Ansible provisioner does not make group variables available to LXD containers

[snesbittsea]

When provisioning a LXD container, the current Ansible provisioner fails to make group variables available to the Ansible run.

In debugging this I dumped the Ansible hostvars and saw that there are two hosts defined - a "default" host and a host corresponding to the builder "name" parameter with a "packer-" prefix. The expected group vars are found in the "default" host but not the "packer-" host. Attempting to force the provisioner to use the default host with the ansible-playbook -l option fails because there is no LXD container named "default" available and the host address is set to 127.0.0.1.

Setting the host_alias to 'packer-consulserver' does result in the group vars being available but provisioning fails with can't reach container

The core issue I believe is the generation of the temporary inventory file. The problem is that as part of the creation of the temporary inventory file the ansible_host is set to 127.0.0.1 (hardcoded). I believe this means that for any host which activates the temporary host file the connection settings will be wrong for LXD containers.

As a quick and dirty check I replaced the existing code with the following removing the setting of the ansible_host variable:

               host := fmt.Sprintf("%s ansible_user=%s ansible_port=%s\n",
                        p.config.HostAlias, p.config.User, p.config.LocalPort)

This works and I have both group vars available and can access the LXD container.

Summary - my analysis suggests that the hard coding of the ansible_host to 127.0.0.1 when generating the inventory file will cause the provisioner to be unable to successfully connect to the LXD container.

As a final note, I can work around the issue by defining the group variables in the template. This is very non-DRY and hacky.

I think there are at least three issues that need attention here:

1. The provisioner documentation needs to be updated to describe how to get the provisioner to work with LXD containers. This includes documenting that the container reference is the builder name parameter with a packer- prefix, that the host_alias needs to be set to this concated name and the -l variable (and possible -i) variables need to be set in extra_arguments

2. The creation of the temporary inventory file needs to be changed so that ansible_host value is set correctly.

3. Rethinking the temporary host file to allow the user to explicitly set the host file to be used. I might be missing something here, but why shouldn't I be able to pass in one of my existing Ansible hosts files?This would DRY things out

Here are my work products:

packer version: 1.2.2-dev
host platform: Ubuntu 17.10

More detail on the debug process can be found in the packer google group discussion: Can't get remote ansible provisioner to assign to existing group during provisioning

packer command:
PACKER_LOG=1 $GOPATH/src/github.com/hashicorp/packer/bin/packer build -debug -only consulserver template.json

packer template:

{
  "builders": [
    {
      "type": "lxd",
      "name": "consulserver",
      "image": "AWTAlpine37",
      "output_image": "consulserver",
      "publish_properties": {
      "description": "Consul Server"
      }
    }
  ],
  "provisioners": [
  {
    "type": "shell",
    "inline": [ "sleep 10; apk update && apk add python2" ]
  },
  {
    "type": "ansible",
    "groups": ["consul_instances"],
    "host_alias": "packer-consulserver",
    "ansible_env_vars": [ "ANSIBLE_CONFIG=/home/FUZZBUTT/snesbitt/projects/ansible/fuzzbutt.awt_ansible/ansible.cfg" ],
    "inventory_directory": "/home/FUZZBUTT/snesbitt/projects/ansible/fuzzbutt.awt_ansible/inventories/prod",
    "playbook_file": "/home/FUZZBUTT/snesbitt/projects/ansible/fuzzbutt.awt_ansible/inventories/prod/domain-server.yml",
    "extra_arguments": [ "-c", "lxd",  "-l", "packer-consulserver", "-i", "packer-consulserver,"]
  }
  ]
}

Playbook:

---
- hosts: all

  tasks:
    - name: Play hosts
      debug: msg="play_hosts={{play_hosts}}"

    - name: Dump consul_instance group
      debug: msg="consul instances {{ groups['consul_instances'] | to_nice_yaml }}"


    - name: Dump inventory_hostname
      debug: var=inventory_hostname

    - name: Dump workstations group
      debug: var=groups['workstations']

    - name: Dump consul_instances group var
      debug: var=consul_node_role

    - name: Dump consul_instances group var
      debug: var=hostvars.default.consul_node_role

    - name: Dump consul_instances group var
      debug: var=consul_node_role

    - name: Hello world
      command: cat "/etc/fstab"
      register: fstab

    - name: Dump fstab
      debug: var=fstab

provisioner.go
provisioner.go.zip

[rickard-von-essen]

I think this is a more general bug, that ansible provisioner doesn't work with any of lxc and lxd, but for some reason it works with docker.

[rickard-von-essen]

A working Docker example:

{
  "builders": [
    {
      "type": "docker",
      "image":"ubuntu:latest",
      "commit":true
    }
  ],
  "provisioners": [
    {
      "type": "shell",
      "inline": [ "apt-get update && apt-get install -y python" ]
    },
    {
      "type": "ansible",
      "playbook_file": "playbook.yml",
      "groups": [ "special" ]
    }
  ]
}

---
- hosts: special
  tasks:
    - name: Shelling
      shell: echo "Hello world"

[ghost]

This issue has been automatically migrated to hashicorp/packer-plugin-ansible#30 because it looks like an issue with that plugin. If you believe this is not an issue with the plugin, please reply to hashicorp/packer-plugin-ansible#30.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.