Ansible includes a module to manage FreeBSD packages, if you’re using the forthcoming pkgng packaging system. The Ansible module isn’t complete yet, but as Ansible is moving really quickly, I’m pretty confident their FreeBSD support will grow additional knobs. As pkgng is increasingly close to production, and the PC-BSD folks have generously offered their 64-bit pkgng repository available to the public, this seems like a good time to make the move.
But I’m not about to make this change manually. Bootstrapping pkgng isn’t difficult, but I have a great big heap of FreeBSD VMs and I have other things I’d like to accomplish this month. Therefore, I’m bootstrapping my ability to manage FreeBSD packages via Ansible, with Ansible.
Before starting, you need an Ansible server and a pkgng repo.
All of my FreeBSD servers run 9.1, updated via freebsd-update. If you come across this article years later, adjust accordingly.
My Ansible server runs OpenBSD, and the OpenBSD ansible package has problems managing anything other than OpenBSD. I generically recommend running Ansible out of git.
You also need a pkgng repository. The official repository is in closed testing, but many FreeBSD developers are using it successfully. PC-BSD has made their 64-bit repository available to all FreeBSD users. And many people have built their own repository. Thanks to my awesome Twitter stalkers minions followers, I have access to more than one private repository. This example assumes you’re using the 64-bit-only PC-BSD repository.
Configure the pkgng repo in pkg.site. I keep my FreeBSD configuration files in /home/ansible/freebsd/etc/, so I make a /home/ansible/freebsd/etc/pkg.site that contains only:
packagesite: http://pkg.cdn.pcbsd.org/9.1-RELEASE/amd64
PUBKEY: /usr/local/etc/pkg-pubkey.cert
PKG_CACHEDIR: /usr/local/tmp
I also need the current PC-BSD public key, saved as pkg-pubkey.cert
With these two files and an Ansible install, we’re ready to deploy on the Ansible group freebsd-test. Here’s the runbook.
---
- hosts: freebsd-test
user: ansible
sudo: yes
tasks:
- name: install pkg tools
action: command pkg_add -r pkg
#do you need a proxy? Put it here
# environment:
# ftp_proxy: http://proxy.michaelwlucas.com:8080
- name: edit /etc/make.conf
action: shell echo "WITH_PKGNG=YES" >> /etc/make.conf
- name: convert package database
action: shell pkg2ng
#I have typed pkg_add for 18 years, and my fingers no longer listen to
#my brain. Disable pkg_* commands for safety
- name: disable pkg_ commands
action: shell chmod -x /usr/sbin/pkg_*
- name: install pkg.conf
action: copy src=/home/ansible/freebsd/etc/pkg.conf
dest=/usr/local/etc/pkg.conf owner=root group=wheel mode=0644
#skip this if you're using a non-PCBSD repo
- name: install pc-bsd pgp key
action: copy src=/home/ansible/freebsd/etc/pkg-pubkey.cert
dest=/usr/local/etc/pkg-pubkey.cert owner=root group=wheel mode=0644
#ansible pkg does not have upgrade command yet
#use shell to trigger upgrade
#pkgng package in pkg-old is always out of date, upgrade it
- name: upgrade pkg pkg
action: command pkg upgrade -qy
#do you need a proxy? Put it here
# environment:
# ftp_proxy: http://proxy.michaelwlucas.com:8080
This takes a while to run.
Before deploying, test. Test again. And run your conversion in batches, so that you don’t scramble several hundred virtual machines simultaneously. Because that would really suck. Fortunately, by changing the group at the top of the playbook or specifying a new inventory file, you can batch these changes easily.
Hi,
I’ve taken a look at these repo’s from PC-BSD, and although they seem to include almost everything, I can’t find how to setup an Apache22 server with mod_php (any version of php). If I install php55, I only get the cli, not the module for apache. How do you install the module?
Frederqiue, this is why: http://blather.michaelwlucas.com/archives/1395