-DHCP jailhost scenario) [x] allow for offline installation of ezjail [x] allow for offline installation of pkgng [ ] include poudriere support [ ] eliminate need for proxycommandin ploy.conf [ ] eliminate need for proxyhost in ploy.conf [x] eliminate need for hooks entries for jail configuration in ploy.conf [x] make the private network for the jails configurable (the hard coded 10.0.0.x is not always desirable) [x] inject ansible_python_interpreter (so playbooks don’t have to set it themselves)
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file bsdploy-0.1a3.zip
.
File metadata
- Download URL: bsdploy-0.1a3.zip
- Upload date:
- Size: 36.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | f475aaa8a7233663229076206fb5044fc2391b387289fee6ce904466de1debc5 |
|
MD5 | 7b5c57c5cf18e2b28bb5aa261f3c1f8c |
|
BLAKE2b-256 | 51b4625b97ac54e4b2fcae1f0c31e2b19f37e167db9f8265b3f0e2f2736974fe |