On 07.08.2014 23:35, Michael DeHaan wrote:
"I'm putting it in ansible_ssh_host like this:
some_container ansible_connection=vzenter ansible_ssh_host=<SSH
host>|<CTID>"
Maybe like this:
ansible_ssh_host=hostname;container=CTID
I like that syntax, thanks. I'm thinking about doing something like:
ansible_connection=stack ansible_ssh_host=<connection plugin>=<hostname
for that plugin>;<connection layer>=<"hostname" for that layer>
If that could be implemented natively in Ansible's SSH.py, without
doing too much damage, I would be SUPER interested.
I don't think ssh.py (or any other specific connection plugin) is a good
place for this, I think it should rather be done as separate plugin or
in core.
That's because I'd like to see the same layers used with
local/ssh/accelerate.
I'd like to see something somewhat pluggable, and in order to take it,
it would need to support Docker initially.
Right, as Ansible already has a plugin system I think that should be
doable :-)
And being pluggable is a big part of it for me - I don't want to have
separate plugin for each base plugin/layer combination.
Though I do feel the "no SSH in containers" statement is a little
religious. They want to encourage automation, but when the automation
uses SSH, that's totally cool :)
For me it was either jump hosts or entering containers, and the latter
seemed more robust (I can access containers with broken networking :-))
On Thu, Aug 7, 2014 at 3:57 PM, Tomasz Kontusz
<[email protected] <mailto:[email protected]>> wrote:
On 07.08.2014 17:47, Alberto Berti wrote:
Hi,
sorry for the confusing precendence of my latter message, but
seems that
this message had some problems with gmane, so i'm resending
it....
"Tomasz" == Tomasz Kontusz
<[email protected]
<mailto:[email protected]>> writes:
Tomasz> On 04.08.2014 12:14, Filias Heidt wrote:
>> I thought the more generic "nesting" would be a good
thing, because
>> the next guy might want to control Docker instances or
Containers on
>> a remote host without them having a public IP. Maybe
I'll try to
>> write a connection plugin.
Tomasz> The way connection plugins work, it's not going
to be possible to nest
Tomasz> existing ones.
Tomasz> But what you can do is, create a new API for
"connection plugin
Tomasz> layers" that can be put on top of an existing
"base" connection
Tomasz> plugin.
Tomasz> Something like:
Tomasz> class ConnectionLayer(object):
Tomasz> def __init__(self, target_address):
Tomasz> """target_address is a part of
ansible_ssh_host for this
Tomasz> plugin, like jail's path"""
Tomasz> def wrap_command(self, command):
Tomasz> """Wraps the command in chroot/jail/etc."""
Tomasz> def unwrap_result(self, rc, stdout, stderr):
Tomasz> """Takes whatever the wrapped command
returned after being run
Tomasz> by the base connection plugin,
Tomasz> and returns a new tuple of (rc, stdout,
stderr)"""
Tomasz> def wrap_path(self, path):
Tomasz> """Takes a path inside
container/chroot/jail and translates it
Tomasz> into host path."""
any update on this? I would like to use nsenter [1]_ to run
commands
inside the container (how to transfer files is a detail i have
yet to
analyze) to work on docker containers either locally or on a
remote
host, and i would really like to contribute to and use a layer
like
this. Unfortunately i'm quite new to ansible and not all the
details
involving connections are clear to me.
I'll see what I can do, but I wouldn't hold my breath about
opening the one I wrote at work.
And hey, it's always a good time to rewrite something :-)
Tomasz> I would actually like to see something like
this, as I've written a
Tomasz> OpenVZ-over-SSH connection plugin at work (and I
can already give you
Tomasz> a hint: don't try to put host address anywhere
but ansible_ssh_host,
Tomasz> this variable gets special treatment. I've tried
to have separate
Tomasz> ansible_vzenter_ctid, and in the end had to
rewrite that part).
Nice! openvz is the other virtualization system i use :-)
So, where you store the ctid? in to so other host related
variable? Can
you say more about having something like a variable
ansible_vzenter_ctid
is not feasible?
I'm putting it in ansible_ssh_host like this:
some_container ansible_connection=vzenter ansible_ssh_host=<SSH
host>|<CTID>
Using variable other than ansible_ssh_host is not feasible, as
they are not provided to connection plugins.
You can extract them from runner (as connection plugins do get
access to runner), but you can't support the delegate_to: '{{ item
}}' pattern this way (as you don't get access to loop items).
Cheers,
Alberto
--
You received this message because you are subscribed to the Google
Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected]
<mailto:ansible-project%[email protected]>.
To post to this group, send email to
[email protected]
<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/53E3DA41.7050904%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google
Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
To post to this group, send email to [email protected]
<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwx54dt5OAZOyU4ZG28JeTwgvKw6cffGAUtAWiScbZiuw%40mail.gmail.com
<https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwx54dt5OAZOyU4ZG28JeTwgvKw6cffGAUtAWiScbZiuw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/53E3F519.2030501%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
