ansible-role-bastille

An ansible role that helps configure a server as a BastilleBSD host for running containers (jails based) in FreeBSD.

This is a work in progress ansible role. At the moment assuming local interface for networking. Use it at your own risk.

Install this role

Simply run ansible-galaxy install yaazkal.bastille on your machine. Then integrate the role on your own playbook (see the example below).

Requirements

FreeBSD 11.4, 12.2 or 13.0
Python installed (3.7 recommended).
ca_root_nss is also recommended specially on FreeBSD 11.4 in order to not fail when installing custom Bastille version from github tag.

Role variables

This are the role variables and its defaults, set them at your host_vars or host definition as you want it (see example).

Variable	Default value	Description
bastille_version		If set, installs the given version (tag) from bastille repo instead of the pkg version available.
bastille_prefix	/usr/local/bastille	Where jails, releases, templates, backpus etc lives.
bastille_zfs_enable		Set to YES to enable some ZFS magic (recommended).
bastille_zfs_zpool		The ZFS pool where Bastille will host its files and jails.
bastille_timezone	Etc/UTC
bastille_ext_if	vtnet0	External network interface.
bastille_releases	13.0-RELEASE	List of releases to be available for jails creation.
bastille_templates		List of git repos where templates are hosted. Those templates will be available for jails.
bastille_jails		List of jails to be created. See example for options.

Dependencies

None.

Example Playbook

A playbook can look like this:

# File name: bastille_provision.yml
- name: "Initial configuration of the system"
  hosts: bastille
  roles:
    - yaazkal.bastille

An inventory file can look like this (this example overrides all default variables):

# File name: hosts.yml
bastille:
  hosts:
    example.com:
      ansible_user: root
      bastille_version: "0.9.20210714"
      bastille_timezone: "America/Bogota"
      bastille_zfs_enable: "YES"
      bastille_zfs_zpool: "zroot"
      bastille_ext_if: "vtnet0"
      bastille_releases:
        - 13.0-RELEASE
        - 12.2-RELEASE
      bastille_templates:
        - https://gitlab.com/bastillebsd-templates/nginx
        - https://github.com/yaazkal/bastille-postgres
      bastille_jails:
        - name: defaultjail
          release: 13.0-RELEASE
          ip: 10.17.89.1
          templates:
            - "bastillebsd-templates/nginx"
        - name: thickjail
          release: 13.0-RELEASE
          ip: 10.17.89.2
          options: -T

Then you can run:

ansible-playbook -i hosts.yml bastille_provision.yml

License

BSD 3 clause. See LICENSE file.

Author Information

@yaazkal - Juan David Hurtado G.

nulldowntime / ansible-role-bastille