once playbooks are used, we can't override configurations

[igalic]

my config right now looks like. in etc/ploy.conf i have:

[ansible]
ansible-become = yes
ansible-become-method = sudo
become = yes
become-method = sudo

[plain-instance:meenix]
host = meenix

[ez-master:jailhost]
instance = meenix
user = freebsd
sudo = yes
bootstrap-fingerprint = 24:d0:a1:37:38:88:5e:ac:c0:e7:bf:31:40:75:63:0f
ploy_ezjail_install_release = 11.0-RELEASE

My jailhost.yml looks equally desperate:

---

- hosts: jailhost
  user: freebsd
  sudo: yes
  roles:
    - dhcp_host
    - jails_host

  tasks:
    - name: ensure ZFS file systems are in place
      zfs: name={{ item }} state=present mountpoint=/{{ item }}
      with_items:
      - tank/www.devops.reise
      - tank/www.eena.me
      tags: zfs-layout

it doesn't matter what i try, as soon as i start using playbooks, i get this error when installing ezjail:

(bsdploy)  bsdploy  ~/s/m/meenix  ploy configure jailhost 
INFO: Using playbook at '/home/igalic/src/me/meenix/jailhost.yml'.

PLAY [jailhost] *************************************************************** 

GATHERING FACTS *************************************************************** 
ok: [jailhost]

TASK: [dhcp_host | Create dhclient-exit-hooks] ******************************** 
ok: [jailhost]

TASK: [jails_host | bind host sshd to primary ip] ***************************** 
ok: [jailhost]

TASK: [jails_host | Enable ntpd in rc.conf] *********************************** 
ok: [jailhost]

TASK: [jails_host | Disable public use of ntpd] ******************************* 
ok: [jailhost]

TASK: [jails_host | Check for old ipnat_rules setting] ************************ 
skipping: [jailhost]

TASK: [jails_host | Remove ipfilter from rc.conf] ***************************** 
ok: [jailhost]

TASK: [jails_host | Remove ipfilter_rules from rc.conf] *********************** 
ok: [jailhost]

TASK: [jails_host | Remove ipmon from rc.conf] ******************************** 
ok: [jailhost]

TASK: [jails_host | Remove ipmon_flags from rc.conf] ************************** 
ok: [jailhost]

TASK: [jails_host | Remove ipnat from rc.conf] ******************************** 
ok: [jailhost]

TASK: [jails_host | Remove ipnat_rules from rc.conf] ************************** 
ok: [jailhost]

TASK: [jails_host | Enable pf in rc.conf] ************************************* 
ok: [jailhost]

TASK: [jails_host | Check for /etc/pf.conf] *********************************** 
ok: [jailhost]

TASK: [jails_host | Default pf.conf] ****************************************** 
skipping: [jailhost]

TASK: [jails_host | Stat of /dev/pf] ****************************************** 
ok: [jailhost]

TASK: [jails_host | Checking pf] ********************************************** 
skipping: [jailhost]

TASK: [jails_host | Setup pf.conf] ******************************************** 
ok: [jailhost]

TASK: [jails_host | Reload pf.conf] ******************************************* 
skipping: [jailhost]

TASK: [jails_host | Enable gateway in rc.conf] ******************************** 
ok: [jailhost]

TASK: [jails_host | Setup cloned interfaces] ********************************** 
ok: [jailhost]

TASK: [jails_host | Enable security.jail.allow_raw_sockets] ******************* 
ok: [jailhost]

TASK: [jails_host | Enable security.jail.sysvipc_allowed] ********************* 
ok: [jailhost]

TASK: [jails_host | Ensure helper packages are installed (using http proxy)] *** 
skipping: [jailhost]

TASK: [jails_host | Ensure helper packages are installed] ********************* 
failed: [jailhost] => (item=ezjail) => {"failed": true, "item": "ezjail"}
msg: Could not update catalogue

FATAL: all hosts have already failed -- aborting
(bsdploy)  bsdploy  ~/s/m/meenix 

even tho ezjail is already installed:

root@meenix:~ # pkg info ezjail
ezjail-3.4.2
Name           : ezjail
Version        : 3.4.2
Installed on   : Fri Mar 10 20:16:05 2017 UTC
Origin         : sysutils/ezjail
Architecture   : freebsd:11:x86:64
Prefix         : /usr/local
Categories     : sysutils
Licenses       : 
Maintainer     : erdgeist@erdgeist.org
WWW            : http://erdgeist.org/arts/software/ezjail/
Comment        : Framework to easily create, manipulate, and run FreeBSD jails
Annotations    :
        repo_type      : binary
        repository     : FreeBSD
Flat size      : 118KiB
Description    :
This port contains two scripts to easily create, manipulate and run
FreeBSD jails.

WWW: http://erdgeist.org/arts/software/ezjail/
root@meenix:~ # 

[igalic]

i "fixed" this by toor, which now gets us to the next error:

TASK: [jails_host | Initialize ezjail (may take a while)] ********************* 
failed: [jailhost] => {"changed": true, "cmd": ["ezjail-admin", "install", "-h", "ftp.freebsd.org", "-r", "11.0-RELEASE-p8"], "delta": "0:00:11.189656", "end": "2017-03-11 22:32:05.887704", "rc": 1, "start": "2017-03-11 22:31:54.698048", "warnings": []}
stderr: fetch: ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/11.0-RELEASE-p8/base.txz: File unavailable (e.g., file not found, no access)
fetch: ftp://ftp.freebsd.org/pub/FreeBSD/snapshot/amd64/amd64/11.0-RELEASE-p8/base.txz: File unavailable (e.g., file not found, no access)
fetch: ftp://ftp.freebsd.org/pub/FreeBSD/amd64/amd64/11.0-RELEASE-p8/base.txz: File unavailable (e.g., file not found, no access)
fetch: ftp://ftp.freebsd.org/releases/amd64/amd64/11.0-RELEASE-p8/base.txz: File unavailable (e.g., file not found, no access)
fetch: ftp://ftp.freebsd.org/snapshots/amd64/amd64/11.0-RELEASE-p8/base.txz: File unavailable (e.g., file not found, no access)
fetch: ftp://ftp.freebsd.org/pub/FreeBSD-Archive/old-releases/amd64/amd64/11.0-RELEASE-p8/base.txz: File unavailable (e.g., file not found, no access)

Could not fetch base from ftp://ftp.freebsd.org.
  Maybe your release (11.0-RELEASE-p8) is specified incorrectly or the host ftp.freebsd.org does not provide that release build.
  Use the -r option to specify an existing release or the -h option to specify an alternative ftp server.
stdout: Querying your ftp-server... The ftp server you specified (ftp.freebsd.org) seems to provide the following builds:
lrwxr-xr-x    1 ftp      ftp            18 Nov 12  2014 10.1-RELEASE -> amd64/10.1-RELEASE
lrwxr-xr-x    1 ftp      ftp            18 Aug 12  2015 10.2-RELEASE -> amd64/10.2-RELEASE
lrwxr-xr-x    1 ftp      ftp            18 Mar 28  2016 10.3-RELEASE -> amd64/10.3-RELEASE
lrwxr-xr-x    1 ftp      ftp            18 Oct 19 16:05 11.0-RELEASE -> amd64/11.0-RELEASE
lrwxr-xr-x    1 ftp      ftp            17 Jul 11  2014 9.3-RELEASE -> amd64/9.3-RELEASE
-rw-r--r--    1 ftp      ftp           637 Nov 23  2005 README.TXT
drwxr-xr-x    8 ftp      ftp             8 Oct 19 16:47 amd64

FATAL: all hosts have already failed -- aborting

so, we can generalize this to: once playbooks are used, all the host's settings in ploy.conf is ignored, and there's no way override them in the $playbook.yml

[igalic]

next finding:

ploy configure -e ploy_ezjail_install_release=11.0-RELEASE jailhost 

works when nothing else thus far has…

[fschulze]

We haven't tested/documented using non-root users with sudo/su, unfortunately you are on your own if you use that. All facilities needed should exist though. We gladly accept improvements of the documentation in that regard.

The ploy_ezjail_install_release=11.0-RELEASE thing is an ezjail issue/feature, it doesn't recognize release names automatically once there is a patch level.

[igalic]

i am now stuck on the next issue of deploying a jail:

~/s/m/meenix  ploy configure i_eena_me -e ploy_ezjail_install_release=11.0-RELEASE
INFO: Using playbook at '/home/igalic/src/me/meenix/jailhost-i_eena_me.yml'.
ERROR: AnsibleError: file could not read: /home/igalic/src/me/meenix/roles/infopro-digital.apache/tasks/setup-{{ ansible_os_family }}.yml
(bsdploy)  bsdploy  ǃ  ~/s/m/meenix 

---
- hosts: jailhost-i_eena_me
  roles:
    - infopro-digital.apache

[fschulze]

Where is the role from? It uses the ansible_os_family variable which doesn't seem to be set. I don't think this is related to bsdploy, but purely an Ansible related problem.

[igalic]

this role is from the galaxy, it was the only FreeBSD compatible apache role i could find _

[fschulze]

If all the files from the github repo are there, then you might have to set ansible_os_family = FreeBSD in ploy.conf.

[igalic]

i did this, but i might have made the mistake of setting it on instance level:

[ez-instance:i_eena_me]
ansible_os_family = FreeBSD
master = jailhost
ip = 10.0.0.2
mounts =
    src=/tank/i.eena.me dst=/usr/local/www/data ro=true

should this go into a different [context]?

---

it works when passing it as -e parameter

---

except, now, i'm missing package cuz that's an ansible 2.x thing… this is really going great ;)

[fschulze]

Does /home/igalic/src/me/meenix/roles/infopro-digital.apache/tasks/setup-FreeBSD.yml exist? Maybe it's getting the path wrong?

[igalic]

nope, everything is perfect now
except for the fact that i have to pass a bunch of variables which should've been autodiscovered, or at least in a config file

[fschulze]

As I said, improvements to the documentation are welcome.

[igalic]

uhm… yeah, so, i've restarted the whole process and i'm using root for the sake of simplicity, and now i'm getting

(bsdploy)  bsdploy  ǃ  ~/s/m/meenix  ploy configure i_eena_me -e ansible_os_family=FreeBSD                                          (1) (300ms) 
INFO: Using playbook at '/home/igalic/src/me/meenix/jailhost-i_eena_me.yml'.

PLAY [jailhost-i_eena_me] ***************************************************** 

GATHERING FACTS *************************************************************** 
nohup: redirecting stderr to stdout
/usr/local/bin/python2.7: Command not found.
fatal: [jailhost-i_eena_me] => Couldn't open execnet channel for 'ez-instance:i_eena_me': connexion already closed: <Gateway id='gw0' not-receiving, thread model, 0 active channels>

TASK: [infopro-digital.apache | APACHE | Include OS-specific variables] ******* 
FATAL: no hosts matched or all hosts have already failed -- aborting

Unhandled exception in thread started by <bound method Transport.__bootstrap of <paramiko.Transport at 0x81e62250L (cipher aes128-ctr, 128 bits) (connected; awaiting auth)>>
Traceback (most recent call last):
  File "/usr/lib/python2.7/threading.py", line 774, in __bootstrap
(bsdploy)  bsdploy  ~/s/m/meenix  

because, apparently, the basejail doesn't contain python??

maybe i should open a new issue for this ^ cuz, i honestly don't even know what this issue is about anymore xD

[fschulze]

For ansible to work properly, you need python2.7 installed in jails. It can't be installed in the basejail. Normally with bsdploy a default startupscript is used for jails which installs python.

[igalic]

this jail had been created with ploy start
but it didn't have python installed, or a default router in place, for that matter, and only 8.8.8.8 in resolv.conf. so the only thing that seems to have worked properly was setting the ip, hostname and the ssh keys

btw, sorry for dragging this issue out so much, usually i would have seemed help in irc, but, the freebsd boxes im fiddling with used to run my irc server.

[fschulze]

Could you try following the bsdploy quickstart guide using a VM and see if it works there? bsdploy makes quite a few assumptions of which a few are setup by the bootstrap command and most by the jailhost rule. On an existing box and if you deviate from the path described in quickstart this may cause trouble like you experienced. Trying everything first in a VM helps understanding everything.

[igalic]

@fschulze i've looked at bsdploy's digitalocean fabfile, and it seems i should have pretty much everything (there are some missing parts here ployground/bsdploy#101)
so i don't understand why the jails come up without packages installed

[fschulze]

Can you try running ploy debug -v <jailname> to see if the startup script contains python27 installation? In the jail you can also check /var/log/startup.log to see what happened during startup if the default script was used.

[tomster]

another cause for this symptom that i have encountered is that pf needs to be restarted for the jails to have network access.

currently, the bsdploy flavour requires network access during creation of the jail (namely to install python27).

ideally, that package would already reside in the basejail and could then be installed without going over the wire during first startup of the jail.

i just never got around to implementing it because all hosts that i use bsdploy on have a fat pipe, so the pain isn't big enough to make me implement it :)

HTH

[igalic]

@tomster see ployground/bsdploy#102