2021-08-07 15:02:21 +02:00
|
|
|
# -*- coding: utf-8 -*-
|
2020-03-09 10:11:07 +01:00
|
|
|
# Based on local.py (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>
|
|
|
|
#
|
|
|
|
# (c) 2013, Maykel Moya <mmoya@speedyrails.com>
|
|
|
|
# (c) 2015, Toshio Kuratomi <tkuratomi@ansible.com>
|
|
|
|
# Copyright (c) 2017 Ansible Project
|
2022-08-05 12:28:29 +02:00
|
|
|
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
2020-03-09 10:11:07 +01:00
|
|
|
|
|
|
|
from __future__ import (absolute_import, division, print_function)
|
|
|
|
__metaclass__ = type
|
|
|
|
|
|
|
|
DOCUMENTATION = '''
|
2020-09-28 21:21:51 +02:00
|
|
|
author: Maykel Moya (!UNKNOWN) <mmoya@speedyrails.com>
|
2021-01-12 07:12:03 +01:00
|
|
|
name: chroot
|
2020-03-09 10:11:07 +01:00
|
|
|
short_description: Interact with local chroot
|
|
|
|
description:
|
|
|
|
- Run commands or put/fetch files to an existing chroot on the Ansible controller.
|
|
|
|
options:
|
|
|
|
remote_addr:
|
|
|
|
description:
|
|
|
|
- The path of the chroot you want to access.
|
2024-07-21 21:04:53 +02:00
|
|
|
type: string
|
2020-03-09 10:11:07 +01:00
|
|
|
default: inventory_hostname
|
|
|
|
vars:
|
2022-11-17 06:53:46 +01:00
|
|
|
- name: inventory_hostname
|
2020-03-09 10:11:07 +01:00
|
|
|
- name: ansible_host
|
|
|
|
executable:
|
|
|
|
description:
|
|
|
|
- User specified executable shell
|
2024-07-21 21:04:53 +02:00
|
|
|
type: string
|
2020-03-09 10:11:07 +01:00
|
|
|
ini:
|
|
|
|
- section: defaults
|
|
|
|
key: executable
|
|
|
|
env:
|
|
|
|
- name: ANSIBLE_EXECUTABLE
|
|
|
|
vars:
|
|
|
|
- name: ansible_executable
|
|
|
|
default: /bin/sh
|
|
|
|
chroot_exe:
|
|
|
|
description:
|
|
|
|
- User specified chroot binary
|
2024-07-21 21:04:53 +02:00
|
|
|
type: string
|
2020-03-09 10:11:07 +01:00
|
|
|
ini:
|
|
|
|
- section: chroot_connection
|
|
|
|
key: exe
|
|
|
|
env:
|
|
|
|
- name: ANSIBLE_CHROOT_EXE
|
|
|
|
vars:
|
|
|
|
- name: ansible_chroot_exe
|
|
|
|
default: chroot
|
2023-08-14 19:41:33 +02:00
|
|
|
disable_root_check:
|
|
|
|
description:
|
|
|
|
- Do not check that the user is not root.
|
|
|
|
ini:
|
|
|
|
- section: chroot_connection
|
|
|
|
key: disable_root_check
|
|
|
|
env:
|
|
|
|
- name: ANSIBLE_CHROOT_DISABLE_ROOT_CHECK
|
|
|
|
vars:
|
|
|
|
- name: ansible_chroot_disable_root_check
|
|
|
|
default: false
|
|
|
|
type: bool
|
|
|
|
version_added: 7.3.0
|
2020-03-09 10:11:07 +01:00
|
|
|
'''
|
|
|
|
|
2023-07-08 10:21:13 +02:00
|
|
|
EXAMPLES = r"""
|
2023-08-12 18:03:56 +02:00
|
|
|
# Plugin requires root privileges for chroot, -E preserves your env (and location of ~/.ansible):
|
|
|
|
# sudo -E ansible-playbook ...
|
2023-07-08 10:21:13 +02:00
|
|
|
#
|
2023-08-12 18:03:56 +02:00
|
|
|
# Static inventory file
|
2023-07-08 10:21:13 +02:00
|
|
|
# [chroots]
|
|
|
|
# /path/to/debootstrap
|
|
|
|
# /path/to/feboostrap
|
|
|
|
# /path/to/lxc-image
|
|
|
|
# /path/to/chroot
|
|
|
|
|
|
|
|
# playbook
|
|
|
|
---
|
|
|
|
- hosts: chroots
|
|
|
|
connection: community.general.chroot
|
|
|
|
tasks:
|
|
|
|
- debug:
|
|
|
|
msg: "This is coming from chroot environment"
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
2020-03-09 10:11:07 +01:00
|
|
|
import os
|
|
|
|
import os.path
|
|
|
|
import subprocess
|
|
|
|
import traceback
|
|
|
|
|
|
|
|
from ansible.errors import AnsibleError
|
|
|
|
from ansible.module_utils.basic import is_executable
|
|
|
|
from ansible.module_utils.common.process import get_bin_path
|
|
|
|
from ansible.module_utils.six.moves import shlex_quote
|
2021-06-26 23:59:11 +02:00
|
|
|
from ansible.module_utils.common.text.converters import to_bytes, to_native
|
2020-03-09 10:11:07 +01:00
|
|
|
from ansible.plugins.connection import ConnectionBase, BUFSIZE
|
|
|
|
from ansible.utils.display import Display
|
|
|
|
|
|
|
|
display = Display()
|
|
|
|
|
|
|
|
|
|
|
|
class Connection(ConnectionBase):
|
2021-05-16 13:24:37 +02:00
|
|
|
""" Local chroot based connections """
|
2020-03-09 10:11:07 +01:00
|
|
|
|
|
|
|
transport = 'community.general.chroot'
|
|
|
|
has_pipelining = True
|
|
|
|
# su currently has an undiagnosed issue with calculating the file
|
|
|
|
# checksums (so copy, for instance, doesn't work right)
|
|
|
|
# Have to look into that before re-enabling this
|
|
|
|
has_tty = False
|
|
|
|
|
|
|
|
default_user = 'root'
|
|
|
|
|
|
|
|
def __init__(self, play_context, new_stdin, *args, **kwargs):
|
|
|
|
super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs)
|
|
|
|
|
|
|
|
self.chroot = self._play_context.remote_addr
|
|
|
|
|
2023-08-14 19:41:33 +02:00
|
|
|
# do some trivial checks for ensuring 'host' is actually a chroot'able dir
|
2020-03-09 10:11:07 +01:00
|
|
|
if not os.path.isdir(self.chroot):
|
|
|
|
raise AnsibleError("%s is not a directory" % self.chroot)
|
|
|
|
|
|
|
|
chrootsh = os.path.join(self.chroot, 'bin/sh')
|
|
|
|
# Want to check for a usable bourne shell inside the chroot.
|
|
|
|
# is_executable() == True is sufficient. For symlinks it
|
|
|
|
# gets really complicated really fast. So we punt on finding that
|
|
|
|
# out. As long as it's a symlink we assume that it will work
|
|
|
|
if not (is_executable(chrootsh) or (os.path.lexists(chrootsh) and os.path.islink(chrootsh))):
|
|
|
|
raise AnsibleError("%s does not look like a chrootable dir (/bin/sh missing)" % self.chroot)
|
|
|
|
|
|
|
|
def _connect(self):
|
2021-05-16 13:24:37 +02:00
|
|
|
""" connect to the chroot """
|
2023-08-14 19:41:33 +02:00
|
|
|
if not self.get_option('disable_root_check') and os.geteuid() != 0:
|
|
|
|
raise AnsibleError(
|
|
|
|
"chroot connection requires running as root. "
|
|
|
|
"You can override this check with the `disable_root_check` option.")
|
|
|
|
|
2020-03-09 10:11:07 +01:00
|
|
|
if os.path.isabs(self.get_option('chroot_exe')):
|
|
|
|
self.chroot_cmd = self.get_option('chroot_exe')
|
|
|
|
else:
|
|
|
|
try:
|
|
|
|
self.chroot_cmd = get_bin_path(self.get_option('chroot_exe'))
|
|
|
|
except ValueError as e:
|
|
|
|
raise AnsibleError(to_native(e))
|
|
|
|
|
|
|
|
super(Connection, self)._connect()
|
|
|
|
if not self._connected:
|
|
|
|
display.vvv("THIS IS A LOCAL CHROOT DIR", host=self.chroot)
|
|
|
|
self._connected = True
|
|
|
|
|
|
|
|
def _buffered_exec_command(self, cmd, stdin=subprocess.PIPE):
|
2021-05-16 13:24:37 +02:00
|
|
|
""" run a command on the chroot. This is only needed for implementing
|
2020-03-09 10:11:07 +01:00
|
|
|
put_file() get_file() so that we don't have to read the whole file
|
|
|
|
into memory.
|
|
|
|
|
|
|
|
compared to exec_command() it looses some niceties like being able to
|
|
|
|
return the process's exit code immediately.
|
2021-05-16 13:24:37 +02:00
|
|
|
"""
|
2020-03-09 10:11:07 +01:00
|
|
|
executable = self.get_option('executable')
|
|
|
|
local_cmd = [self.chroot_cmd, self.chroot, executable, '-c', cmd]
|
|
|
|
|
2021-05-16 13:24:37 +02:00
|
|
|
display.vvv("EXEC %s" % local_cmd, host=self.chroot)
|
2020-03-09 10:11:07 +01:00
|
|
|
local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd]
|
|
|
|
p = subprocess.Popen(local_cmd, shell=False, stdin=stdin,
|
|
|
|
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
|
|
|
|
|
|
|
return p
|
|
|
|
|
|
|
|
def exec_command(self, cmd, in_data=None, sudoable=False):
|
2021-05-16 13:24:37 +02:00
|
|
|
""" run a command on the chroot """
|
2020-03-09 10:11:07 +01:00
|
|
|
super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable)
|
|
|
|
|
|
|
|
p = self._buffered_exec_command(cmd)
|
|
|
|
|
|
|
|
stdout, stderr = p.communicate(in_data)
|
2021-05-16 13:24:37 +02:00
|
|
|
return p.returncode, stdout, stderr
|
2020-03-09 10:11:07 +01:00
|
|
|
|
2021-05-16 13:24:37 +02:00
|
|
|
@staticmethod
|
|
|
|
def _prefix_login_path(remote_path):
|
|
|
|
""" Make sure that we put files into a standard path
|
2020-03-09 10:11:07 +01:00
|
|
|
|
|
|
|
If a path is relative, then we need to choose where to put it.
|
|
|
|
ssh chooses $HOME but we aren't guaranteed that a home dir will
|
|
|
|
exist in any given chroot. So for now we're choosing "/" instead.
|
|
|
|
This also happens to be the former default.
|
|
|
|
|
|
|
|
Can revisit using $HOME instead if it's a problem
|
2021-05-16 13:24:37 +02:00
|
|
|
"""
|
2020-03-09 10:11:07 +01:00
|
|
|
if not remote_path.startswith(os.path.sep):
|
|
|
|
remote_path = os.path.join(os.path.sep, remote_path)
|
|
|
|
return os.path.normpath(remote_path)
|
|
|
|
|
|
|
|
def put_file(self, in_path, out_path):
|
2021-05-16 13:24:37 +02:00
|
|
|
""" transfer a file from local to chroot """
|
2020-03-09 10:11:07 +01:00
|
|
|
super(Connection, self).put_file(in_path, out_path)
|
|
|
|
display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.chroot)
|
|
|
|
|
|
|
|
out_path = shlex_quote(self._prefix_login_path(out_path))
|
|
|
|
try:
|
|
|
|
with open(to_bytes(in_path, errors='surrogate_or_strict'), 'rb') as in_file:
|
|
|
|
if not os.fstat(in_file.fileno()).st_size:
|
|
|
|
count = ' count=0'
|
|
|
|
else:
|
|
|
|
count = ''
|
|
|
|
try:
|
|
|
|
p = self._buffered_exec_command('dd of=%s bs=%s%s' % (out_path, BUFSIZE, count), stdin=in_file)
|
|
|
|
except OSError:
|
|
|
|
raise AnsibleError("chroot connection requires dd command in the chroot")
|
|
|
|
try:
|
|
|
|
stdout, stderr = p.communicate()
|
|
|
|
except Exception:
|
|
|
|
traceback.print_exc()
|
|
|
|
raise AnsibleError("failed to transfer file %s to %s" % (in_path, out_path))
|
|
|
|
if p.returncode != 0:
|
|
|
|
raise AnsibleError("failed to transfer file %s to %s:\n%s\n%s" % (in_path, out_path, stdout, stderr))
|
|
|
|
except IOError:
|
|
|
|
raise AnsibleError("file or module does not exist at: %s" % in_path)
|
|
|
|
|
|
|
|
def fetch_file(self, in_path, out_path):
|
2021-05-16 13:24:37 +02:00
|
|
|
""" fetch a file from chroot to local """
|
2020-03-09 10:11:07 +01:00
|
|
|
super(Connection, self).fetch_file(in_path, out_path)
|
|
|
|
display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.chroot)
|
|
|
|
|
|
|
|
in_path = shlex_quote(self._prefix_login_path(in_path))
|
|
|
|
try:
|
|
|
|
p = self._buffered_exec_command('dd if=%s bs=%s' % (in_path, BUFSIZE))
|
|
|
|
except OSError:
|
|
|
|
raise AnsibleError("chroot connection requires dd command in the chroot")
|
|
|
|
|
|
|
|
with open(to_bytes(out_path, errors='surrogate_or_strict'), 'wb+') as out_file:
|
|
|
|
try:
|
|
|
|
chunk = p.stdout.read(BUFSIZE)
|
|
|
|
while chunk:
|
|
|
|
out_file.write(chunk)
|
|
|
|
chunk = p.stdout.read(BUFSIZE)
|
|
|
|
except Exception:
|
|
|
|
traceback.print_exc()
|
|
|
|
raise AnsibleError("failed to transfer file %s to %s" % (in_path, out_path))
|
|
|
|
stdout, stderr = p.communicate()
|
|
|
|
if p.returncode != 0:
|
|
|
|
raise AnsibleError("failed to transfer file %s to %s:\n%s\n%s" % (in_path, out_path, stdout, stderr))
|
|
|
|
|
|
|
|
def close(self):
|
2021-05-16 13:24:37 +02:00
|
|
|
""" terminate the connection; nothing to do here """
|
2020-03-09 10:11:07 +01:00
|
|
|
super(Connection, self).close()
|
|
|
|
self._connected = False
|