New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

teach ansible how to use systemd-nspawn #47776

Open
wants to merge 1 commit into
base: devel
from

Conversation

Projects
None yet
4 participants
@larsks
Contributor

larsks commented Oct 29, 2018

SUMMARY

This is a thin clone of the chroot connection driver that uses
systemd-nspawn to spawn processes in a chroot environment. Unlike
vanilla chroot, systemd-nspawn takes care of setting up/tearing down
directories like /proc and /sys and offers a variety of options for
controlling namespacing in the chrooted environment.

ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME

systemd-nspawn connection plugin

ANSIBLE VERSION
ansible 2.8.0.dev0 (feature/nspawn c2b2dfdd51) last updated 2018/10/29 16:20:46 (GMT -400)
  config file = /home/lars/projects/piconfig/ansible.cfg
  configured module search path = [u'/home/lars/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /home/lars/src/ansible/lib/ansible
  executable location = /home/lars/projects/piconfig/.venv/bin/ansible
  python version = 2.7.15 (default, Oct 15 2018, 15:24:06) [GCC 8.1.1 20180712 (Red Hat 8.1.1-5)]

ADDITIONAL INFORMATION

Using the ansible_nspawn_extra_args command it is possible to pass additional command line arguments to systemd-nspawn. For example, with the following inventory...

---
all:
  hosts:
    /mnt:
      ansible_connection: nspawn
      ansible_nspawn_extra_args: "--private-network"

...Ansible would connect to the chroot on /mnt using the command:

systemd-nspawn -D /mnt --private-network /bin/sh -c '...'

If we were to use the following playbook...

---
- hosts: all
  tasks:
    - debug:
        var: ansible_interfaces

We would see:

PLAY [all] ************************************************************************************

TASK [Gathering Facts] ************************************************************************
ok: [/mnt]

TASK [debug] **********************************************************************************
ok: [/mnt] => {
    "ansible_interfaces": [
        "lo"
    ]
}

PLAY RECAP ************************************************************************************
/mnt                       : ok=2    changed=0    unreachable=0    failed=0    skipped=0
@ansibot

This comment has been minimized.

Contributor

ansibot commented Oct 29, 2018

Hi @larsks, thank you for submitting this pull-request!

click here for bot help

@ansibot

This comment has been minimized.

Contributor

ansibot commented Oct 29, 2018

The test ansible-test sanity --test boilerplate [explain] failed with 2 errors:

lib/ansible/plugins/connection/nspawn.py:0:0: missing: __metaclass__ = type
lib/ansible/plugins/connection/nspawn.py:0:0: missing: from __future__ import (absolute_import, division, print_function)

click here for bot help

@ansibot ansibot added needs_revision and removed core_review labels Oct 29, 2018

teach ansible how to use systemd-nspawn
this is a thin clone of the chroot connection driver that uses
systemd-nspawn to spawn processes in a chroot environment. Unlike
vanilla chroot, systemd-nspawn takes care of setting up/tearing down
directories like /proc and /sys and offers a variety of options for
controlling namespacing in the chrooted environment.

@larsks larsks force-pushed the larsks:feature/nspawn branch from 7708f1e to 903ad16 Oct 30, 2018

@jborean93 jborean93 removed the needs_triage label Nov 1, 2018

@mattclay

This comment has been minimized.

Member

mattclay commented Nov 5, 2018

@mattclay mattclay added the ci_verified label Nov 5, 2018

@mattclay

This comment has been minimized.

Member

mattclay commented Nov 5, 2018

@larsks Can you include integration tests for this connection plugin?

Take a look at the tests for the chroot connection plugin for an example:

https://github.com/ansible/ansible/tree/devel/test/integration/targets/connection_chroot

@larsks

This comment has been minimized.

Contributor

larsks commented Nov 5, 2018

Can you include integration tests for this connection plugin?

It's going to be tricky, since systemd-nspawn can't run against /, which is how the chroot plugin fakes it. I would need to include code for building an alternate root environment. Can I assume something like debootstrap is available? Or do you have an alternate suggestion?

@mattclay

This comment has been minimized.

Member

mattclay commented Nov 6, 2018

@larsks If you need utilities like debootstrap you'll need to install them as part of the test.

@ansibot ansibot added the stale_ci label Nov 14, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment