Hi all,
Just shipped two releases of ansible-jailexec, a connection plugin that runs tasks inside FreeBSD jails via jexec on the jail host, so you don’t need (and usually don’t want) direct SSH into the jails themselves.
1.1.0 is a ground-up refactor. The plugin now subclasses ansible.plugins.connection.ssh.Connection and merges the live ssh plugin’s options into its own at import time. That means every SSH option like ansible_ssh_port, ansible_ssh_private_key_file, ansible_ssh_common_args, ControlPersist, jump hosts, password_mechanism, and anything newer ansible-core adds, works without the plugin needing to know about it. Roughly a quarter of the old code, stricter input validation (jail names + traversal checks), single-round-trip put_file, lazy jail-root probe, full unit test suite with 100% coverage, Bandit in CI. Tested against ansible-core 2.14 through 2.20.
1.2.0 adds ansible_jail_root, an inventory-level override for the jail’s on-host filesystem path. The default probe (jls -j path) is fine for vanilla jails, but returns something unhelpful for nested or VNET setups. The override sidesteps that.
- Source / issues: GitHub - chofstede/ansible_jailexec: Ansible Connection Plugin for FreeBSD Jails via jexec · GitHub
- License: BSD-2-Clause
Happy to hear bug reports, edge cases, or interest in bundling this into a collection.