add systemd-nspawn connection driver #14334
Conversation
This commit adds a connection driver built on top of systemd-nspawn.
This is similar to the existing `chroot` driver, except that nspawn
offers a variety of additional services. For example, it takes care of
automatically mounting `/proc` and `/sys` inside the chroot environment,
which will make a variety of tools work correctly that would otherwise
fail.
You can take advantage of other system-nspawn features to perform more
complicated tasks. For example, on my x86_64 system I have a Raspberry
Pi disk image mounted on `/rpi`. I can't use `chroot` with this because
the binaries contained in the image are for the wrong architecture.
However, I can use the systemd-nspawn `--bind` option to automatically
insert the appropriate qemu-arm binary into the container using an
inventory file like this:
pi ansible_host=/rpi ansible_nspawn_extra_args='--bind /usr/bin/qemu-arm --bind /lib64'
See http://www.freedesktop.org/software/systemd/man/systemd-nspawn.html
for more information about systemd-nspawn itself.
|
Made a short write-up of this driver here |
larsks
force-pushed
the
feature/nspawn
branch
from
37ee4bf
to
e8aeb31
Compare
|
Any future to this PR? |
|
@gdamjan don't know; there's been no interest from the ansible side... |
|
There is a huge backlog, which means we don't always get to pay attention to every ticket. We have been reducing it but have not had time to look at this in depth. |
| @@ -286,6 +286,8 @@ def base_parser(usage="", output_opts=False, runas_opts=False, meta_opts=False, | |||
| help="specify extra arguments to pass to scp only (e.g. -l)") | |||
| connect_group.add_option('--ssh-extra-args', default='', dest='ssh_extra_args', | |||
| help="specify extra arguments to pass to ssh only (e.g. -R)") | |||
| connect_group.add_option('--nspawn-extra-args', default='', dest='nspawn_extra_args', | |||
| help="specify extra arguments to pass to systemd-nspawn only (e.g. --bind)") | |||
There was a problem hiding this comment.
i would prefer to not add more connection specific arguments
bcoca
added
the
needs_rebase
|
I guess any additional settings nspawn needs can be specified in the environment? what about a section in |
|
The section in ansible.cfg is fine, as well as inventory connection vars, they just need to be queried from the connection plugin (i believe winrm has good example of this). |
| @@ -244,6 +244,7 @@ def load_config_file(): | |||
| ANSIBLE_SSH_PIPELINING = get_config(p, 'ssh_connection', 'pipelining', 'ANSIBLE_SSH_PIPELINING', False, boolean=True) | |||
| ANSIBLE_SSH_RETRIES = get_config(p, 'ssh_connection', 'retries', 'ANSIBLE_SSH_RETRIES', 0, integer=True) | |||
| PARAMIKO_RECORD_HOST_KEYS = get_config(p, 'paramiko_connection', 'record_host_keys', 'ANSIBLE_PARAMIKO_RECORD_HOST_KEYS', True, boolean=True) | |||
| ANSIBLE_NSPAWN_ARGS = get_config(p, 'nspawn_connection', 'nspawn_args', 'ANSIBLE_NSPAWN_ARGS', '-q') | |||
There was a problem hiding this comment.
I would add (commented out) example in examples/ansible.cfg
bcoca
added
the
needs_revision
ansibot
added
needs_rebase
|
@larsks This PR was tested by travis-ci.org, which is no longer used. Please rebase your branch to trigger running of current tests. |
ansibot
added
needs_rebase
|
@larsks This PR was tested by travis-ci.org, which is no longer used. Please rebase your branch to trigger running of current tests. |
|
so while adding a 'clean' version i realized systemd-nspawn is only useful to create a new instance and not a way to send commands to existing instances (machinectl might fit the bill but return codes seem a mess). In it's current form this does not qualify as a connection plugin as only the 1st command sent can work, the rest will fail as the instance is 'already running', the first will also fail if that was the case. |
|
how do you mean it'll be running?
|
|
@gdamjan which makes it impossible to actually modify a container when it has an a running service/command, which is expected to be possible via the connection plugins, also this limits access to a single instance, while no other connection does this. |
|
ok, I understand. My usecase was mainly about "containers" that are not running (yet) when configured by ansible, but I see how that's not complete. |
|
@larsks Greetings! Thanks for taking the time to open this pullrequest. In order for the community to handle your pullrequest effectively, we need a bit more information. Here are the items we could not find in your description:
Please set the description of this pullrequest with this template: |
ansibot
added
needs_info
ansibot
added
feature
This commit adds a connection driver built on top of systemd-nspawn.
This is similar to the existing
chrootdriver, except that nspawnoffers a variety of additional services. For example, it takes care of
automatically mounting
/procand/sysinside the chroot environment,which will make a variety of tools work correctly that would otherwise
fail.
You can take advantage of other system-nspawn features to perform more
complicated tasks. For example, on my x86_64 system I have a Raspberry
Pi disk image mounted on
/rpi. I can't usechrootwith this becausethe binaries contained in the image are for the wrong architecture.
However, I can use the systemd-nspawn
--bindoption to automaticallyinsert the appropriate qemu-arm binary into the container using an
inventory file like this:
See http://www.freedesktop.org/software/systemd/man/systemd-nspawn.html
for more information about systemd-nspawn itself.