BSDploy – FreeBSD jail provisioning¶
Its main design goal is to lower the barrier to repeatable jail setups.
Instead of performing updates on production hosts you are encouraged to update the description of your setup, test it against an identically configured staging scenario until it works as expected and then apply the updated configuration to production with confidence.
- provision complete jail hosts from scratch
- describe one or more jail hosts and their jails in a canonical configuration
- declarative configuration – apply Ansible playbooks to hosts and jails
- imperative maintenance – run Fabric scripts against hosts and jails
- configure ZFS pools and filesystems with whole-disk-encryption
- modular provisioning with plugins for VirtualBox and Amazon EC2 and an architecture to support more.
How it works¶
BSDploy takes the shape of a commandline tool by the name of
ploy which is installed on a so-called control host (typically your laptop or desktop machine) with which you then control one or more target hosts. The only two things installed on target hosts by BSDploy are Python and
ezjail – everything else stays on the control host.
Here’s what an abbreviated bootstrapping session of a simple website inside a jail on an Amazon EC2 instance could look like:
# ploy start ec-instance [...] # ploy configure jailhost [...] # ploy start webserver [...] # ploy configure webserver [...] # ploy do webserver upload_website
Best of both worlds¶
Combining a declarative approach for setting up the initial state of a system with an imperative approach for providing maintenance operations on that state has significant advantages:
- Since the imperative scripts have the luxury of running against a well-defined context, you can keep them short and concise without worrying about all those edge cases.
- And since the playbooks needn’t concern themselves with performing updates or other tasks you don’t have to litter them with awkward states such as
updatedor – even worse – with non-states such as
Under the hood¶
BSDploy’s scope is quite ambitious, so naturally it does not attempt to do all of the work on its own. In fact, BSDPloy is just a fairly thin, slightly opinionated wrapper around existing excellent tools.
- Client requirements
- Server requirements
- Client Installation
A more in-depth tutorial than the quickstart.
How to setup a host from scratch or make an existing one ready for BSDploy:
- Provisioning plain instances
- Provisioning VirtualBox instances
- Provisioning Amazon EC2 instances
- Configuring a jailhost
How to create and manage jails once the host is set up:
Special use cases¶
Code and issues are hosted at github:
The project is licensed under the Beerware license.
The following features already exist but still need to be documented:
- provisioning + bootstrapping
- EC2 (daemonology based)
- pre-configured SSH server keys
- jail access
- port forwarding
- public IP
- ZFS management
- Creating and restoring ZFS snapshots
- poudriere support
- Upgrading strategies
- ‘vagrant mode’ (use - virtualized - jails as development environment)
The following features don’t exist yet but should eventually :)
- OS installers
- support vmware explicitly (like virtualbox)?