split jail role into two

* base-jailhost ensures that the service host has necessary infrastructure installed and configured (ezjail) * jail role is to be used to create jails on the jail host * remove ezjail.flavour file (we do not use it at the moment) * do not enable 'jail' service, enable 'ezjail' instead * use 'ftp.freebsd.org' (for some reason I had problems with freebsd.isc.org) * do not install lib32 stuff in ports tree * introduce a number of base-jailhost variables to avoid typing errors
buildbot · Dec 30, 2014 · 217148a · 217148a
1 parent f075e58
commit 217148a
Show file tree

Hide file tree

Showing 8 changed files with 66 additions and 52 deletions.
diff --git a/roles/base-jailhost/files/flavours/base/etc/make.conf b/roles/base-jailhost/files/flavours/base/etc/make.conf
@@ -3,4 +3,4 @@ DISTDIR=/var/ports/distfiles
 PACKAGES=/var/ports/packages
 INDEXDIR=/var/ports
 
-OPTIONS_UNSET=DOCS EXAMPLES
+OPTIONS_UNSET=LIB32 DOCS EXAMPLES
diff --git a/roles/base-jailhost/files/flavours/base/ezjail.flavour b/roles/base-jailhost/files/flavours/base/ezjail.flavour
diff --git a/roles/base-jailhost/tasks/main.yml b/roles/base-jailhost/tasks/main.yml
@@ -7,34 +7,37 @@
 - name: ezjail config
   template:
     src: ezjail.conf
-    dest: /usr/local/etc/ezjail.conf
-
-- name: Create jail log directory
-  file:
-    path: '{{ jail_log_dir }}'
-    state: directory
+    dest: "{{ ezjail_conf_file }}"
+    mode: "0644"
 
 - name: Populate basejail
   command: ezjail-admin install
   args:
-    creates: '{{ ezjail_jaildir }}/base'
+    creates: "{{ ezjail_jaildir }}/{{ ezjail_base_jail }}"
 
 - name: Create base flavour directories
   file:
-    path: '{{ ezjail_jaildir }}/flavours/base/{{ item }}'
+    path: "{{ ezjail_jaildir }}/flavours/{{ ezjail_default_flavour }}/{{ item }}"
     state: directory
   with_items:
   - etc
 
 - name: Set base flavour config
   copy:
-    dest: '{{ ezjail_jaildir }}/flavours/{{ item }}'
-    src: 'flavours/{{ item }}'
+    dest: "{{ ezjail_jaildir }}/flavours/{{ item }}"
+    src: "flavours/{{ item }}"
+  with_items:
+  - "{{ ezjail_default_flavour }}/etc/make.conf"
+  - "{{ ezjail_default_flavour }}/etc/periodic.conf"
+  - "{{ ezjail_default_flavour }}/etc/rc.conf"
+
+# TODO(sa2ajj): should it be done here or while creation of the actual jail?
+- name: Copy some host configuration files
+  copy:
+    dest: "{{ ezjail_jaildir }}/flavours/{{ ezjail_default_flavour }}/etc/{{ item }}"
+    src: "/etc/{{ item }}"
   with_items:
-  - base/ezjail.flavour
-  - base/etc/make.conf
-  - base/etc/periodic.conf
-  - base/etc/rc.conf
+  - resolv.conf
 
 - name: Enable jails
   service:

diff --git a/roles/base-jailhost/templates/ezjail.conf b/roles/base-jailhost/templates/ezjail.conf
@@ -1,13 +1,17 @@
 # {{ ansible_managed }}
+# Path options
 ezjail_jaildir='{{ ezjail_jaildir }}'
 ezjail_jailtemplate="${ezjail_jaildir}/newjail"
-ezjail_jailbase="${ezjail_jaildir}/base"
+ezjail_jailbase="${ezjail_jaildir}/{{ ezjail_base_jail }}"
 ezjail_sourcetree=/usr/src
-ezjail_ftphost=freebsd.isc.org
-ezjail_default_execute="/usr/bin/login -f root"
-ezjail_default_flavour="base"
+ezjail_ftphost=ftp.freebsd.org
 ezjail_archivedir="{{ ezjail_jaildir }}/archived"
 
+# Jail admin options
+ezjail_default_execute="/usr/bin/login -f root"
+
+# Jail creation options
+ezjail_default_flavour="{{ ezjail_default_flavour }}"
 # ezjail_uglyperlhack="YES"
 ezjail_mount_enable="NO"
 ezjail_devfs_enable="YES"

diff --git a/roles/base-jailhost/vars/main.yml b/roles/base-jailhost/vars/main.yml
@@ -1,3 +1,10 @@
 ---
+# Directory where jails are created
 ezjail_jaildir: /usr/local/jail
-jail_log_dir: /var/log/jail
+# Directory where the ezjail-admin keeps jail configuration files
+ezjail_conf_dir: /usr/local/etc/ezjail
+# Main ezjail configuration file
+ezjail_conf_file: /usr/local/etc/ezjail.conf
+# NOTE: these two are different
+ezjail_base_jail: base
+ezjail_default_flavour: base
diff --git a/roles/jail/README.rst b/roles/jail/README.rst
@@ -4,17 +4,19 @@ Jail Role
 The jail role requires four arguments to be used.
 
 ``name``
-    The name to use for the jail. This is often the same as the hostname.
+    The name to use for the jail. This is often the non-fqdn jail's hostname.
 
 ``hostname``
     The hostname of the jail.
 
-``jid``
-    The jail ID. This must be unique on the host.
-
 ``ip_address``
     A list of interface and IP address pairs. Each address in the list should be of the form `interface|ip`.
 
+.. note::
+
+   JIDs are assigned automatically.  To address the jail use jail's name, for example::
+
+    $ sudo jexec jailtest sh
 
 Example playbook
 ----------------
@@ -25,9 +27,8 @@ Example playbook
     - name: Jail test
       hosts: servicehosts
       roles:
-        - role: jail
-          name: jailtest.buildbot.net
-          jid: 1
-          hostname: jailtest.buildbot.net
-          ip_address:
-          - 'vtnet0|192.168.8.49'
+      - role: jail
+        name: jailtest
+        hostname: jailtest.buildbot.net
+        ip_address:
+        - 'vtnet0|192.168.8.49'
diff --git a/roles/jail/meta/main.yml b/roles/jail/meta/main.yml
@@ -1,3 +1,4 @@
 ---
 dependencies:
 - base-jailhost
+allow_duplicates: yes
diff --git a/roles/jail/tasks/main.yml b/roles/jail/tasks/main.yml
@@ -1,19 +1,24 @@
 ---
-# Most bits on the file system use the safename instead of the full name.
-- name: Set jail safename
-  shell: echo -n '{{ name }}' | tr -c '[:alnum:]' _
-  register: jail_safename
-  changed_when: false
-
-- name: Install jail
-  command: "ezjail-admin create -f base {{ name }} {{ ip_address|join(',') }}"
+- name: create jail
+  command: "ezjail-admin create -f {{ ezjail_default_flavour }} {{ name }} {{ ip_address|join(',') }}"
   args:
-    creates: '/usr/local/etc/ezjail/{{ jail_safename.stdout }}'
+    creates: "{{ ezjail_conf_dir }}/{{ name }}"
+  register: jail_created
 
-- name: Add jail to jail.conf
+- name: set jail's hostname
   lineinfile:
-    line: '{{ jail_safename.stdout }} { host.hostname = "{{ hostname }}"; path = "{{ ezjail_jaildir }}/{{ name }}"; ip4.addr += "{{ ip_address|join(",") }}"; exec.clean; exec.system_user = "root"; exec.jail_user = "root"; exec.start += "/bin/sh /etc/rc"; exec.stop = ""; exec.consolelog = "/var/log/jail/{{ jail_safename.stdout }}"; mount.devfs; mount.fstab = "/etc/fstab.{{ jail_safename.stdout }}"; allow.set_hostname = 0; allow.sysvipc = 0; allow.raw_sockets = 0; jid = {{ jid }} ; }'
-    state: present
-    regexp: '^\s*{{ jail_safename.stdout }}\s*\{'
-    dest: /etc/jail.conf
-    create: yes
+    dest: "{{ ezjail_conf_dir }}/{{ name }}"
+    regexp: "^export jail_{{ name }}_hostname="
+    line: 'export jail_{{ name }}_hostname="{{ hostname }}"'
+  when: jail_created|changed
+
+- name: check if the jail is running
+  shell: "jls -j {{ name }} > /dev/null 2>&1"
+  ignore_errors: True
+  register: jail_running
+
+- name: start the jail
+  command: "ezjail-admin start {{ name }}"
+  when: jail_running|failed
+
+# vim:ts=2:sw=2:noai:nosi