mic92 / ansible-lxc Goto Github PK
View Code? Open in Web Editor NEWAnsible Connection Plugin for lxc containers (https://linuxcontainers.org/)
License: GNU General Public License v3.0
Ansible Connection Plugin for lxc containers (https://linuxcontainers.org/)
License: GNU General Public License v3.0
I wonder if there is any real reason for not submitting this to the ansible upstream repo. I've tried this, find it extremely useful, and have written a corresponding inventory script that I'd like to submit upstream. Any thoughts on pushing your connection driver plugin too?
I'm looking for a way to use Ansible to run tasks on lxc containers on a remote server. I usually use ssh to access the remote host, and lxc-attach to the containers. I don't want to run a sshd on each container.
Now, since I'm very new to Ansible, I'm having a hard time understanding if your plugin fits that need, or if it's only dedicated to work on local vm's?
I think it would be helpful if your "usage" section was a little more detailed to add more precise use cases.
Thank you for your work.
When running the controller in a vagrant vm with lxc installed locally, lxc creates a "/home/vagrant/.ansible" folder on the guest (chowned as root:root).
However, the "vagrant" user is not defined in the guest.
I suspect (but am not sure) that this is leading to some weird behaviours:
executing "shell ssh-import-id" or " authorized_key:" on the lxc guest fails (see ansible.log extract below)
2015-07-21 19:42:35,999 p=23545 u=root | failed: [h-db-mongo] => (item=lp:joaocc) => {"changed": true, "cmd": "ssh-import-id "lp:joaocc"", "delta": "0:00:00.424627", "end": "2015-07-21 19:42:35.979886", "item": "lp:joaocc", "rc": 1, "start": "2015-07-21 19:42:35.555259", "warnings": []}
executing "apt_repository:" also fails (ansible log -vvvv below)
THIS IS A LOCAL LXC DIR
REMOTE_MODULE apt_repository repo=ppa:ondrej/php5
EXEC ['/bin/sh', '-c', 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1437520463.28-182666014272512 && echo $HOME/.ansible/tmp/ansible-tmp-1437520463.28-182666014272512']
PUT /tmp/tmpyuHbBQ TO /home/vagrant/.ansible/tmp/ansible-tmp-1437520463.28-182666014272512/apt_repository
EXEC ['/bin/sh', '-c', u'LANG=C LC_CTYPE=C /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1437520463.28-182666014272512/apt_repository; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1437520463.28-182666014272512/ >/dev/null 2>&1']
failed: [h-lemp-1] => {"failed": true}
msg: Failed to connect to launchpad.net:443.
How can I change the account as which ansible connects to the guest?
Thanks
Hi @Mic92,
Have you tested this with unprivileged containers (https://help.ubuntu.com/lts/serverguide/lxc.html#lxc-unpriv)?
Thx
Hi,
I am trying to get this to run on Ubuntu 14.04 with LXC 1.0.6 and Ansible v1.8.2.
When I try to connect to a freshly installed guest (template ubuntu-cloud / trusty), I get the following error:
<lxc-demo> THIS IS A LOCAL LXC DIR
<lxc-demo> REMOTE_MODULE setup
<lxc-demo> EXEC ['/usr/bin/lxc-attach', '--name', 'lxc-demo', '--', '/bin/sh', '-c', 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1420214512.67-65457909308433 && echo $HOME/.ansible/tmp/ansible-tmp-1420214512.67-65457909308433']
<lxc-demo> PUT /tmp/tmpGYMeY7 TO overlayfs:/var/lib/lxc/LXC-Template-1404/rootfs:/var/lib/lxc/lxc-demo/delta0/home/vagrant/.ansible/tmp/ansible-tmp-1420214512.67-65457909308433/setup
Traceback (most recent call last):
File "/usr/share/ansible_plugins/connection_plugins/lxc/lxc.py", line 87, in _copy
shutil.copyfile(in_path, out_path)
File "/usr/lib/python2.7/shutil.py", line 83, in copyfile
with open(dst, 'wb') as fdst:
IOError: [Errno 2] No such file or directory: u'overlayfs:/var/lib/lxc/LXC-Template-1404/rootfs:/var/lib/lxc/lxc-demo/delta0/home/vagrant/.ansible/tmp/ansible-tmp-1420214512.67-65457909308433/setup'
fatal: [lxc-demo] => failed to transfer file to overlayfs:/var/lib/lxc/LXC-Template-1404/rootfs:/var/lib/lxc/lxc-demo/delta0/home/vagrant/.ansible/tmp/ansible-tmp-1420214512.67-65457909308433/setup
After this, I confirm that the /var/lib/lxc/lxc-demo/delta0/home/vagrant/.ansible/tmp/ansible-tmp-1420214512.67-65457909308433 folder exists, but is empty.
Any ideas on what might be going wrong?
Thanks
Hi,
I have been observing a weird behavior with ansible-lxc.
My playbook creates a set of containers, starting with a template based on "ubuntu-cloud" / trusty.
Everything runs fine when I do this in a running VM (in this case Vagrant) - LXC container is created with the right template.
However, when I run the exact same playbook as part of vagrant.provision.shell, the template reverts back to "ubuntu" (the default).
Some snippets.
container_cloudinit_userdata: ""
my_containers:
- name: Template-1404
template: "ubuntu-cloud"
template_options: --release trusty {{container_cloudinit_userdata}}
- name: create containers
sudo: yes
lxc-container:
name: "{{ item.name }}"
template: ubuntu-cloud
backing_store: "{{item.backing_store|default('dir') }}"
template_options: "{{ item.template_options|default('') }}"
state: "stopped"
container_log: true
with_items: my_containers
The host VM is "ubuntu/trusty64" from Vagrant.
Any ideas?
Thx
Hi,
I am trying to connect with ansible to lxc-guests in the control machine.
The playbook is as simple as:
- name: gather facts from guests...
sudo: true
hosts: all-my-guests
gather_facts: yes
roles:
- { role: debug-dump-all }
This playbook runs perfectly both with remote guests (via SSH) or lxc-guests also via SSH.
It also runs ok when I run "ansible-playbook" via sudo.
sudo bash run--ansible.sh provision--guests.yml
(in this case, I am calling a script that calls "ansible-playbook")
However, if I do...
bash run--ansible.sh provision--guests.yml
... then I get the following errors:
TASK: [debug-dump-all | Dump All Vars] ****************************************
Process SyncManager-1:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 250, in _bootstrap
sys.stdin = open(os.devnull)
IOError: [Errno 13] Permission denied: '/dev/null'
Traceback (most recent call last):
File "/usr/bin/ansible-playbook", line 324, in <module>
sys.exit(main(sys.argv[1:]))
File "/usr/bin/ansible-playbook", line 264, in main
pb.run()
File "/usr/lib/pymodules/python2.7/ansible/playbook/__init__.py", line 348, in run
if not self._run_play(play):
File "/usr/lib/pymodules/python2.7/ansible/playbook/__init__.py", line 789, in _run_play
if not self._run_task(play, task, False):
File "/usr/lib/pymodules/python2.7/ansible/playbook/__init__.py", line 497, in _run_task
results = self._run_task_internal(task, include_failed=include_failed)
File "/usr/lib/pymodules/python2.7/ansible/playbook/__init__.py", line 439, in _run_task_internal
results = runner.run()
File "/usr/lib/pymodules/python2.7/ansible/runner/__init__.py", line 1485, in run
results = self._parallel_exec(hosts)
File "/usr/lib/pymodules/python2.7/ansible/runner/__init__.py", line 1369, in _parallel_exec
manager = multiprocessing.Manager()
File "/usr/lib/python2.7/multiprocessing/__init__.py", line 99, in Manager
m.start()
File "/usr/lib/python2.7/multiprocessing/managers.py", line 528, in start
self._address = reader.recv()
EOFError
Any idea?
Is this supposed to work only in sudo on the command line (even if I have sudo in the tasks themselves)?
Can I workaround this by adding the user under which ansible runs on the control machine to some group?
Thanks
Hi,
I started having these messages.
Any idea on what may be the cause?
This happens when running ansible on a lxc-host (local connection) an trying to gather facts in lxc-guests (via lxc connection).
´´´´
lxc_container: console.c: lxc_console: 700 stdin is not a tty
fatal: [h-piwik] => Traceback (most recent call last):
File "/usr/lib/pymodules/python2.7/ansible/runner/init.py", line 582, in _executor
exec_rc = self._executor_internal(host, new_stdin)
File "/usr/lib/pymodules/python2.7/ansible/runner/init.py", line 785, in _executor_internal
return self._executor_internal_inner(host, self.module_name, self.module_args, inject, port, complex_args=complex_args)
File "/usr/lib/pymodules/python2.7/ansible/runner/init.py", line 1032, in _executor_internal_inner
result = handler.run(conn, tmp, module_name, module_args, inject, complex_args)
File "/usr/lib/pymodules/python2.7/ansible/runner/action_plugins/normal.py", line 57, in run
return self.runner._execute_module(conn, tmp, module_name, module_args, inject=inject, complex_args=complex_args)
File "/usr/lib/pymodules/python2.7/ansible/runner/init.py", line 470, in _execute_module
tmp = self._make_tmp_path(conn)
File "/usr/lib/pymodules/python2.7/ansible/runner/init.py", line 1288, in _make_tmp_path
result = self._low_level_exec_command(conn, cmd, None, sudoable=False)
File "/usr/lib/pymodules/python2.7/ansible/runner/init.py", line 1169, in _low_level_exec_command
in_data=in_data)
File "/usr/share/ansible_plugins/connection_plugins/lxc/lxc.py", line 63, in exec_command
(pid, returncode) = os.waitpid(pid, 0)
OSError: [Errno 10] No child processes
´´´´
Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.