Last active
November 18, 2020 02:51
-
-
Save odyssey4me/7649d70420e10b67b22f3592181be659 to your computer and use it in GitHub Desktop.
Ansible remote chroot experimentation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# do this on localhost (deployment host) | |
# ensure that there's a local ssh private key | |
ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa | |
# now make sure that the public key is in the second host's authorized_keys | |
# then do a test ssh connection to make sure it works, and to add the host | |
# to known hosts | |
apt-get update && \ | |
apt-get purge -y nano && \ | |
apt-get install -y git vim tmux fail2ban build-essential python2.7 python-dev libssl-dev libffi-dev lxc lxc-dev | |
curl --silent --show-error --retry 5 https://bootstrap.pypa.io/get-pip.py | sudo python2.7 | |
pip install -U ansible==2.2.0 lxc-python2 | |
git config --global user.email "user@example.com" | |
git config --global user.name "User" | |
git config --global push.default matching | |
git config --global --add gitreview.username "user" | |
mkdir -p ~/.ansible | |
git clone https://github.com/openstack/openstack-ansible-plugins.git ~/.ansible/plugins | |
cd ~/.ansible/plugins | |
git fetch https://git.openstack.org/openstack/openstack-ansible-plugins refs/changes/38/400338/6 && git cherry-pick FETCH_HEAD | |
cd ~ | |
ansible-playbook -i 01-inventory.ini 02-playbook.yml -vvv |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[all] | |
localhost ansible_host=localhost | |
container1 physical_host=localhost | |
chroot1 physical_host=localhost chroot_path=/opt/chroot1 | |
[all_containers] | |
container1 | |
[all_chroots] | |
chroot1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- name: Prepare LXC host and container | |
hosts: localhost | |
gather_facts: yes | |
tasks: | |
- name: Create the container | |
lxc_container: | |
name: container1 | |
template: download | |
state: started | |
backing_store: dir | |
template_options: --dist ubuntu --release xenial --arch amd64 --keyserver hkp://p80.pool.sks-keyservers.net:80 | |
- name: Create the chroot folder | |
file: | |
path: /opt/chroot1 | |
state: directory | |
register: _chroot_dir | |
- name: Extract a rootfs into the chroot | |
shell: tar -xJf /var/cache/lxc/download/ubuntu/xenial/amd64/default/rootfs.tar.xz -C /opt/chroot1 | |
when: _chroot_dir | changed | |
- name: Deploy the chroot/container prep script | |
copy: | |
content: | | |
#!/usr/bin/env bash | |
set -e -x | |
export DEBIAN_FRONTEND=noninteractive | |
apt-get update | |
apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes python2.7 | |
rm -f /usr/bin/python | |
ln -s /usr/bin/python2.7 /usr/bin/python | |
userdel --force --remove ubuntu || true | |
apt-get clean | |
dest: "{{ item }}/usr/local/bin/cache-prep-commands.sh" | |
mode: "0755" | |
register: _prep_script | |
with_items: | |
- "/var/lib/lxc/container1/rootfs" | |
- "/opt/chroot1" | |
- name: Execute the chroot/container prep script | |
command: "chroot {{ item.item }} /usr/local/bin/cache-prep-commands.sh" | |
when: "{{ item.changed | bool }}" | |
with_items: "{{ _prep_script['results'] }}" | |
- name: Demonstrate the connection plugin use to the container without SSH | |
hosts: container1 | |
gather_facts: no | |
tasks: | |
- name: List the contents of a folder | |
command: ls -al /usr/local/bin/ | |
- name: Demonstrate the connection plugin use to the chroot | |
hosts: chroot1 | |
gather_facts: no | |
tasks: | |
- name: List the contents of a folder | |
command: ls -al /usr/local/bin/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
ansible_host: "{{ physical_hostname }}" | |
physical_hostname: "{{ hostvars[physical_host]['ansible_host'] }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
ansible_host: "{{ physical_hostname }}" | |
ansible_user: root | |
container_name: "{{ inventory_hostname }}" | |
physical_hostname: "{{ hostvars[physical_host]['ansible_host'] }}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment