mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
406683383e
`ezjail-admin` had been spewing every filename copied into the jail onto stderr, making the `ansible-test -v` logs hard to scroll through. Changed it so that ezjail output only shows up in the ansible task logs if `ansible_verbosity > 1` (`-vv...`). Full `ezjail-admin` output is always logged to `/tmp/ezjail.log`.
96 lines
2.4 KiB
YAML
96 lines
2.4 KiB
YAML
---
|
|
#
|
|
# Instructions for setting up a jail
|
|
# https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-ezjail.html
|
|
#
|
|
- name: Setup cloned interfaces
|
|
lineinfile:
|
|
dest: /etc/rc.conf
|
|
regexp: ^cloned_interfaces=lo1
|
|
line: cloned_interfaces=lo1
|
|
|
|
- name: Activate cloned interfaces
|
|
command: "service netif cloneup"
|
|
changed_when: false
|
|
|
|
- name: Add nat rule for cloned interfaces
|
|
copy:
|
|
dest: /etc/pf.conf
|
|
content: |
|
|
nat on {{ ansible_default_ipv4.interface }} from 127.0.1.0/24 -> {{ ansible_default_ipv4.interface }}:0
|
|
validate: "pfctl -nf %s"
|
|
|
|
- name: Start pf firewall
|
|
service:
|
|
name: pf
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Install ezjail
|
|
pkgng:
|
|
name: ezjail
|
|
|
|
- name: Configure ezjail to use http
|
|
when: ansible_distribution_version is version('11.01', '>')
|
|
lineinfile:
|
|
dest: /usr/local/etc/ezjail.conf
|
|
regexp: ^ezjail_ftphost
|
|
line: ezjail_ftphost=http://ftp.freebsd.org
|
|
|
|
- name: Configure ezjail to use archive for old freebsd releases
|
|
when: ansible_distribution_version is version('11.01', '<=')
|
|
lineinfile:
|
|
dest: /usr/local/etc/ezjail.conf
|
|
regexp: ^ezjail_ftphost
|
|
line: ezjail_ftphost=http://ftp-archive.freebsd.org
|
|
|
|
- name: Start ezjail
|
|
ignore_errors: yes
|
|
service:
|
|
name: ezjail
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Redirect logs depending on verbosity
|
|
set_fact:
|
|
pkgng_jail_log_redirect: "2>&1 | tee -a /tmp/ezjail.log {{ '> /dev/null' if ansible_verbosity < 2 else '' }}"
|
|
|
|
- name: Has ezjail
|
|
register: ezjail_base_jail
|
|
stat:
|
|
path: /usr/jails/basejail
|
|
|
|
- name: Setup ezjail base
|
|
when: not ezjail_base_jail.stat.exists
|
|
shell: "ezjail-admin install {{ pkgng_jail_log_redirect }}"
|
|
changed_when: false
|
|
|
|
- name: Has testjail
|
|
register: ezjail_test_jail
|
|
stat:
|
|
path: /usr/jails/testjail
|
|
|
|
- name: Create testjail
|
|
when: not ezjail_test_jail.stat.exists
|
|
shell: "ezjail-admin create testjail 'lo1|127.0.1.1' {{ pkgng_jail_log_redirect }}"
|
|
changed_when: false
|
|
|
|
- name: Configure testjail to use Cloudflare DNS
|
|
lineinfile:
|
|
dest: /usr/jails/testjail/etc/resolv.conf
|
|
regexp: "^nameserver[[:blank:]]+{{ item }}$"
|
|
line: "nameserver {{ item }}"
|
|
create: yes
|
|
loop:
|
|
- "1.1.1.1"
|
|
- "1.0.0.1"
|
|
|
|
- name: Is testjail running
|
|
shell: "jls | grep testjail"
|
|
changed_when: false
|
|
failed_when: false
|
|
register: is_testjail_up
|
|
|
|
- name: Start testjail
|
|
when: is_testjail_up.rc == 1
|
|
command: "ezjail-admin start testjail"
|