[ENHANCEMENT] template for Master Host

[kkalev]

Hello and thank you for your excellent work on BastilleBSD.

The template feature is quite compact and feature full in order to facilitate the initial setup of a Container (jail). It would be truly helpful if the administrator was able to leverage the feature in order to setup the Jailhost Master as well. Otherwise, one must use one solution (Puppet/Ansible) for the jailhost and another for the jails themselves.

My suggestion is to add a MASTER target in the "bastille template" command that would run the template on the jail host itself.

As a result my ideal action plan (in a virtualized environment) would be as follows:

1. Burn an OVA file using FreeBSD Cooker: https://github.com/aduitsis/freebsd-cooker
2. Deploy a thin puppet manifest/ansible playbook for an initial jail setup of the bastille pkg etc
3. Bootstrap and run a 'Server' template on the jailhost
4. Bootstrap FreeBSD release for containers
5. Create Container
6. Bootstrap a Template stack for the relevant container, ie 'Server' -> APM (Apache-PHP-MariaDB) -> 'Web Hoster' (include ProFTPd etc).

If the 3rd step was not available in Bastille the administrator would have to implement it in Ansible/Puppet (and have to learn and use both such a tool as well as templates for the jails themselves).

[yaazkal]

Let me add that step 2 is actually against what you are proposing. I mean, you still use a 3rd party software.

Not sure if this is in the scope of the bastille project but maybe ansible/puppet playbooks from the community will not harm. This could be an starting point https://github.com/yaazkal/ansible-role-bastille

[kkalev]

Ansible/puppet playbooks are basically needed only as a first step during/after cooking the FreeBSD OVA image in order to add ssh keys/bastille pkg etc.

Beyond that my need (and the reason for the request) is that I would prefer to only setup/maintain Bastille templates (for both the Jailhost and Jails) instead of both Ansible playbooks and Bastille templates.

For instance, both the Jailhost and the jails would need a basic server setup template (which would function as a first step in a template stack for more advanced jail setups for specific services). It seems an overkill to maintain basically the same commands/files/templates in two different formats/forms.

Thanks for the link.

[yaazkal]

I get your point, but anyway for a "master template" or an autoconfiguration command like bastille install for the host, ansible/puppet is not needed. I think that can be done easily but I don't think that an external dependency will have a home here at least at this stage of the project. At this time that ansible playbook is the closest to what you are looking for.

[kkalev]

Maybe I did not state my requirements clearly enough. I do not want Bastille to run any ansible/puppet playbooks.

What I want is in a plain vanilla FreeBSD Jailhost, after bastille installation to be able to run a template (Bastillefile) for the jailhost itself so that I only need to maintain (and learn) bastille templates and nothing more.

[yaazkal]

yes, you were very clear.

I'm just saying that for that feature you are requesting, the way of doing it will be just an sh script rather than adding a dependency to the project.

[kkalev]

That dependency being?

[hackacad]

Maybe I did not state my requirements clearly enough. I do not want Bastille to run any ansible/puppet playbooks.

What I want is in a plain vanilla FreeBSD Jailhost, after bastille installation to be able to run a template (Bastillefile) for the jailhost itself so that I only need to maintain (and learn) bastille templates and nothing more.

I think we mixed up multiple feature requests. The function you'd like to see is simply bastille template HOST khalev/webserver right? The using Bastille for handling both host and jail? Bastille was made for managing jails/containers. Not sure if anyone thought about using it to manage the host...

[kkalev]

I did :)

My use case is rather simple: Say I install FreeBSD into a new Jailhost and bastille through pkg. Afterwards I 'd like to setup a container for (say) providing a web site using Apache+PHP+MariaDB.

For the Container part I will setup a stack of templates, one for "general server setup" and one for the Apache, PHP, MariaDB setup.

The "general server setup" template will do some very simple tasks such as:

• Add git, net-snmp, rsync, vim, openldap-client
• Add a few ssh keys in authorized keys for root
• Enable snmpd service
• Setup snmpd, ldap configuration files

These are exactly the same tasks I would like to perform on the Jailhost itself. If bastille was able to run the template of the Jailhost I would be able to leverage templates for the complete setup of all my infrastructure layers. Otherwise I would need to do exactly the same tasks using another mechanism on the jailhosts such as an Ansible playbook. Given that the templates are more than powerful for most tasks I find it truly convenient to leverage them for Jailhost setup as well.

[yaazkal]

oh, so effectively I did not get your point in your first message @kkalev I though you talked about a template for configuring your server as a bastille host.

Now, as it is doable let me suggest to not go that way. First because is out of bastille scope and second because I guess is best practice to keep all in jails... at least is why I'm using them.

[tobiastom]

I have been struggling with the "host" part as well. I ended up keeping Ansible to setup new servers.

The playbook includes a role to initialise Bastille and generate shell files for each jail I defined on that particular server. After that I run the shell scripts and my jails are created automatically, through Ansible.

I quite like the separation as it leaves the configuring job to Ansible, and the jail part to Bastille. Using the right tool for the right job.

That said, right now I'm also missing a feature to execute commands inside the host system e.g. to create directories that will be used inside mount points. I described that here a little bit. Maybe that wold also solve the requirement @kkalev has.

[cedwards]

I like the idea of host automation using simple Bastillefile syntax.

Give me a little time to think about what implementation I prefer. Thank you for the suggestion.

[bmac2]

This has been completed with the rocinante templates that allow you to apply templates and configurethe host itself. There are several templates for the host itself already created for examples. Closing as completed.

[tobiastom]

@bmac2 could you please help me finding a link where this has been documented?

[tobiastom]

Just found out about the mentioned rocinante and I agree that this resolves this issue. I'll create a new one for my mentioned use case.