From c6f2fd36e0a8188e1f6b2a15b292e3d0a5610ac4 Mon Sep 17 00:00:00 2001 From: Albert Cervin Date: Sun, 19 Mar 2023 17:18:01 +0100 Subject: =?UTF-8?q?=F0=9F=8E=89=20Initial=20commit=20of=20infra?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/jailhost/handlers/main.yml | 9 ++++++ roles/jailhost/tasks/main.yml | 64 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 roles/jailhost/handlers/main.yml create mode 100644 roles/jailhost/tasks/main.yml (limited to 'roles/jailhost') diff --git a/roles/jailhost/handlers/main.yml b/roles/jailhost/handlers/main.yml new file mode 100644 index 0000000..4177d4c --- /dev/null +++ b/roles/jailhost/handlers/main.yml @@ -0,0 +1,9 @@ +- name: restart netif + service: + name: netif + state: restarted + +- name: restart routing + service: + name: routing + state: restarted diff --git a/roles/jailhost/tasks/main.yml b/roles/jailhost/tasks/main.yml new file mode 100644 index 0000000..a26351b --- /dev/null +++ b/roles/jailhost/tasks/main.yml @@ -0,0 +1,64 @@ +- name: create jails dataset + community.general.zfs: + name: poolen/jails + state: present + extra_zfs_properties: + mountpoint: /usr/local/jails + +- name: create jails tank dataset + community.general.zfs: + name: poolen/jails/tank + state: present + +- name: create base jail dataset + community.general.zfs: + name: poolen/jails/base + state: present + +- name: install base jail + shell: | + set -e + bsdinstall checksum || echo 'checksums failed' + bsdinstall distextract || echo 'distextract failed' + bsdinstall config || error 'failed to save config' + + bsdinstall entropy + environment: + BSDINSTALL_CHROOT: "/usr/local/jails/base" + DISTRIBUTIONS: "base.txz" + nonInteractive: "YES" + args: + creates: "/usr/local/jails/base/bin" + +- name: configure base jail + shell: | + cp /etc/resolv.conf /usr/local/jails/base/etc/ + cp /etc/localtime /usr/local/jails/base/etc/ + cp /var/db/zoneinfo /usr/local/jails/base/var/db/ + args: + creates: "/usr/local/jails/base/etc/resolv.conf" + +- name: apply updates for base jail + ansible.builtin.shell: | + freebsd-update -b /usr/local/jails/base fetch + freebsd-update -b /usr/local/jails/base install + register: result_update + failed_when: result_update.rc != 0 and result_update.rc != 2 + changed_when: result_update.rc != 2 + +- name: determine patch level of base jail + shell: /usr/local/jails/base/bin/freebsd-version -u + register: patch_level + environment: + ROOT: /usr/local/jails/base + +- name: snapshot the base jail + community.general.zfs: + name: "poolen/jails/base@{{ patch_level.stdout }}" + state: present + +- name: set patch level as fact + ansible.builtin.set_fact: + base_jail_patch_level: "{{ patch_level.stdout }}" + cacheable: yes + -- cgit v1.2.3