I like Postfix. I’ve been a fan of it for over 20 years. I deployed it on every host for outgoing email. Lately, I’ve taken to using dma (DragonFly Mail Agent) as my preferred mail handler on jails and hosts which don’t need to deal with incoming mail, only outgoing mail. After first getting serious with it about 6 months ago, I decided to remove it from all internal hosts during the consolidation […]
Replacing postfix with dma Read More »
While I was moving jails from one host to another, I decided to start using /etc/jail.conf.d/. The idea is each jail gets its own configuration file in that directory, instead of using /etc/jail.conf. In this post: FreeBSD 13.1 But first, you should know Let’s get some things out in the open before you jump into the change. The main advantage of /etc/jail.conf.d/ is each jail gets its own configuration file. Easy to find.
Ansible playbook for FreeBSD jail.conf.d Read More »
I was doing some work in a remote location with a laggy connection to home. I was running ansible and kept encountering these errors: fatal: [pg01]: FAILED! => {“failed”: true, “msg”: “Timeout (12s) waiting for privilege escalation prompt: “} Rerunning the script would encounter the same error in a different part of the script. After an error-free run I concluded it was my dodgy connection; ansible was waiting for a reply from my
ansible: Timeout waiting for privilege escalation prompt Read More »
In this post, I will use boot environments to upgrade an existing FreeBSD 9.3 to FreeBSD 10.1, and I will do this from within a chroot. Why? Because I can. You might want to read about my previous attempt and one or two, actually three, things I did to get ready for this. In the following commands, I clone the existing running environment to 10.1-RELEASE, then I mount it to /mnt, chroot into
Upgrading from FreeBSD 9.3 to FreeBSD 10.1 using beadm and freebsd-update Read More »
Last night, this worked fine. This morning, it fails: # ansible-playbook jail-mailjail.yml PLAY [mailjails] ************************************************************** GATHERING FACTS *************************************************************** failed: [mailjail.example.org] => {“failed”: true, “parsed”: false} invalid output was: Sorry, try again. Sorry, try again. Sorry, try again. sudo: 3 incorrect password attempts TASK: [pkg | install pkg] ***************************************************** FATAL: no hosts matched or all hosts have already failed — aborting PLAY RECAP ******************************************************************** to retry, use: –limit @/root/jail-mailjail.retry mailjail.example.org : ok=0 changed=0 unreachable=0
When ssh and ansible play poorly together Read More »
Background I was asked to comment on the following: Our software is built and maintained by about 20 engineers, and runs in production on dozens of servers in a remote data center. One problem we frequently face is identity and access management on these servers – our engineers occasionally need to directly access the servers (via SSH) to debug an issue or perform maintenance, but often find that their key is not installed
ssh key management Read More »
A few days I configured a new server to be an Ansible node. This will allow my Ansible configuration tool to configure and install software. Installing Ansible and getting it running is not covered by the post. All I show here is how I got a remote server ready to be configured by Ansible. The server in question was running FreeBSD 9.2 with ZFSRoot. Preparing the client for configuration by Ansible Key to
Bootstrapping a new FreeBSD jail host as an Ansible node Read More »
Over the past few weeks, I worked with two different configuration tools: Salt and Ansible. I started working with Salt. I quickly created a setup for a Salt server and for a Salt minion. The modules I saw looked great. However, I had consistently had trouble converting from the documentation to a practical usage. The examples provided always seemed to be CLI. Taking that and converting it to a SLS file caused me
Ansible versus Salt Read More »