Most configuration management tools still assume they own the target. Ansible ships Python modules over the wire and runs them in place. Salt wants a minion on every host. Chef wants a client, Puppet wants an agent. Jails break that assumption in a satisfying way. A FreeBSD jail is supposed to be small - sometimes a single static binary, an rc.d script, and a few lines in rc.conf. Installing Python into every jail just so Ansible can run its setup module is, to borrow a phrase, the tail wagging the dog. I already wrote about a workaround for Ansible: the jailexec connection plugin, which SSHes to the jail host and uses jexec to tunnel commands into each jail. It works, and I still reach for it when I already have an Ansible setup. But many Ansible modules assume Python on the target, so in practice some of those jails still end up growing a Python interpreter. Then I tried cdist, and everything got smaller. Table of Contents Table of Contents What cdist Actually Is The Two Hooks That…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.