Quick start guide
For the users who want to try the role quickly, this guide provides an example of how to install, configure and run Poudriere
Install the role vbotka.freebsd_poudriere
and the collections
shell> ansible-galaxy role install vbotka.freebsd_poudriere
shell> ansible-galaxy collection install community.crypto
shell> ansible-galaxy collection install community.general
Create the playbook pb.yml
for single host build.example.com (3)
1shell> cat pb.yml
2---
3- hosts: build.example.com
4 become: true
5 roles:
6 - vbotka.freebsd_poudriere
Customize variables. Disable the installation of packages (3). Configure web-server certificate (6-9), repository signing key (12-13) and parameters of Poudriere (16-40). Create the list of architectures the packages will be built for (43) and configure make (46-52). Fit the configuration to your needs.
1shell> cat host_vars/build.example.com/poudriere.yml
2---
3poudriere_install: false
4
5# cert
6poudriere_cert_cn: build.example.com
7poudriere_cert_key: "{{ poudriere_ssl_dir }}/private/{{ poudriere_cert_cn }}.key"
8poudriere_cert_csr: "{{ poudriere_ssl_dir }}/csr/{{ poudriere_cert_cn }}.csr"
9poudriere_cert_path: "{{ poudriere_ssl_dir }}/certs/{{ poudriere_cert_cn }}.crt"
10
11# key
12poudriere_key_crt: "{{ poudriere_ssl_dir }}/crt/{{ poudriere_cert_cn }}-sk.crt"
13poudriere_conf_pkg_repo_signing_key: "{{ poudriere_ssl_dir }}/private/{{ poudriere_cert_cn }}-sk.key"
14
15# conf
16poudriere_conf_template: poudriere.conf2.j2
17poudriere_conf_url_base: http://build.example.com
18poudriere_conf_no_zfs: "no"
19poudriere_conf_zpool: zroot
20poudriere_conf_use_tmpfs: "no"
21poudriere_conf_data:
22 ZPOOL: "{{ poudriere_conf_zpool }}"
23 NO_ZFS: "{{ poudriere_conf_no_zfs }}"
24 ZROOTFS: "{{ poudriere_conf_zrootfs }}"
25 FREEBSD_HOST: "{{ poudriere_conf_freebsd_host }}"
26 RESOLV_CONF: "{{ poudriere_conf_resolv_conf }}"
27 BASEFS: "{{ poudriere_conf_basefs }}"
28 SVN_HOST: "{{ poudriere_conf_svn_host }}"
29 POUDRIERE_DATA: "{{ poudriere_conf_poudriere_data }}"
30 USE_PORTLINT: "{{ poudriere_conf_use_portlint }}"
31 USE_TMPFS: "{{ poudriere_conf_use_tmpfs }}"
32 DISTFILES_CACHE: "{{ poudriere_conf_distfiles_cache }}"
33 PKG_REPO_SIGNING_KEY: "{{ poudriere_conf_pkg_repo_signing_key }}"
34 URL_BASE: "{{ poudriere_conf_url_base }}"
35 CHECK_CHANGED_OPTIONS: "{{ poudriere_conf_check_changed_options }}"
36 CHECK_CHANGED_DEPS: "{{ poudriere_conf_check_changed_deps }}"
37 NOLINUX: "yes"
38 USE_COLORS: "yes"
39 PRESERVE_TIMESTAMP: "yes"
40 BUILDER_HOSTNAME: "build"
41
42# architecture
43poudriere_pkg_arch: [amd64]
44
45# make
46poudriere_make_conf:
47 - "OPTIONS_UNSET+=\t\t\tDOCS NLS X11 EXAMPLES"
48 - "OPTIONS_UNSET+=\t\t\tGSSAPI_BASE KRB_BASE KERBEROS"
49 - "OPTIONS_SET+=\t\t\tGSSAPI_NONE KRB_NONE"
50 - "DEFAULT_VERSIONS+=\t\temacs=nox"
51 - "DEFAULT_VERSIONS+=\t\tphp=7.4"
52 - "DEFAULT_VERSIONS+=\t\tssl=openssl"
Create lists of the ports
1shell> cat host_vars/build.example.com/pkg_dict.yml
2---
3pkg_dict_amd64:
4 - pkglist: minimal
5 packages:
6 - shells/bash
7 - devel/git
8 - archivers/gtar
9 - ports-mgmt/pkg
10 - ports-mgmt/portmaster
11 - ports-mgmt/portupgrade
12 - net/rsync
13 - ftp/wget
14 - pkglist: ansible
15 packages:
16 - sysutils/ansible
17 - sysutils/py-ansible-lint
18 - sysutils/py-ansible-runner
Test syntax
shell> ansible-playbook pb.yml --syntax-check
playbook: pb.yml
Display the included variables. Enable debug poudriere_debug=true
1shell> ansible-playbook pb.yml -t poudriere_debug -e poudriere_debug=true
2
3PLAY [build.example.com] *******************************************************************************
4
5TASK [Gathering Facts] *********************************************************************************
6ok: [build.example.com]
7
8TASK [vbotka.freebsd_poudriere : Poudriere Debug] ************************************************************************************
9ok: [build.example.com] =>
10 msg:
11 - ansible_architecture [amd64]
12 - ansible_os_family [FreeBSD]
13 - ansible_distribution [FreeBSD]
14 - ansible_distribution_major_version [12]
15 - ansible_distribution_version [12.2]
16 - ansible_distribution_release [12.2-RELEASE]
17 - ansible_python_version [3.7.9]
18 - ''
19 - freebsd_install_method [packages]
20 - freebsd_use_packages [True]
21 - freebsd_install_retries [3]
22 - freebsd_install_delay [5]
23 - ''
24 - poudriere_install [False]
25 - poudriere_dirs [True]
26 - poudriere_key [True]
27 - poudriere_cert [False]
28 - poudriere_conf [True]
29 - poudriere_pkglists [True]
30 - poudriere_options [False]
31 - poudriere_make [True]
32 - poudriere_backup_conf [True]
33 - ''
34 - poudriere_packages
35 - '- ports-mgmt/poudriere'
36 - '- ports-mgmt/portmaster'
37 - '- devel/ccache'
38 - ''
39 - poudriere_packages_cert
40 - '- security/py-openssl'
41 - '- security/py-acme-tiny'
42 - ''
43 - poudriere_owner [root]
44 - poudriere_group [wheel]
45 - poudriere_mode [0644]
46 - poudriere_mode_dir [0755]
47 - poudriere_dirs [True]
48 - poudriere_ssl_dir [/usr/local/etc/ssl]
49 - poudriere_ssl_dir_mode [0755]
50 - poudriere_ssl_private_dir [/usr/local/etc/ssl/private]
51 - poudriere_ssl_private_dir_mode [0700]
52 - poudriere_ssl_private_key_mode [0600]
53 - poudriere_ssl_dirs
54 - '- /usr/local/etc/ssl'
55 - '- /usr/local/etc/ssl/crt'
56 - '- /usr/local/etc/ssl/csr'
57 - ''
58 - poudriere_key [True]
59 - poudriere_key_size [4096]
60 - poudriere_key_type [RSA]
61 - poudriere_key_cmd [openssl rsa -in /usr/local/etc/ssl/private/build.example.com-sk.key -pubout -out /usr/local/etc/ssl/crt/build.example.com-sk.crt]
62 - poudriere_key_crt [/usr/local/etc/ssl/crt/build.example.com-sk.crt]
63 - poudriere_conf_PKG_REPO_SIGNING_KEY [/usr/local/etc/ssl/private/build.example.com-sk.key]
64 - ''
65 - poudriere_cert [False]
66 - poudriere_cert_cn [build.example.com]
67 - poudriere_cert_key [/usr/local/etc/ssl/private/build.example.com.key]
68 - poudriere_cert_csr [/usr/local/etc/ssl/csr/build.example.com.csr]
69 - poudriere_cert_path [/usr/local/etc/ssl/certs/build.example.com.crt]
70 - ''
71 - poudriere_conf [True]
72 - poudriere_conf_file [/usr/local/etc/poudriere.conf]
73 - poudriere_conf_template [poudriere.conf2.j2]
74 - poudriere_conf_dir [/usr/local/etc/poudriere.d]
75 - poudriere_conf_dirs
76 - '- dir: /usr/ports/distfiles'
77 - ' group: wheel'
78 - ' mode: ''0755'''
79 - ' owner: root'
80 - ''
81 - poudriere_conf_zpool [zroot]
82 - poudriere_conf_no_zfs [no]
83 - poudriere_conf_zrootfs [/poudriere]
84 - poudriere_conf_freebsd_host [https://download.freebsd.org]
85 - poudriere_conf_resolv_conf [/etc/resolv.conf]
86 - poudriere_conf_basefs [/usr/local/poudriere]
87 - poudriere_conf_svn_host [svn.FreeBSD.org]
88 - poudriere_conf_poudriere_data [/usr/local/poudriere/data]
89 - poudriere_conf_use_portlint [no]
90 - poudriere_conf_use_tmpfs [no]
91 - poudriere_conf_distfiles_cache [/usr/ports/distfiles]
92 - poudriere_conf_url_base [http://build.example.com/]
93 - poudriere_conf_check_changed_options [verbose]
94 - poudriere_conf_check_changed_deps [yes]
95 - poudriere_conf_data
96 - 'BASEFS: /usr/local/poudriere'
97 - 'BUILDER_HOSTNAME: build'
98 - 'CHECK_CHANGED_DEPS: ''yes'''
99 - 'CHECK_CHANGED_OPTIONS: verbose'
100 - 'DISTFILES_CACHE: /usr/ports/distfiles'
101 - 'FREEBSD_HOST: https://download.freebsd.org'
102 - 'NOLINUX: ''yes'''
103 - 'NO_ZFS: ''no'''
104 - 'PKG_REPO_SIGNING_KEY: /usr/local/etc/ssl/private/build.example.com-sk.key'
105 - 'POUDRIERE_DATA: /usr/local/poudriere/data'
106 - 'PRESERVE_TIMESTAMP: ''yes'''
107 - 'RESOLV_CONF: /etc/resolv.conf'
108 - 'SVN_HOST: svn.FreeBSD.org'
109 - 'URL_BASE: http://build.example.com/'
110 - 'USE_COLORS: ''yes'''
111 - 'USE_PORTLINT: ''no'''
112 - 'USE_TMPFS: ''no'''
113 - 'ZPOOL: zroot'
114 - 'ZROOTFS: /poudriere'
115 - ''
116 - poudriere_pkglists [True]
117 - poudriere_pkglist_dir [/usr/local/etc/poudriere.d/pkglist]
118 - poudriere_pkg_arch [amd64]
119 - ''
120 - poudriere_options [False]
121 - poudriere_make [True]
122 - poudriere_make_file [/usr/local/etc/poudriere.d/make.conf]
123 - poudriere_make_conf
124 - '- "OPTIONS_UNSET+=\t\t\tDOCS NLS X11 EXAMPLES"'
125 - '- "OPTIONS_UNSET+=\t\t\tGSSAPI_BASE KRB_BASE KERBEROS"'
126 - '- "OPTIONS_SET+=\t\t\tGSSAPI_NONE KRB_NONE"'
127 - '- "DEFAULT_VERSIONS+=\t\temacs=nox"'
128 - '- "DEFAULT_VERSIONS+=\t\tphp=7.4"'
129 - '- "DEFAULT_VERSIONS+=\t\tssl=openssl"'
130 - ''
131
132PLAY RECAP *********************************************************************************************
133build.example.com: ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Configure ZFS
<TBD>
Install packages. Enable the installation poudriere_install=true
1shell> ansible-playbook pb.yml -t poudriere_packages -e poudriere_install=true
2
3PLAY [build.example.com] ********************************************************************************
4
5TASK [Gathering Facts] **********************************************************************************
6ok: [build.example.com]
7
8TASK [vbotka.freebsd_poudriere : Poudriere Debug] *******************************************************
9skipping: [build.example.com]
10
11TASK [vbotka.freebsd_poudriere : packages: Install poudriere packages] **********************************
12ok: [build.example.com]
13
14TASK [vbotka.freebsd_poudriere : packages: Install poudriere ports] *************************************
15skipping: [build.example.com] => (item=ports-mgmt/poudriere)
16skipping: [build.example.com] => (item=ports-mgmt/portmaster)
17skipping: [build.example.com] => (item=devel/ccache)
18
19TASK [vbotka.freebsd_poudriere : packages: Install packages to create certificate] **********************
20ok: [build.example.com]
21
22TASK [vbotka.freebsd_poudriere : packages: Install ports to create certificate] *************************
23skipping: [build.example.com] => (item=security/py-openssl)
24skipping: [build.example.com] => (item=security/py-acme-tiny)
25
26PLAY RECAP **********************************************************************************************
27build.example.com : ok=3 changed=0 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0
Create directories
1shell> ansible-playbook pb.yml -t poudriere_dirs
2
3PLAY [build.example.com] *******************************************************************************
4
5TASK [Gathering Facts] *********************************************************************************
6ok: [build.example.com]
7
8TASK [vbotka.freebsd_poudriere : Poudriere Debug] ******************************************************
9skipping: [build.example.com]
10
11TASK [vbotka.freebsd_poudriere : dirs: Create SSL directories] *****************************************
12ok: [build.example.com] => (item=/usr/local/etc/ssl)
13ok: [build.example.com] => (item=/usr/local/etc/ssl/crt)
14ok: [build.example.com] => (item=/usr/local/etc/ssl/csr)
15
16TASK [vbotka.freebsd_poudriere : dirs: Create SSL directory /usr/local/etc/ssl/private mode 0700] ******
17ok: [build.example.com]
18
19PLAY RECAP *********************************************************************************************
20build.example.com: ok=5 changed=3 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
Generate signing key
1shell> ansible-playbook pb.yml -t poudriere_key
2
3PLAY [build.example.com] *******************************************************************************
4
5TASK [Gathering Facts] *********************************************************************************
6ok: [build.example.com]
7
8TASK [vbotka.freebsd_poudriere : Poudriere Debug] ******************************************************
9skipping: [build.example.com]
10
11TASK [vbotka.freebsd_poudriere : key: Generate signing key /usr/local/etc/ssl/private/build.example.com-sk.key]
12changed: [build.example.com]
13
14TASK [vbotka.freebsd_poudriere : key: Generate signing crt /usr/local/etc/ssl/crt/build.example.com-sk.crt]
15changed: [build.example.com]
16
17PLAY RECAP *********************************************************************************************
18build.example.com: ok=1 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
1shell> tree /usr/local/etc/ssl/
2/usr/local/etc/ssl/
3|-- cert.pem
4|-- cert.pem.sample -> ../../share/certs/ca-root-nss.crt
5|-- certs
6|-- crt
7| `-- build.example.com-sk.crt
8|-- csr
9`-- private
10 `-- build.example.com-sk.key
Generate certificate for the web server. Enable the generation poudriere_cert=true
(default=false)
1shell> ansible-playbook pb.yml -t poudriere_cert -e poudriere_cert=true
2
3PLAY [build.example.com] *******************************************************************************
4
5TASK [Gathering Facts] *********************************************************************************
6ok: [build.example.com]
7
8TASK [vbotka.freebsd_poudriere : Poudriere Debug] ******************************************************
9skipping: [build.example.com]
10
11TASK [vbotka.freebsd_poudriere : cert: Generate private key /usr/local/etc/ssl/private/build.example.com.key]
12changed: [build.example.com]
13
14TASK [vbotka.freebsd_poudriere : cert: Generate csr /usr/local/etc/ssl/csr/build.example.com.csr] ******
15changed: [build.example.com]
16
17TASK [vbotka.freebsd_poudriere : cert: Generate crt /usr/local/etc/ssl/certs/build.example.com.crt] ****
18changed: [build.example.com]
19
20PLAY RECAP *********************************************************************************************
21build.example.com: ok=1 changed=3 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
1shell> tree /usr/local/etc/ssl/
2/usr/local/etc/ssl/
3|-- cert.pem
4|-- cert.pem.sample -> ../../share/certs/ca-root-nss.crt
5|-- certs
6| `-- build.example.com.crt
7|-- crt
8| `-- build.example.com-sk.crt
9|-- csr
10| `-- build.example.com.csr
11`-- private
12 |-- build.example.com-sk.key
13 `-- build.example.com.key
Configure poudriere
1shell> ansible-playbook pb.yml -t poudriere_conf
2
3PLAY [build.example.com] *******************************************************************************
4
5TASK [Gathering Facts] *********************************************************************************
6ok: [build.example.com]
7
8TASK [vbotka.freebsd_poudriere : Poudriere Debug] ******************************************************
9skipping: [build.example.com]
10
11TASK [vbotka.freebsd_poudriere : conf: Create directories] *********************************************
12ok: [build.example.com] => (item=/usr/ports/distfiles)
13
14TASK [vbotka.freebsd_poudriere : conf: Configure /usr/local/etc/poudriere.conf] ************************
15changed: [build.example.com]
16
17PLAY RECAP *********************************************************************************************
18build.example.com: ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
1shell> cat /usr/local/etc/poudriere.conf
2# Ansible managed
3
4ZPOOL=zroot
5NO_ZFS=no
6ZROOTFS=/poudriere
7FREEBSD_HOST=https://download.freebsd.org
8RESOLV_CONF=/etc/resolv.conf
9BASEFS=/usr/local/poudriere
10SVN_HOST=svn.FreeBSD.org
11POUDRIERE_DATA=/usr/local/poudriere/data
12USE_PORTLINT=no
13USE_TMPFS=no
14DISTFILES_CACHE=/usr/ports/distfiles
15PKG_REPO_SIGNING_KEY=/usr/local/etc/ssl/private/build.example.com-sk.key
16URL_BASE=http://build.example.com/
17CHECK_CHANGED_OPTIONS=verbose
18CHECK_CHANGED_DEPS=yes
19NOLINUX=yes
20USE_COLORS=yes
21PRESERVE_TIMESTAMP=yes
22BUILDER_HOSTNAME=build
23
24# EOF
Create directories (22-23) and create the lists of the ports (37-39)
1shell> ansible-playbook pb.yml -t poudriere_pkglists
2
3PLAY [build.example.com] **********************************************************************************************
4
5TASK [Gathering Facts] ************************************************************************************************
6ok: [build.example.com]
7
8TASK [vbotka.freebsd_poudriere : Poudriere Debug] *********************************************************************
9skipping: [build.example.com]
10
11TASK [vbotka.freebsd_poudriere : pkglists: Create list of packages] ***************************************************
12included: /export/home/vlado.config/.ansible/roles/vbotka.freebsd_poudriere/tasks/pkglist.yml for build.example.com
13
14TASK [vbotka.freebsd_poudriere : conf: Create list _pkg_dict] *********************************************************
15ok: [build.example.com] => (item=minimal)
16ok: [build.example.com] => (item=ansible)
17
18TASK [vbotka.freebsd_poudriere : conf: Debug _pkg_dict] ***************************************************************
19skipping: [build.example.com]
20
21TASK [vbotka.freebsd_poudriere : conf: Create directories /usr/local/etc/poudriere.d/pkglist_amd64] *******************
22changed: [build.example.com] => (item=/usr/local/etc/poudriere.d/pkglist_amd64)
23changed: [build.example.com] => (item=/usr/local/etc/poudriere.d/pkglist_amd64.disabled)
24
25TASK [vbotka.freebsd_poudriere : conf: Remove lists of packages from /usr/local/etc/poudriere.d/pkglist_amd64] ********
26skipping: [build.example.com] => (item=minimal)
27skipping: [build.example.com] => (item=ansible)
28
29TASK [vbotka.freebsd_poudriere : conf: Create lists of packages in /usr/local/etc/poudriere.d/pkglist_amd64.disabled] *
30skipping: [build.example.com] => (item=minimal)
31skipping: [build.example.com] => (item=ansible)
32
33TASK [vbotka.freebsd_poudriere : conf: Remove lists of packages from /usr/local/etc/poudriere.d/pkglist_amd64.disabled]
34ok: [build.example.com] => (item=minimal)
35ok: [build.example.com] => (item=ansible)
36
37TASK [vbotka.freebsd_poudriere : conf: Create lists of packages in /usr/local/etc/poudriere.d/pkglist_amd64] **********
38changed: [build.example.com] => (item=minimal)
39changed: [build.example.com] => (item=ansible)
40
41PLAY RECAP ************************************************************************************************************
42build.example.com: ok=6 changed=2 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
1shell> tree /usr/local/etc/poudriere.d/
2/usr/local/etc/poudriere.d/
3|-- pkglist_amd64
4| |-- ansible
5| `-- minimal
6`-- pkglist_amd64.disabled
7
8shell> cat /usr/local/etc/poudriere.d/pkglist_amd64/ansible
9sysutils/ansible
10sysutils/py-ansible-lint
11sysutils/py-ansible-runner
12
13shell> cat /usr/local/etc/poudriere.d/pkglist_amd64/minimal
14shells/bash
15devel/git
16archivers/gtar
17ports-mgmt/pkg
18ports-mgmt/portmaster
19ports-mgmt/portupgrade
20net/rsync
21ftp/wget
Configure make
1shell> ansible-playbook pb.yml -t poudriere_make
2
3PLAY [build.example.com] *******************************************************************************
4
5TASK [Gathering Facts] *********************************************************************************
6ok: [build.example.com]
7
8TASK [vbotka.freebsd_poudriere : Poudriere Debug] ******************************************************
9skipping: [build.example.com]
10
11TASK [vbotka.freebsd_poudriere : conf: Configure /usr/local/etc/poudriere.d/make.conf] *****************
12changed: [build.example.com]
13
14PLAY RECAP *********************************************************************************************
15build.example.com: ok=1 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
1shell> cat /usr/local/etc/poudriere.d/make.conf
2# Ansible managed
3OPTIONS_UNSET+= DOCS NLS X11 EXAMPLES
4OPTIONS_UNSET+= GSSAPI_BASE KRB_BASE KERBEROS
5OPTIONS_SET+= GSSAPI_NONE KRB_NONE
6DEFAULT_VERSIONS+= emacs=nox
7DEFAULT_VERSIONS+= php=7.2
8DEFAULT_VERSIONS+= ssl=openssl
The role is idempotent. At this point, Poudriere is installed, configured and ready to build the packages. There should be no changes reported when the playbook is run repeatedly with the same data
shell> ansible-playbook pb.yml
Build the packages. Login into the host build.example.com and proceed according the Poudriere documentation , e.g.
shell> poudriere jail -c -j 12amd64 -v 12.2-RELEASE
shell> poudriere ports -c -p local
shell> poudriere bulk -j 12amd64 -p local -z devel \
-f /usr/local/etc/poudriere.d/pkglist_amd64/minimal