Connection backend to manage remote LXC containers

Archives Ansible Developer
1

Hello,

I recently submitted a pull request to add support for managing LXC
containers with ansible by directly ssh'ing on the host.

The pull request contains some change to the ssh connection plugin, and
while it shouldn't break anything, I'd feel more comfortable if other
people familiar ansible reviewed it.

https://github.com/ansible/ansible/pull/9427

The ssh.Connection._communicate method was rewritten to allow more
flexible handling of ssh's stdin/stdout/stderr.

Until now, everything was completely buffered in memory (stdin was read
from a str, stdout/stderr were written to a str). My pull request
introduce a system of callback to deal with the data coming in/out of
the process.

The default behavior of buffering everything in memory remains
unchanged, but the callback system allows more flexibility. For example,
it's possible to write a callback to pipe big files directly through
ssh.

This new possibility is used in the LXC connextion plugin, which pipes
files in and out of ssh instead of using sftp/scp for transfering files.

Gu1.

2

Hi Gu1,

I’m not sure I’m comfortable with such a large change to ssh.py to support raw LXC, in interest that more people are adopting Docker variants and we would not want to maintain both.

Generally, we have tried to avoid connection plugins that go through multiple layers, especially as a lot of these setups are moving towards immutable management.

That all being said, I’m curious to hear a bit more about this - how do you express which remote container to manage?

–Michael

3

Hi Micheal,

The changes to the ssh connection plugin are here to make it more
flexible and reusable, and are not necessarily lxc-specific.

One could also easily write a remote-chroot or remote-docker connection
plugin (using nsenter), if my PR were to be merged.

I'd also like to point the fact that the lxc plugin itself mostly reuse
features of the ssh connexion plugin, and shouldn't be that hard to
maintain.

You can find an example hosts entry in the class's docstring:

container_name ansible_ssh_user=user ansible_ssh_host=1.2.3.4
ansible_ssh_port=22 ansible_connection=lxc_remote

The plugin can also work in combinaison with sudo and su, In this case
sudo / su are executed on the host, before lxc-attach.

Even if the lxc connection plugin itself can't be merged, could you
consider merging just the ssh.py bits ? It would make it more flexible
and allow for people to reuse it to write their own connection plugins.

Gu1.

4

I can think about it, I am not sure what our strategy for connection hopping is going to be just yet. I think it may need to wait for the v2/ refactoring to get further along to consider this, though I probably won’t delay v2/ for this purpose, we may want to get that done first and then consider that on top of that tree.