Running Ansible in the SmartOS global zone

None of the machines I currently run SmartOS on are big enough to run SDC/Triton, so I looked at Rundeck for creating zone definitions. and provisioning new zones as jobs. However Rundeck is unable to dynamically add new option fields. This is required for example in order to manage fields with an arbitrary number of keys, such as the network interfaces or disks.

In the meantime I've wanted to be able to run Ansible on my SmartOS nodes for a while now. So on Christmas eve I installed pkgsrc in the Global Zone so that I could run Python and thus target it as an Ansible managed node.

However I quickly found out that Ansible had no idea how to manage packages because it claimed not to be able to find pkgin:

calafate-gz | SUCCESS => {
    "ansible_facts": {
        "ansible_pkg_mgr": "unknown"
    "changed": false

One pull request later and it correctly set ansible_pkg_mgr to pkgin.

Another roadblock revealed itself:

fatal: [calafate-gz]: FAILED! => {"changed": false, "failed": true, "msg":
"Failed to find required executable pkgin in paths: /usr/ccs/bin:/usr/bin:/bin:/usr/sbin:/sbin"}

Ok, makes sense as the tools packages are installed into /opt/tools. So I added a persistent ~/.profile to add the required paths to $PATH; no luck still.

Note, the "tools" set of packages that can be installed into the GZ is fairly limited; there are 369 packages available. It's called tools for a reason!

A small trick is needed in order to set an environment variable for a playbook. Eventually I ended up with a small playbook to demonstrate the usage of pkgin in the GZ:

- name: install a package in the global zone
    PATH: "/opt/tools/sbin:/opt/tools/bin:{{
(ansible_env|default({})).PATH|default('/usr/bin:/usr/sbin') }}"
  become: True
  become_user: root
  hosts: all
  - name: install apcupsd
      name: apcupsd
      state: present

Of course the whole purpose of getting Ansible to run in the global zone is only to only be able to install apcupsd. Since last week I've started to work on two new modules to manage imgadm(1M) and vmadm(1M)!

The imgadm module is finished and has been submitted upstream, awaiting review. The vmadm module is almost finished and will be submitted shortly. These modules are a major improvement for managing SmartOS hosts so they warrant a write-up of their own...soon!

update: the imgadm module has been merged upstream too now!