I would appreciate if Ansible development team support FreeBSD jails in system modules (cron, user, group, service). The idea is to add a parameter ‘wrapper’ exec command where necessary - jexec or just chroot, the second parameter will be ‘rootdir’ to specify the root path to jail.

Example of service module:
service: name=nginx state=started rootdir={{ rootdir }} wrapper=‘{{ wrapper }}’

Ansible user would write “wrapper” himself. Example of “wrapper”:

#!/usr/local/bin/python

-- coding: utf-8 --

import sys,os,subprocess,re

len(sys.argv) > 2 or sys.exit(‘Number of arguments must be > 2’)
jname = sys.argv[1]
exestr = ‘’
jid = 0
ret = -1

exestr = ’ '.join(sys.argv[2:])

def runProcess(exe):
p = subprocess.Popen(exe, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
retcode = p.wait()
if retcode: sys.exit(ret)
return p.stdout.readlines()

for line in runProcess(‘jls’):
line = line.strip()
if re.match(‘JID’, line): continue
m = line.split()
if m[2] == jname:
jid = m[0]
break

if jid > 0:
status = os.system(‘echo '’ + exestr + ‘' | jexec ’ + jid + ’ sh’)

ret = os.WEXITSTATUS(status)
if ret is None: ret = 0

sys.exit(ret)

I wrote forks of these system modules (cron, user, group, service), but I would like not to patch ansible when version is up. So I could push my pieces of code to Ansible git and someone will merge it.

We have a jails connection plugin that removes the need to support
jails in every possible module.

It’s local connector, but we need remote jail connector. Example is BSDploy, but it use ezjail which is not a part of FreeBSD base system. I continue to argue It’s very good deal to expand jail support for system modules.