-
Notifications
You must be signed in to change notification settings - Fork 23.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Local chroot support v2 #2106
Local chroot support v2 #2106
Conversation
How does this work when -f 1 is used? I see nothing to un-chroot in there. |
@dhozac I can't see what you mean with 'nothing to un-chroot thing'. I tested this as well with |
Thanks, will take a look shortly |
Yeah, it is simpler than I was expecting. I don't think lib should be a requirement, not all chroots will have that (consider e.g. /lib64). Checking euid should probably be in the connection plugin instead of in bin/ansible or bin/ansible-playbook, as you can specify connection: chroot in the play and such. However, euid might not be enough as you can grant select capabilities (such as chroot) rather easily on recent Linux... executable in the subprocess.Popen call will always None, as you explicitly ensure that is the case. You can even leave it off in this case. Paths should be resolved with abspath inside of the chroot to follow symlinks correctly, otherwise you may start writing things outside of the chroot, and fail to make the files available as intended. |
Working on the issues. Thanks. |
* get_file_contents returns None when file is not available. When /etc/mtab is pointing to /proc/mounts and /proc is not mounted, mtab.split will traceback.
Adds 'chroot' connection for executing modules chrooted to a local dir. Requires running ansible as root. chroot dirs should be specified in the inventory like any other host. You can do things like: $ sudo -E ansible -vvv -f 1 "./chroot1,./chroot2" -c chroot \ all -m setup $ sudo -E ansible-playbook -vvv -f 1 -i "./chroot1,./chroot2" \ -c chroot some-playbook.yml some-playbook.yml: --- - hosts: all tasks: - name: echo something shell: echo "Yaaay!" >/tmp/foobar.txt - name: install less apt: pkg=less state=latest
|
This looks very good and I've merged this. I think the next logical addition would be a module that could create a chroot if it did not already exist, useful? |
Not sure how to handle idempotence in such a module, maybe testing that Now that you mention, I've started to pondering something like: inventory:
playbook:
or |
Directory exists and contains /bin/sh seems good. I was thinking of it as a module that would run on the localhost, not one that would actually use the chroot type. OTOH, creating a chroot is very distro specific. |
debootstrap makes things pretty easy, just saw your tweet. Wonder if there is something similarly nice for CentOS/RHEL/Fedora On Sat, Feb 23, 2013 at 6:48 PM, Maykel Moya notifications@github.comwrote:
|
So...
I'll add it to queue. febootstrap seems to be the same for Fedora. |
perhaps it should be called 'chroot' then and take something like a On Sat, Feb 23, 2013 at 7:33 PM, Maykel Moya notifications@github.comwrote:
|
Add support for acting on a local chroot. This could be used for building a preconfigured virtual OS image starting from a raw distro bootstrap.
Requires running ansible as
root
.Includes two fixes for fails when
/proc
is not mounted.Using
Example of use with a Debian boostrap:
an example
test-playbook.yml
could be:Notes
Same as #2082 but now
chroot
is an independent connection type as suggested.