Quick start guide

For the users who want to try the role quickly, this guide provides an example of how to install, configure and run Poudriere

Install the role vbotka.freebsd_poudriere and the collections

shell> ansible-galaxy role install vbotka.freebsd_poudriere
shell> ansible-galaxy collection install community.crypto
shell> ansible-galaxy collection install community.general

Create the playbook pb.yml for single host build.example.com (3)

1shell> cat pb.yml
2---
3- hosts: build.example.com
4  become: true
5  roles:
6    - vbotka.freebsd_poudriere

Customize variables. Disable the installation of packages (3). Configure web-server certificate (6-9), repository signing key (12-13) and parameters of Poudriere (16-40). Create the list of architectures the packages will be built for (43) and configure make (46-52). Fit the configuration to your needs.

 1shell> cat host_vars/build.example.com/poudriere.yml
 2---
 3poudriere_install: false
 4
 5# cert
 6poudriere_cert_cn: build.example.com
 7poudriere_cert_key: "{{ poudriere_ssl_dir }}/private/{{ poudriere_cert_cn }}.key"
 8poudriere_cert_csr: "{{ poudriere_ssl_dir }}/csr/{{ poudriere_cert_cn }}.csr"
 9poudriere_cert_path: "{{ poudriere_ssl_dir }}/certs/{{ poudriere_cert_cn }}.crt"
10
11# key
12poudriere_key_crt: "{{ poudriere_ssl_dir }}/crt/{{ poudriere_cert_cn }}-sk.crt"
13poudriere_conf_pkg_repo_signing_key: "{{ poudriere_ssl_dir }}/private/{{ poudriere_cert_cn }}-sk.key"
14
15# conf
16poudriere_conf_template: poudriere.conf2.j2
17poudriere_conf_url_base: http://build.example.com
18poudriere_conf_no_zfs: "no"
19poudriere_conf_zpool: zroot
20poudriere_conf_use_tmpfs: "no"
21poudriere_conf_data:
22  ZPOOL: "{{ poudriere_conf_zpool }}"
23  NO_ZFS: "{{ poudriere_conf_no_zfs }}"
24  ZROOTFS: "{{ poudriere_conf_zrootfs }}"
25  FREEBSD_HOST: "{{ poudriere_conf_freebsd_host }}"
26  RESOLV_CONF: "{{ poudriere_conf_resolv_conf }}"
27  BASEFS: "{{ poudriere_conf_basefs }}"
28  SVN_HOST: "{{ poudriere_conf_svn_host }}"
29  POUDRIERE_DATA: "{{ poudriere_conf_poudriere_data }}"
30  USE_PORTLINT: "{{ poudriere_conf_use_portlint }}"
31  USE_TMPFS: "{{ poudriere_conf_use_tmpfs }}"
32  DISTFILES_CACHE: "{{ poudriere_conf_distfiles_cache }}"
33  PKG_REPO_SIGNING_KEY: "{{ poudriere_conf_pkg_repo_signing_key }}"
34  URL_BASE: "{{ poudriere_conf_url_base }}"
35  CHECK_CHANGED_OPTIONS: "{{ poudriere_conf_check_changed_options }}"
36  CHECK_CHANGED_DEPS: "{{ poudriere_conf_check_changed_deps }}"
37  NOLINUX: "yes"
38  USE_COLORS: "yes"
39  PRESERVE_TIMESTAMP: "yes"
40  BUILDER_HOSTNAME: "build"
41
42# architecture
43poudriere_pkg_arch: [amd64]
44
45# make
46poudriere_make_conf:
47  - "OPTIONS_UNSET+=\t\t\tDOCS NLS X11 EXAMPLES"
48  - "OPTIONS_UNSET+=\t\t\tGSSAPI_BASE KRB_BASE KERBEROS"
49  - "OPTIONS_SET+=\t\t\tGSSAPI_NONE KRB_NONE"
50  - "DEFAULT_VERSIONS+=\t\temacs=nox"
51  - "DEFAULT_VERSIONS+=\t\tphp=7.4"
52  - "DEFAULT_VERSIONS+=\t\tssl=openssl"

Create lists of the ports

 1shell> cat host_vars/build.example.com/pkg_dict.yml
 2---
 3pkg_dict_amd64:
 4  - pkglist: minimal
 5    packages:
 6      - shells/bash
 7      - devel/git
 8      - archivers/gtar
 9      - ports-mgmt/pkg
10      - ports-mgmt/portmaster
11      - ports-mgmt/portupgrade
12      - net/rsync
13      - ftp/wget
14  - pkglist: ansible
15    packages:
16      - sysutils/ansible
17      - sysutils/py-ansible-lint
18      - sysutils/py-ansible-runner

Test syntax

shell> ansible-playbook pb.yml --syntax-check

playbook: pb.yml

Display the included variables. Enable debug poudriere_debug=true

  1shell> ansible-playbook pb.yml -t poudriere_debug -e poudriere_debug=true
  2
  3PLAY [build.example.com] *******************************************************************************
  4
  5TASK [Gathering Facts] *********************************************************************************
  6ok: [build.example.com]
  7
  8TASK [vbotka.freebsd_poudriere : Poudriere Debug] ************************************************************************************
  9ok: [build.example.com] =>
 10  msg:
 11  - ansible_architecture [amd64]
 12  - ansible_os_family [FreeBSD]
 13  - ansible_distribution [FreeBSD]
 14  - ansible_distribution_major_version [12]
 15  - ansible_distribution_version [12.2]
 16  - ansible_distribution_release [12.2-RELEASE]
 17  - ansible_python_version [3.7.9]
 18  - ''
 19  - freebsd_install_method [packages]
 20  - freebsd_use_packages [True]
 21  - freebsd_install_retries [3]
 22  - freebsd_install_delay [5]
 23  - ''
 24  - poudriere_install [False]
 25  - poudriere_dirs [True]
 26  - poudriere_key [True]
 27  - poudriere_cert [False]
 28  - poudriere_conf [True]
 29  - poudriere_pkglists [True]
 30  - poudriere_options [False]
 31  - poudriere_make [True]
 32  - poudriere_backup_conf [True]
 33  - ''
 34  - poudriere_packages
 35  - '- ports-mgmt/poudriere'
 36  - '- ports-mgmt/portmaster'
 37  - '- devel/ccache'
 38  - ''
 39  - poudriere_packages_cert
 40  - '- security/py-openssl'
 41  - '- security/py-acme-tiny'
 42  - ''
 43  - poudriere_owner [root]
 44  - poudriere_group [wheel]
 45  - poudriere_mode [0644]
 46  - poudriere_mode_dir [0755]
 47  - poudriere_dirs [True]
 48  - poudriere_ssl_dir [/usr/local/etc/ssl]
 49  - poudriere_ssl_dir_mode [0755]
 50  - poudriere_ssl_private_dir [/usr/local/etc/ssl/private]
 51  - poudriere_ssl_private_dir_mode [0700]
 52  - poudriere_ssl_private_key_mode [0600]
 53  - poudriere_ssl_dirs
 54  - '- /usr/local/etc/ssl'
 55  - '- /usr/local/etc/ssl/crt'
 56  - '- /usr/local/etc/ssl/csr'
 57  - ''
 58  - poudriere_key [True]
 59  - poudriere_key_size [4096]
 60  - poudriere_key_type [RSA]
 61  - poudriere_key_cmd [openssl rsa -in /usr/local/etc/ssl/private/build.example.com-sk.key -pubout -out /usr/local/etc/ssl/crt/build.example.com-sk.crt]
 62  - poudriere_key_crt [/usr/local/etc/ssl/crt/build.example.com-sk.crt]
 63  - poudriere_conf_PKG_REPO_SIGNING_KEY [/usr/local/etc/ssl/private/build.example.com-sk.key]
 64  - ''
 65  - poudriere_cert [False]
 66  - poudriere_cert_cn [build.example.com]
 67  - poudriere_cert_key [/usr/local/etc/ssl/private/build.example.com.key]
 68  - poudriere_cert_csr [/usr/local/etc/ssl/csr/build.example.com.csr]
 69  - poudriere_cert_path [/usr/local/etc/ssl/certs/build.example.com.crt]
 70  - ''
 71  - poudriere_conf [True]
 72  - poudriere_conf_file [/usr/local/etc/poudriere.conf]
 73  - poudriere_conf_template [poudriere.conf2.j2]
 74  - poudriere_conf_dir [/usr/local/etc/poudriere.d]
 75  - poudriere_conf_dirs
 76  - '-   dir: /usr/ports/distfiles'
 77  - '    group: wheel'
 78  - '    mode: ''0755'''
 79  - '    owner: root'
 80  - ''
 81  - poudriere_conf_zpool [zroot]
 82  - poudriere_conf_no_zfs [no]
 83  - poudriere_conf_zrootfs [/poudriere]
 84  - poudriere_conf_freebsd_host [https://download.freebsd.org]
 85  - poudriere_conf_resolv_conf [/etc/resolv.conf]
 86  - poudriere_conf_basefs [/usr/local/poudriere]
 87  - poudriere_conf_svn_host [svn.FreeBSD.org]
 88  - poudriere_conf_poudriere_data [/usr/local/poudriere/data]
 89  - poudriere_conf_use_portlint [no]
 90  - poudriere_conf_use_tmpfs [no]
 91  - poudriere_conf_distfiles_cache [/usr/ports/distfiles]
 92  - poudriere_conf_url_base [http://build.example.com/]
 93  - poudriere_conf_check_changed_options [verbose]
 94  - poudriere_conf_check_changed_deps [yes]
 95  - poudriere_conf_data
 96  - 'BASEFS: /usr/local/poudriere'
 97  - 'BUILDER_HOSTNAME: build'
 98  - 'CHECK_CHANGED_DEPS: ''yes'''
 99  - 'CHECK_CHANGED_OPTIONS: verbose'
100  - 'DISTFILES_CACHE: /usr/ports/distfiles'
101  - 'FREEBSD_HOST: https://download.freebsd.org'
102  - 'NOLINUX: ''yes'''
103  - 'NO_ZFS: ''no'''
104  - 'PKG_REPO_SIGNING_KEY: /usr/local/etc/ssl/private/build.example.com-sk.key'
105  - 'POUDRIERE_DATA: /usr/local/poudriere/data'
106  - 'PRESERVE_TIMESTAMP: ''yes'''
107  - 'RESOLV_CONF: /etc/resolv.conf'
108  - 'SVN_HOST: svn.FreeBSD.org'
109  - 'URL_BASE: http://build.example.com/'
110  - 'USE_COLORS: ''yes'''
111  - 'USE_PORTLINT: ''no'''
112  - 'USE_TMPFS: ''no'''
113  - 'ZPOOL: zroot'
114  - 'ZROOTFS: /poudriere'
115  - ''
116  - poudriere_pkglists [True]
117  - poudriere_pkglist_dir [/usr/local/etc/poudriere.d/pkglist]
118  - poudriere_pkg_arch [amd64]
119  - ''
120  - poudriere_options [False]
121  - poudriere_make [True]
122  - poudriere_make_file [/usr/local/etc/poudriere.d/make.conf]
123  - poudriere_make_conf
124  - '- "OPTIONS_UNSET+=\t\t\tDOCS NLS X11 EXAMPLES"'
125  - '- "OPTIONS_UNSET+=\t\t\tGSSAPI_BASE KRB_BASE KERBEROS"'
126  - '- "OPTIONS_SET+=\t\t\tGSSAPI_NONE KRB_NONE"'
127  - '- "DEFAULT_VERSIONS+=\t\temacs=nox"'
128  - '- "DEFAULT_VERSIONS+=\t\tphp=7.4"'
129  - '- "DEFAULT_VERSIONS+=\t\tssl=openssl"'
130  - ''
131
132PLAY RECAP *********************************************************************************************
133build.example.com: ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Configure ZFS

<TBD>

Install packages. Enable the installation poudriere_install=true

 1shell> ansible-playbook pb.yml -t poudriere_packages -e poudriere_install=true
 2
 3PLAY [build.example.com] ********************************************************************************
 4
 5TASK [Gathering Facts] **********************************************************************************
 6ok: [build.example.com]
 7
 8TASK [vbotka.freebsd_poudriere : Poudriere Debug] *******************************************************
 9skipping: [build.example.com]
10
11TASK [vbotka.freebsd_poudriere : packages: Install poudriere packages] **********************************
12ok: [build.example.com]
13
14TASK [vbotka.freebsd_poudriere : packages: Install poudriere ports] *************************************
15skipping: [build.example.com] => (item=ports-mgmt/poudriere)
16skipping: [build.example.com] => (item=ports-mgmt/portmaster)
17skipping: [build.example.com] => (item=devel/ccache)
18
19TASK [vbotka.freebsd_poudriere : packages: Install packages to create certificate] **********************
20ok: [build.example.com]
21
22TASK [vbotka.freebsd_poudriere : packages: Install ports to create certificate] *************************
23skipping: [build.example.com] => (item=security/py-openssl)
24skipping: [build.example.com] => (item=security/py-acme-tiny)
25
26PLAY RECAP **********************************************************************************************
27build.example.com : ok=3    changed=0    unreachable=0    failed=0    skipped=3    rescued=0    ignored=0

Create directories

 1shell> ansible-playbook pb.yml -t poudriere_dirs
 2
 3PLAY [build.example.com] *******************************************************************************
 4
 5TASK [Gathering Facts] *********************************************************************************
 6ok: [build.example.com]
 7
 8TASK [vbotka.freebsd_poudriere : Poudriere Debug] ******************************************************
 9skipping: [build.example.com]
10
11TASK [vbotka.freebsd_poudriere : dirs: Create SSL directories] *****************************************
12ok: [build.example.com] => (item=/usr/local/etc/ssl)
13ok: [build.example.com] => (item=/usr/local/etc/ssl/crt)
14ok: [build.example.com] => (item=/usr/local/etc/ssl/csr)
15
16TASK [vbotka.freebsd_poudriere : dirs: Create SSL directory /usr/local/etc/ssl/private mode 0700] ******
17ok: [build.example.com]
18
19PLAY RECAP *********************************************************************************************
20build.example.com: ok=5    changed=3    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0

Generate signing key

 1shell> ansible-playbook pb.yml -t poudriere_key
 2
 3PLAY [build.example.com] *******************************************************************************
 4
 5TASK [Gathering Facts] *********************************************************************************
 6ok: [build.example.com]
 7
 8TASK [vbotka.freebsd_poudriere : Poudriere Debug] ******************************************************
 9skipping: [build.example.com]
10
11TASK [vbotka.freebsd_poudriere : key: Generate signing key /usr/local/etc/ssl/private/build.example.com-sk.key]
12changed: [build.example.com]
13
14TASK [vbotka.freebsd_poudriere : key: Generate signing crt /usr/local/etc/ssl/crt/build.example.com-sk.crt]
15changed: [build.example.com]
16
17PLAY RECAP *********************************************************************************************
18build.example.com: ok=1    changed=2    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0
 1shell> tree /usr/local/etc/ssl/
 2/usr/local/etc/ssl/
 3|-- cert.pem
 4|-- cert.pem.sample -> ../../share/certs/ca-root-nss.crt
 5|-- certs
 6|-- crt
 7|   `-- build.example.com-sk.crt
 8|-- csr
 9`-- private
10    `-- build.example.com-sk.key

Generate certificate for the web server. Enable the generation poudriere_cert=true (default=false)

 1shell> ansible-playbook pb.yml -t poudriere_cert -e poudriere_cert=true
 2
 3PLAY [build.example.com] *******************************************************************************
 4
 5TASK [Gathering Facts] *********************************************************************************
 6ok: [build.example.com]
 7
 8TASK [vbotka.freebsd_poudriere : Poudriere Debug] ******************************************************
 9skipping: [build.example.com]
10
11TASK [vbotka.freebsd_poudriere : cert: Generate private key /usr/local/etc/ssl/private/build.example.com.key]
12changed: [build.example.com]
13
14TASK [vbotka.freebsd_poudriere : cert: Generate csr /usr/local/etc/ssl/csr/build.example.com.csr] ******
15changed: [build.example.com]
16
17TASK [vbotka.freebsd_poudriere : cert: Generate crt /usr/local/etc/ssl/certs/build.example.com.crt] ****
18changed: [build.example.com]
19
20PLAY RECAP *********************************************************************************************
21build.example.com: ok=1    changed=3    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0
 1shell> tree /usr/local/etc/ssl/
 2/usr/local/etc/ssl/
 3|-- cert.pem
 4|-- cert.pem.sample -> ../../share/certs/ca-root-nss.crt
 5|-- certs
 6|   `-- build.example.com.crt
 7|-- crt
 8|   `-- build.example.com-sk.crt
 9|-- csr
10|   `-- build.example.com.csr
11`-- private
12    |-- build.example.com-sk.key
13    `-- build.example.com.key

Configure poudriere

 1shell> ansible-playbook pb.yml -t poudriere_conf
 2
 3PLAY [build.example.com] *******************************************************************************
 4
 5TASK [Gathering Facts] *********************************************************************************
 6ok: [build.example.com]
 7
 8TASK [vbotka.freebsd_poudriere : Poudriere Debug] ******************************************************
 9skipping: [build.example.com]
10
11TASK [vbotka.freebsd_poudriere : conf: Create directories] *********************************************
12ok: [build.example.com] => (item=/usr/ports/distfiles)
13
14TASK [vbotka.freebsd_poudriere : conf: Configure /usr/local/etc/poudriere.conf] ************************
15changed: [build.example.com]
16
17PLAY RECAP *********************************************************************************************
18build.example.com: ok=2    changed=1    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0
 1shell> cat /usr/local/etc/poudriere.conf
 2# Ansible managed 
 3
 4ZPOOL=zroot
 5NO_ZFS=no
 6ZROOTFS=/poudriere
 7FREEBSD_HOST=https://download.freebsd.org
 8RESOLV_CONF=/etc/resolv.conf
 9BASEFS=/usr/local/poudriere
10SVN_HOST=svn.FreeBSD.org
11POUDRIERE_DATA=/usr/local/poudriere/data
12USE_PORTLINT=no
13USE_TMPFS=no
14DISTFILES_CACHE=/usr/ports/distfiles
15PKG_REPO_SIGNING_KEY=/usr/local/etc/ssl/private/build.example.com-sk.key
16URL_BASE=http://build.example.com/
17CHECK_CHANGED_OPTIONS=verbose
18CHECK_CHANGED_DEPS=yes
19NOLINUX=yes
20USE_COLORS=yes
21PRESERVE_TIMESTAMP=yes
22BUILDER_HOSTNAME=build
23
24# EOF

Create directories (22-23) and create the lists of the ports (37-39)

 1shell> ansible-playbook pb.yml -t poudriere_pkglists
 2
 3PLAY [build.example.com] **********************************************************************************************
 4
 5TASK [Gathering Facts] ************************************************************************************************
 6ok: [build.example.com]
 7
 8TASK [vbotka.freebsd_poudriere : Poudriere Debug] *********************************************************************
 9skipping: [build.example.com]
10
11TASK [vbotka.freebsd_poudriere : pkglists: Create list of packages] ***************************************************
12included: /export/home/vlado.config/.ansible/roles/vbotka.freebsd_poudriere/tasks/pkglist.yml for build.example.com
13
14TASK [vbotka.freebsd_poudriere : conf: Create list _pkg_dict] *********************************************************
15ok: [build.example.com] => (item=minimal)
16ok: [build.example.com] => (item=ansible)
17
18TASK [vbotka.freebsd_poudriere : conf: Debug _pkg_dict] ***************************************************************
19skipping: [build.example.com]
20
21TASK [vbotka.freebsd_poudriere : conf: Create directories /usr/local/etc/poudriere.d/pkglist_amd64] *******************
22changed: [build.example.com] => (item=/usr/local/etc/poudriere.d/pkglist_amd64)
23changed: [build.example.com] => (item=/usr/local/etc/poudriere.d/pkglist_amd64.disabled)
24
25TASK [vbotka.freebsd_poudriere : conf: Remove lists of packages from /usr/local/etc/poudriere.d/pkglist_amd64] ********
26skipping: [build.example.com] => (item=minimal)
27skipping: [build.example.com] => (item=ansible)
28
29TASK [vbotka.freebsd_poudriere : conf: Create lists of packages in /usr/local/etc/poudriere.d/pkglist_amd64.disabled] *
30skipping: [build.example.com] => (item=minimal)
31skipping: [build.example.com] => (item=ansible)
32
33TASK [vbotka.freebsd_poudriere : conf: Remove lists of packages from /usr/local/etc/poudriere.d/pkglist_amd64.disabled]
34ok: [build.example.com] => (item=minimal)
35ok: [build.example.com] => (item=ansible)
36
37TASK [vbotka.freebsd_poudriere : conf: Create lists of packages in /usr/local/etc/poudriere.d/pkglist_amd64] **********
38changed: [build.example.com] => (item=minimal)
39changed: [build.example.com] => (item=ansible)
40
41PLAY RECAP ************************************************************************************************************
42build.example.com: ok=6    changed=2    unreachable=0    failed=0    skipped=4    rescued=0    ignored=0
 1shell> tree /usr/local/etc/poudriere.d/
 2/usr/local/etc/poudriere.d/
 3|-- pkglist_amd64
 4|   |-- ansible
 5|   `-- minimal
 6`-- pkglist_amd64.disabled
 7
 8shell> cat /usr/local/etc/poudriere.d/pkglist_amd64/ansible
 9sysutils/ansible
10sysutils/py-ansible-lint
11sysutils/py-ansible-runner
12
13shell> cat /usr/local/etc/poudriere.d/pkglist_amd64/minimal
14shells/bash
15devel/git
16archivers/gtar
17ports-mgmt/pkg
18ports-mgmt/portmaster
19ports-mgmt/portupgrade
20net/rsync
21ftp/wget

Configure make

 1shell> ansible-playbook pb.yml -t poudriere_make
 2
 3PLAY [build.example.com] *******************************************************************************
 4
 5TASK [Gathering Facts] *********************************************************************************
 6ok: [build.example.com]
 7
 8TASK [vbotka.freebsd_poudriere : Poudriere Debug] ******************************************************
 9skipping: [build.example.com]
10
11TASK [vbotka.freebsd_poudriere : conf: Configure /usr/local/etc/poudriere.d/make.conf] *****************
12changed: [build.example.com]
13
14PLAY RECAP *********************************************************************************************
15build.example.com: ok=1    changed=1    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0
1shell> cat /usr/local/etc/poudriere.d/make.conf
2# Ansible managed
3OPTIONS_UNSET+=			DOCS NLS X11 EXAMPLES
4OPTIONS_UNSET+=			GSSAPI_BASE KRB_BASE KERBEROS
5OPTIONS_SET+=			GSSAPI_NONE KRB_NONE
6DEFAULT_VERSIONS+=		emacs=nox
7DEFAULT_VERSIONS+=		php=7.2
8DEFAULT_VERSIONS+=		ssl=openssl

The role is idempotent. At this point, Poudriere is installed, configured and ready to build the packages. There should be no changes reported when the playbook is run repeatedly with the same data

shell> ansible-playbook pb.yml

Build the packages. Login into the host build.example.com and proceed according the Poudriere documentation , e.g.

shell> poudriere jail -c -j 12amd64 -v 12.2-RELEASE
shell> poudriere ports -c -p local
shell> poudriere bulk -j 12amd64 -p local -z devel \
       -f /usr/local/etc/poudriere.d/pkglist_amd64/minimal