Ansible FreeBSD Jail Management: jailexec Connection Plugin Guide

By Luca Berton · Published 2024-01-01 · Category: installation

How to manage FreeBSD jails with Ansible using the jailexec connection plugin. Run tasks inside jails via jexec without SSH, with practical examples.

Introduction

Managing FreeBSD jails with Ansible has traditionally required SSH access into each jail — something you typically don't want in a secure jail setup. The ansible-jailexec connection plugin solves this by running tasks inside jails via jexec on the jail host.

The plugin recently shipped two major releases: 1.1.0 (complete refactor) and 1.2.0 (jail root override).

How jailexec Works

Instead of SSHing directly into each jail, the plugin: SSH to the jail host (the FreeBSD machine running the jails) Uses jexec to execute commands inside the target jail Inherits all SSH options from ansible-core's built-in SSH plugin

This means features like ControlPersist, jump hosts, SSH keys, and password authentication all work automatically.

Installation

Basic Configuration

Inventory Setup

YAML Inventory

Managing Jails with Playbooks

Basic Jail Configuration

Using ansible_jail_root (New in 1.2.0)

For nested or VNET jails where the default jls -j path probe returns incorrect paths:

Security Considerations

The jailexec approach is more secure than SSH into jails:

FAQ

Do I need SSH running inside the jails?

No — that's the main advantage. The plugin uses jexec from the host, so jails don't need SSH daemons.

Does it work with Bastille or ezjail?

Yes. Use ansible_jail_root to specify the correct filesystem path if the default probe doesn't work with your jail manager.

What ansible-core versions are supported?

The plugin is tested against ansible-core 2.14 through 2.20, covering all current supported versions.

Conclusion

The ansible-jailexec connection plugin makes FreeBSD jail management with Ansible practical and secure. No SSH inside jails, full SSH option inheritance, and proper support for complex jail topologies.

Related Articles • Ansible Connection Plugins Guide • Ansible for Linux System Administration • Ansible SSH with Passwords: Fix sshpass

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home