yaazkal.bastille

Panoramica Versioni Approfondimenti

ansible-role-bastille

An Ansible role to set up a server as a BastilleBSD host for running container-based jails in FreeBSD.

This role is still being developed. Currently, it assumes the use of the local network interface. Use it at your own risk.

How to Install This Role

Run ansible-galaxy install yaazkal.bastille on your machine. After that, add the role to your own playbook (see example below).

Requirements

  • A supported version of FreeBSD. Check the supported releases.
  • Python is required on the target machine.
  • It's recommended to have ca_root_nss, especially on FreeBSD 11.4 (which is end-of-life), to avoid issues when installing a custom Bastille version from a GitHub tag.

Role Variables

Here are the variables you can set and their default values. You can set these in your host_vars or in your host configuration (see example).

Variable Default Value Description
bastille_version If set, installs this specific version (tag) from the Bastille repository instead of the package version.
bastille_prefix /usr/local/bastille Directory where jails, releases, templates, backups, etc. are stored.
bastille_zfs_enable Set to YES to enable ZFS features (recommended).
bastille_zfs_zpool The ZFS pool where Bastille will keep its files and jails.
bastille_timezone Etc/UTC
bastille_ext_if vtnet0 External network interface.
bastille_releases 13.2-RELEASE List of releases available for creating jails.
bastille_templates List of Git repositories where jail templates are stored. These will be available for jails.
bastille_jails List of jails to create. Check the example for options.

Dependencies

None required.

Example Playbook

Here’s an example of what a playbook could look like:

# File name: bastille_provision.yml
- name: "Initial system configuration"
  hosts: bastille
  roles:
    - yaazkal.bastille

Here’s how an inventory file might look (this example changes all default variables):

# File name: hosts.yml
bastille:
  hosts:
    example.com:
      ansible_user: root
      bastille_version: "0.9.20210714"
      bastille_timezone: "America/Bogota"
      bastille_zfs_enable: "YES"
      bastille_zfs_zpool: "zroot"
      bastille_ext_if: "vtnet0"
      bastille_releases:
        - 13.2-RELEASE
        - 12.4-RELEASE
      bastille_templates:
        - https://gitlab.com/bastillebsd-templates/nginx
        - https://github.com/yaazkal/bastille-postgres
      bastille_jails:
        - name: defaultjail
          release: 13.2-RELEASE
          ip: 10.17.89.1
          templates:
            - "bastillebsd-templates/nginx"
        - name: thickjail
          release: 13.2-RELEASE
          ip: 10.17.89.2
          options: -T

Then you can run:

ansible-playbook -i hosts.yml bastille_provision.yml

License

BSD 3-Clause. See LICENSE file for details.

Author Information

@yaazkal - Juan David Hurtado G.

Informazioni sul progetto

Helps configure a server as a BastilleBSD host

role bastille bastillebsd freebsd jails
Installa
ansible-galaxy install yaazkal.bastille
GitHub repository
26 stelle
9 fork
4 problemi aperti
Licenza
bsd-3-clause
Download
101
Proprietario
Juan David Hurtado G
Photographer, engineer or entrepreneur are just words. More than that, I'm not my professions.