Update jail config syntax, add fstab handling
This commit is contained in:
parent
b2c8144b84
commit
3923c72bb9
5 changed files with 93 additions and 40 deletions
|
|
@ -35,40 +35,41 @@ ansible_roles_path: /usr/local/etc/ansible/roles
|
|||
|
||||
default_timezone: Europe/Budapest
|
||||
|
||||
jail_default_config_opts: |
|
||||
mount.devfs=4;
|
||||
devfs_ruleset=4;
|
||||
enforce_statfs=2;
|
||||
host=new;
|
||||
ip4=disable;
|
||||
ip6=disable;
|
||||
securelevel=-1;
|
||||
sysvmsg=disable;
|
||||
sysvsem=disable;
|
||||
sysvshm=disable;
|
||||
allow.nochflags;
|
||||
allow.nomount;
|
||||
allow.mount.nodevfs;
|
||||
allow.mount.nofdescfs;
|
||||
allow.mount.nolinprocfs;
|
||||
allow.mount.nolinsysfs;
|
||||
allow.mount.nonullfs;
|
||||
allow.mount.noprocfs;
|
||||
allow.mount.notmpfs;
|
||||
allow.mount.nozfs;
|
||||
allow.noquotas;
|
||||
allow.noraw_sockets;
|
||||
allow.noset_hostname;
|
||||
allow.nosocket_af;
|
||||
allow.nosysvipc;
|
||||
children.max=0;
|
||||
host.domainname="";
|
||||
host.hostid=0;
|
||||
ip4.saddrsel;
|
||||
ip6.addr="";
|
||||
ip6.saddrsel;
|
||||
exec.start="/bin/sh /etc/rc";
|
||||
exec.stop="/bin/sh /etc/rc.shutdown";
|
||||
jail_default_config_opts:
|
||||
mount.devfs: 4
|
||||
devfs_ruleset: 4
|
||||
enforce_statfs: 2
|
||||
host: new
|
||||
ip4: disable
|
||||
ip6: disable
|
||||
securelevel: -1
|
||||
sysvmsg: disable
|
||||
sysvsem: disable
|
||||
sysvshm: disable
|
||||
allow.chflags: false
|
||||
allow.mount: false
|
||||
allow.mount.devfs: false
|
||||
allow.mount.fdescfs: false
|
||||
allow.mount.linprocfs: false
|
||||
allow.mount.linsysfs: false
|
||||
allow.mount.nullfs: false
|
||||
allow.mount.procfs: false
|
||||
allow.mount.tmpfs: false
|
||||
allow.mount.zfs: false
|
||||
allow.quotas: false
|
||||
allow.raw_sockets: false
|
||||
allow.set_hostname: false
|
||||
allow.socket_af: false
|
||||
allow.sysvipc: false
|
||||
children.max: 0
|
||||
host.domainname: ''
|
||||
host.hostid: 0
|
||||
ip4.saddrsel: ''
|
||||
ip6.addr: ''
|
||||
ip6.saddrsel: ''
|
||||
exec.start: /bin/sh /etc/rc
|
||||
exec.stop: /bin/sh /etc/rc.shutdown
|
||||
|
||||
|
||||
# DONT'T USE JAIL SPECIFIC VARIABLE VARIABLE ASSIGNMENTS HERE !!! ANSIBLE CAN'T RESOLVE THEM
|
||||
jail_name: MODIFY_ME
|
||||
|
|
|
|||
|
|
@ -39,4 +39,27 @@
|
|||
command:
|
||||
/usr/sbin/tzsetup
|
||||
-C {{ vars['jail_' + jail_name + '_new_path'] }}
|
||||
{{ vars['jail_' + jail_name + '_timezone'] }}
|
||||
{{ vars['jail_' + jail_name + '_timezone'|default(vars['default_timezone'])] }}
|
||||
|
||||
- name: Create config dir for jail
|
||||
file:
|
||||
path: '{{ dynamic_jails_path }}/configs/{{ vars["jail_" + jail_name + "_newest_id"] }}'
|
||||
state: directory
|
||||
|
||||
- name: Templating fstab for jail
|
||||
template:
|
||||
src: fstab.j2
|
||||
dest: '{{ dynamic_jails_path }}/configs/{{ vars["jail_" + jail_name + "_newest_id"] }}/fstab'
|
||||
register: fstab_init_result
|
||||
failed_when: false
|
||||
ignore_errors: yes
|
||||
changed_when: fstab_init_result|succeeded
|
||||
|
||||
- name: Adding fstab to jail startup
|
||||
set_fact:
|
||||
'jail_{{ jail_name }}_config_opts': >-
|
||||
{{ vars["jail_" + jail_name + "_config_opts"]|default({})|combine(
|
||||
{'mount.fstab':
|
||||
dynamic_jails_path + '/configs/' + vars['jail_' + jail_name + '_newest_id'] + '/fstab'}
|
||||
)}}
|
||||
when: fstab_init_result|changed
|
||||
|
|
|
|||
|
|
@ -12,6 +12,11 @@
|
|||
jail_{{ jail_name }}_is_new_created: false
|
||||
jail_{{ jail_name }}_existing_dirs: '{{ dirs_found.files | map(attribute="path") | map("basename") | sort(reverse=True) }}'
|
||||
|
||||
- name: Ensure config directory exists for the generated jails
|
||||
file:
|
||||
path: '{{ dynamic_jails_path }}/configs'
|
||||
state: directory
|
||||
|
||||
|
||||
- block:
|
||||
- include: '{{ vars["jail_" + jail_name + "_include_createnew_precreate"] | default(jail_include_noop) }}'
|
||||
|
|
|
|||
|
|
@ -16,7 +16,29 @@
|
|||
|
||||
- name: Formatting jail.conf options for {{ vars['jail_' + jail_name + '_newest_id'] }}
|
||||
set_fact:
|
||||
'{{ "jail_" + jail_name + "_formatted_options" }}': "{{ '\n '.join((vars['jail_' + jail_name + '_config_opts']|default(jail_default_config_opts)).split('\n')) }}"
|
||||
_iter_config_opts: >-
|
||||
{{
|
||||
jail_default_config_opts | combine(
|
||||
vars["jail_" + jail_name + "_config_opts"] |default({})
|
||||
)
|
||||
}}
|
||||
_iter_config_lines: []
|
||||
|
||||
- name: Converting config dict into config lines
|
||||
set_fact:
|
||||
_iter_config_lines: >-
|
||||
{{ _iter_config_lines }} + {{
|
||||
['%s = %s;'|format(
|
||||
item.key,
|
||||
'"%s"'|format(item.value) if item.value is string else
|
||||
item.value|ternary('"true"', '"false"') if item.value.__class__.__name__ == 'bool' else item.value
|
||||
)]
|
||||
}}
|
||||
with_dict: '{{ _iter_config_opts }}'
|
||||
|
||||
- name: Flattening config into one variable
|
||||
set_fact:
|
||||
_iter_flattened_config: "{{ _iter_config_lines|join('\n ') }}"
|
||||
|
||||
- name: Writing config block for {{ vars['jail_' + jail_name + '_newest_id'] }} into /etc/jail.conf
|
||||
blockinfile:
|
||||
|
|
@ -28,11 +50,9 @@
|
|||
block: |
|
||||
{{ vars['jail_' + jail_name + '_newest_id'] }} {
|
||||
path="{{ vars['jail_' + jail_name + '_new_path']|quote }}";
|
||||
host.hostname={{ vars['jail_' + jail_name + '_newest_id'] }};
|
||||
host.hostname="{{ vars['jail_' + jail_name + '_newest_id'] }}";
|
||||
ip4.addr="lo0|{{ vars['jail_' + jail_name + '_new_ip'] }}";
|
||||
{{
|
||||
vars["jail_" + jail_name + "_formatted_options"]
|
||||
}}
|
||||
{{ _iter_flattened_config }}
|
||||
}
|
||||
|
||||
- name: Starting jail
|
||||
|
|
|
|||
|
|
@ -45,3 +45,7 @@
|
|||
insertbefore: '^# vim: syn=conf$'
|
||||
marker: '# {mark} ANSIBLE MANAGED BLOCK: {{ jail_id }}'
|
||||
|
||||
- name: Delete config dir for jail
|
||||
file:
|
||||
path: '{{ dynamic_jails_path }}/configs/{{ jail_id }}'
|
||||
state: absent
|
||||
|
|
|
|||
Loading…
Reference in a new issue