On 04.08.2014 12:14, Filias Heidt wrote:
I thought the more generic "nesting" would be a good thing, because
the next guy might want to control Docker instances or Containers on a
remote host without them having a public IP. Maybe I'll try to write a
connection plugin.
The way connection plugins work, it's not going to be possible to nest
existing ones.
But what you can do is, create a new API for "connection plugin layers"
that can be put on top of an existing "base" connection plugin.
Something like:
class ConnectionLayer(object):
def __init__(self, target_address):
"""target_address is a part of ansible_ssh_host for this
plugin, like jail's path"""
def wrap_command(self, command):
"""Wraps the command in chroot/jail/etc."""
def unwrap_result(self, rc, stdout, stderr):
"""Takes whatever the wrapped command returned after being run
by the base connection plugin,
and returns a new tuple of (rc, stdout, stderr)"""
def wrap_path(self, path):
"""Takes a path inside container/chroot/jail and translates it
into host path."""
I'm not really sure if passing continuations or some "lower layers"
object wouldn't make this a better API, but I think it touched the most
important point.
I would actually like to see something like this, as I've written a
OpenVZ-over-SSH connection plugin at work (and I can already give you a
hint: don't try to put host address anywhere but ansible_ssh_host, this
variable gets special treatment. I've tried to have separate
ansible_vzenter_ctid, and in the end had to rewrite that part).
@Karl: This is not possible, because some of the Jails don't even run
SSH. You SSH into the Host and run commands inside the jails via "jexec".
On Friday, August 1, 2014 12:44:25 AM UTC+2, Michael DeHaan wrote:
It's not going to be possible to nest them.
What I think you are asking for is some way to do "remote jail
management" which is going to be, unfortunately, probably a new
connection plugin that might not be easy.
I hate to say it, but this is why cloud VMs and things like
bridged networking are so great, where each VM can get an IP.
I'm open to the idea of seeing another connection plugin for this,
but I doubt we'd want to maintain it in core. I could be wrong -
I can see the idea of having something like this to be a pretty
cool thing for some very specific use cases.
On Thu, Jul 31, 2014 at 6:38 AM, Filias Heidt <[email protected]>
wrote:
Hi all,
I'm getting my feet wet in ansible and I'm pretty exited so
far. But I think I discovered a use case, which might be of
interest for others:
We have numerous hosts with jails on them and would like to
manage the jails with ansible - and not all jails are
accessible via SSH, but all hosts are accessible via SSH. I
would like to be able to "nest" the jail connection plugin
with the ssh connection plugin, so I can connect to a host
normally and then connect via the jail plugin to a specific
jail and execute commands in there.
Of course I would have to specify on which host to look for
the jail.
What do you think about this? If its not too hard to
implement, I would consider writing a patch, but would need
some help with that.
If thats already possible, please ignore this - I was asking
on the IRC-Channel about this and all I found out was, that a
jail connection plugin already exists, but is limited to local
use.
Cheerio,
Filias
--
You received this message because you are subscribed to the
Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/19385348-1f70-4ac7-ac7a-cdc98abc4de9%40googlegroups.com
<https://groups.google.com/d/msgid/ansible-project/19385348-1f70-4ac7-ac7a-cdc98abc4de9%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.
--
You received this message because you are subscribed to the Google
Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
To post to this group, send email to [email protected]
<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/df44d2bb-02fd-437d-8343-bfb30b650c3b%40googlegroups.com
<https://groups.google.com/d/msgid/ansible-project/df44d2bb-02fd-437d-8343-bfb30b650c3b%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/53DFDA86.9060205%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
