Commit graph

41 commits

Author SHA1 Message Date
Michael Scherer
7120fb4b01 Properly label path argument with type='path' (#1940) 2016-04-07 11:25:04 -04:00
Evgeni Golov
6bfd2846f8 don't create world-readable archives of LXC containers
with the default umask tar will create a world-readable archive of the

container, which may contain sensitive data



Signed-off-by: Evgeni Golov <evgeni@golov.de>
2016-04-04 11:28:22 -04:00
Evgeni Golov
7c3999a92a do not use a predictable filenames in the LXC plugin
* do not use a predictable filename for the LXC attach script

* don't use predictable filenames for LXC attach script logging

* don't set a predictable archive_path



this should prevent symlink attacks which could result in

* data corruption

* data leakage

* privilege escalation
2016-04-02 01:20:42 -07:00
René Moser
fb3d584abd Merge pull request #1933 from evgeni/no-lxc-default.conf
do not set a default config for lxc containers
2016-04-01 13:29:04 +02:00
Evgeni Golov
185bcbd8f7 explicitly set "default: null" in the docs 2016-04-01 11:04:35 +02:00
Chris Porter
da84e2e9b8 fix security vulnerability in lxc module
octal/decimal confusion makes file world-writable before executing it
2016-03-31 22:55:44 +01:00
Evgeni Golov
71b0067aa6 do not set a default config for lxc containers
otherwise deploying user-containers fail as these require information
from ~/.config/lxc/default.conf that the LXC tools will load if no
--config was supplied

Signed-off-by: Evgeni Golov <evgeni@golov.de>
2016-03-30 17:08:42 +02:00
Ritesh Khadgaray
040b358770 Fix test failure for lxc_container
TRACE:
    while parsing a block mapping
      in "<string>", line 33, column 13:
                    description: resulting state of  ...
                    ^
    expected <block end>, but found ','
      in "lxc_container.RETURN", line 419, column 53:
         ... "/tmp/test-container-config.tar",

ERROR: RETURN is not valid YAML. Line 419 column 53
2016-03-13 12:58:51 +05:30
Brian Coca
be66e9d297 add container name to return and document return
fixes #1848
2016-03-12 16:06:02 -05:00
Michael Scherer
2f3dc1352f Replace choices=BOOLEANS by type='bool', fix #1326 2015-12-21 23:39:20 +01:00
Toshio Kuratomi
cbed642009 Simplify code 2015-12-09 12:08:06 -08:00
Alex Punco
29c8b50d56 fix creation containers on btrfs subvolumes 2015-08-28 13:26:21 +03:00
Brian Coca
7a0bfd91bb updated docs to new choice option 2015-08-21 18:07:20 -04:00
Daniël
b56e5c670b add zfs backing store support 2015-08-21 19:42:08 +02:00
Toshio Kuratomi
a5da6da2d6 Merge pull request #638 from jpic/fix/define-HAS_LXC
Define HAS_LXC even if import lxc doesn't fail.
2015-06-23 11:42:46 -07:00
jpic
c4d2472148 Fixed lxc option parsing.
This fixes::

    Traceback (most recent call last):
      File "/home/jpic/.ansible/tmp/ansible-tmp-1435080916.98-133068627776311/lxc_container", line 3355, in <module>
        main()
      File "/home/jpic/.ansible/tmp/ansible-tmp-1435080916.98-133068627776311/lxc_container", line 1724, in main
        lxc_manage.run()
      File "/home/jpic/.ansible/tmp/ansible-tmp-1435080916.98-133068627776311/lxc_container", line 1605, in run
        action()
      File "/home/jpic/.ansible/tmp/ansible-tmp-1435080916.98-133068627776311/lxc_container", line 1145, in _started
        self._config()
      File "/home/jpic/.ansible/tmp/ansible-tmp-1435080916.98-133068627776311/lxc_container", line 714, in _config
        _, _value = option_line.split('=')
    ValueError: too many values to unpack

With such a task::

    tasks:
    - lxc_container:
        name: buildbot-master
        container_config:
        - "lxc.mount.entry = {{ cwd }} srv/peopletest none defaults,bind,uid=0,create=dir 0 0"
2015-06-23 19:38:51 +02:00
jpic
d8063b913e Define HAS_LXC even if import lxc doesn't fail.
This fixes::

    Traceback (most recent call last):
      File "/home/jpic/.ansible/tmp/ansible-tmp-1435080800.61-38257321141340/lxc_container", line 3353, in <module>
        main()
      File "/home/jpic/.ansible/tmp/ansible-tmp-1435080800.61-38257321141340/lxc_container", line 1712, in main
        if not HAS_LXC:
    NameError: global name 'HAS_LXC' is not defined
2015-06-23 19:36:43 +02:00
Greg DeKoenigsberg
7108b77c17 Merge pull request #606 from cloudnull/lxc-restart-fix
Fix the lxc container restart state
2015-06-16 23:49:55 -04:00
Greg DeKoenigsberg
004dedba8a Changes to author formatting, remove emails 2015-06-16 14:32:39 -04:00
Kevin Carter
391df0ffe0 Updates the doc information for the python2-lxc dep
The python2-lxc library has been uploaded to pypi as such this commit
updates the requirements and doc information for the module such that
it instructs the user to install the pip package "lxc-python2" while
also noting that the package could be gotten from source as well. In
the update comments have been added to the requirements list which
notes where the package should come from,

Closes-Bug: https://github.com/ansible/ansible-modules-extras/issues/550
2015-06-16 11:33:13 -04:00
Kevin Carter
37db619234 lxc_container: remove BabyJSON
Removed the usage of baby json. This is in response to the fact
that the baby json functionality was removed in Ansible 1.8

Ref: https://github.com/ansible/ansible-modules-extras/issues/430
2015-06-16 11:33:13 -04:00
Kevin Carter
d3b3d7ff3c Fix the lxc container restart state
The lxc container restart state does not ensure that the container
is in fact started unless another config or command is passed into
the task. to fix this the module simply needs to have the function
call added ``self._container_startup()`` after the container is
put into a stopped state.

Signed-off By: Kevin Carter <kevin.carter@rackspace.com>
2015-06-13 13:56:26 -05:00
Brian Coca
78035779f6 Merge pull request #567 from cloudnull/lxc-package-doc-update
Updates the doc information for the python2-lxc dep
2015-06-09 18:34:17 -04:00
Kevin Carter
858f9e3601 Updates the doc information for the python2-lxc dep
The python2-lxc library has been uploaded to pypi as such this commit
updates the requirements and doc information for the module such that
it instructs the user to install the pip package "lxc-python2" while
also noting that the package could be gotten from source as well. In
the update comments have been added to the requirements list which
notes where the package should come from,

Closes-Bug: https://github.com/ansible/ansible-modules-extras/issues/550
2015-06-01 15:34:56 -05:00
Kevin Carter
61aab829ed lxc_container: remove BabyJSON
Removed the usage of baby json. This is in response to the fact
that the baby json functionality was removed in Ansible 1.8

Ref: https://github.com/ansible/ansible-modules-extras/issues/430
2015-06-01 15:15:37 -05:00
Brian Coca
bceeba224f fix doc parsing by correctly quoting author 2015-05-14 09:19:24 -04:00
Brian Coca
67ccbd3bc0 more minor docfixes 2015-05-14 09:19:24 -04:00
Kevin Carter
fd0c21df27 Updated lxc module to remove the clone state
The clone state was removed in favor of making the module more
declarative. This change was done in response to review in PR #328
from @bcoca.

In the commit new examples were created on how this feature works.
2015-05-13 21:32:36 -05:00
Greg DeKoenigsberg
9180538277 Adding author's github id 2015-05-13 14:15:37 -04:00
Brian Coca
56f466c70d Merge pull request #328 from cloudnull/lxc-overlayfs-feature
Added overlayfs backend type to the lxc_container module
2015-05-13 14:01:23 -04:00
Brian Coca
bfb8868d8b Merge pull request #469 from sigmavirus24/lxc-bug-fix
Interpolate container name into error message
2015-05-13 14:00:37 -04:00
Toshio Kuratomi
a589a66710 Update module documentation if modules have a dep on python2.6+ 2015-05-11 10:09:56 -07:00
Ian Cordasco
deb11be684 Interpolate container name into error message
In the event failed to start, the container name was not being properly
interpolated into the error message.
2015-05-08 21:18:59 -05:00
Brian Coca
c5f787e6df Merge pull request #357 from bcoca/lxc_container_home_fix
Lxc container home fix
2015-03-30 22:12:11 -04:00
Brian Coca
ee7fbcf418 minor fix to method of finding home as previous could 'overmatch' 2015-03-30 22:11:17 -04:00
Kevin Carter
2f188600a8 Added overlayfs backend type to the lxc_container module
This commit adds the overlayfs type to the lxc_container module. In
Adding the overlayfs type the commit adds the ability to clone a
container. While cloning is not locked down to only the overlayfs
container backend it is of particular interest when using the overlayfs
backend as it provides for amazingly fast snapshots.

Changes to the resource types and documentation have been added on how
the new backend type can be used along with the clone operation.

This PR addresses a question asked on the original merged pull request
for overlayfs support which came from @fghaas on PR
"https://github.com/ansible/ansible-modules-extras/pull/123".

The overlayfs archive function is a first class function and will
allow for the containers to be backed-up using all methods which
brings support up to that of all other storage backends.
2015-03-23 19:31:03 -05:00
Kevin Carter
24cfcd2497 Updated lxc_container module to fix option parsing
The option parsing object within the module was performing a split
on an '=' sign and assuming that there would only ever be one '='
in a user provided option. Sadly, the assumption is incorrect and
the list comprehension that is building the options list needs to
be set to split on the first occurrence of an '=' sign in a given
option string. This commit adds the required change to make it
possible for options to contain additional '=' signs and be handled
correctly.
2015-03-18 23:33:33 -05:00
Brian Coca
bb886a595d updated lxc-containter docs to reflect new name 2015-02-27 09:19:51 -05:00
Maciej Delmanowski
528e1a644c Rename 'lxc-container' module to 'lxc_container'
This is done to keep the convention of naming modules with underscores
instead of hypens.
2015-02-27 13:00:49 +01:00
Kevin Carter
99359fc4e2 Updated volume create methods for a more consistent process
The volume create methods were making an assumption on the unit
sizes being presented by the `vgdisplay` and the `lvdisplay`
commands. To correct the assumption the commands will now enforce
a unit size of "g" which will alway convert sives to gigabytes.
This was an issue brought up by @hughsaunders.
2014-12-02 08:18:00 -06:00
Kevin Carter
4446e4642e Added new module to support LXC containers
The new module will allow users to control LXC containers from ansible.
The module was built for use in LXC >= 1.0 or greater and implements most
of what can be done using the various lxc clients with regards to running
containers. This first module is geared only at managing lxc containers.

The module provides:
  build containers
  destroy containers
  archive containers
  info from a single container
  start / stop / restart containers
  run commands within containers
  add/modify lxc config for a container
  supports backends including LVM
2014-11-27 10:47:33 -06:00