Add parameter hooks to inventory plugin iocage #9650

vbotka · 2025-01-30T12:54:25Z

Summary

(Use case: root access on the iocage host is not needed to create inventory.)

The parameter hooks_results is a list of files inside a jail that provide configuration parameters for the inventory. For example,

hooks_results:
  - /var/db/dhclient-hook.address.epair0b

may provide the IP address of the interface epair0b, obtained by dhclient. Then, the inventory plugin creates the variable iocage_hooks

iocage_hooks:
  - 10.1.0.130

This can be used to compose ansible_host

compose:
  ansible_host: iocage_hooks.0

Privilege escalation is not needed if the file /var/db/dhclient-hook.address.epair0b is readable by the user logged on to the iocage host.

As a side note: the file in the above example is created by this hook

shell> cat /etc/dhclient-exit-hooks 
case "$reason" in
    "BOUND"|"REBIND"|"REBOOT"|"RENEW")
    echo $new_ip_address > /var/db/dhclient-hook.address.$interface
    ;;
esac

Issue Type

Feature Idea

Component Name

plugins/inventory/iocage.py

Additional Information

Example 1

Given the jails (as root at iocage host 10.1.0.18)

shell> iocage list -lh
38	test_101	off	up	jail	13.4-RELEASE-p2	epair0b|10.1.0.130	-	ansible_client	no
39	test_102	off	up	jail	13.4-RELEASE-p2	epair0b|10.1.0.245	-	ansible_client	no
40	test_103	off	up	jail	13.4-RELEASE-p2	epair0b|10.1.0.180	-	ansible_client	no

the configuration

shell> cat iocage.yml
plugin: community.general.iocage
host: 10.1.0.18
user: admin
hooks_results:
  - /var/db/dhclient-hook.address.epair0b
compose:
  ansible_host: iocage_hooks.0
groups:
  test_01: inventory_hostname.startswith('test')

gives

shell> ansible-inventory -i iocage.yml --list --yaml
all:
  children:
    test_01:
      hosts:
        test_101:
          ansible_host: 10.1.0.130
          iocage_basejail: 'no'
          iocage_boot: 'off'
          iocage_hooks:
          - 10.1.0.130
          iocage_ip4: '-'
          iocage_ip4_dict:
            ip4: []
            msg: DHCP (running -- address requires root)
          iocage_ip6: '-'
          iocage_jid: '38'
          iocage_release: 13.4-RELEASE-p2
          iocage_state: up
          iocage_template: ansible_client
          iocage_type: jail
        test_102:
          ansible_host: 10.1.0.245
          iocage_basejail: 'no'
          iocage_boot: 'off'
          iocage_hooks:
          - 10.1.0.245
          iocage_ip4: '-'
          iocage_ip4_dict:
            ip4: []
            msg: DHCP (running -- address requires root)
          iocage_ip6: '-'
          iocage_jid: '39'
          iocage_release: 13.4-RELEASE-p2
          iocage_state: up
          iocage_template: ansible_client
          iocage_type: jail
        test_103:
          ansible_host: 10.1.0.180
          iocage_basejail: 'no'
          iocage_boot: 'off'
          iocage_hooks:
          - 10.1.0.180
          iocage_ip4: '-'
          iocage_ip4_dict:
            ip4: []
            msg: DHCP (running -- address requires root)
          iocage_ip6: '-'
          iocage_jid: '40'
          iocage_release: 13.4-RELEASE-p2
          iocage_state: up
          iocage_template: ansible_client
          iocage_type: jail

Example 2

This example demonstrates the advantage of silently ignoring failed hooks_results items over explicit error handling.

Given the jails

# iocage list -lh
88	7509aed0	off	up	jail	14.1-RELEASE-p6	epair0b|10.1.0.156	-	ansible_client	no
89	e3c34e4f	off	up	jail	14.1-RELEASE-p6	epair0b|10.1.0.243	-	ansible_client	no
87	test_111	off	up	jail	14.1-RELEASE-p6	em0|10.1.0.111/24	-	ansible_client	no

the below inventory configuration uses iocage_hooks.0 to create ansible_host for the first two DHCP jails. The last jail test_111, with the fixed IP address, defaults to iocage_ip4 because the failed hooks_results item results in iocage_hooks.0 == '-'

shell> cat hosts/02_iocage.yml 
plugin: community.general.iocage
host: 10.1.0.73
user: admin
env:
  CRYPTOGRAPHY_OPENSSL_NO_LEGACY: 1
hooks_results:
  - /var/db/dhclient-hook.address.epair0b
compose:
  ansible_host: (iocage_hooks.0 == '-') | ternary(iocage_ip4, iocage_hooks.0)

Then, the below play

shell> cat pb.yml
- hosts: all
  remote_user: admin
    
  tasks:

    - ansible.builtin.debug:
        msg: |
          ansible_host: {{ ansible_host }}
          iocage_hooks: {{ iocage_hooks }}

gives (abridged)

shell> ansible-playbook pb.yml -i hosts
  ...
ok: [7509aed0] => 
    msg: |-
        ansible_host: 10.1.0.156
        iocage_hooks: ['10.1.0.156']
ok: [e3c34e4f] => 
    msg: |-
        ansible_host: 10.1.0.243
        iocage_hooks: ['10.1.0.243']
ok: [test_111] => 
    msg: |-
        ansible_host: 10.1.0.111
        iocage_hooks: ['-']

Code of Conduct

I agree to follow the Ansible Code of Conduct
[ ]

ansibullbot · 2025-01-30T12:59:26Z

Files identified in the description:

plugins/inventory/iocage.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

* Add parameter hooks to inventory plugin iocage. * Add changelog fragment. * Update plugins/inventory/iocage.py Co-authored-by: Felix Fontein <[email protected]> * Parameter renamed to hooks_results * Fix DOCUMENTATION YAML 4-space indentation. * Fix DOCUMENTATION YAML 2-space indentation. * Update changelogs/fragments/9651-iocage-inventory-hooks.yml Co-authored-by: Felix Fontein <[email protected]> * Add note about activated pool mountpoint. --------- Co-authored-by: Felix Fontein <[email protected]>

* Add parameter hooks to inventory plugin iocage. * Add changelog fragment. * Update plugins/inventory/iocage.py Co-authored-by: Felix Fontein <[email protected]> * Parameter renamed to hooks_results * Fix DOCUMENTATION YAML 4-space indentation. * Fix DOCUMENTATION YAML 2-space indentation. * Update changelogs/fragments/9651-iocage-inventory-hooks.yml Co-authored-by: Felix Fontein <[email protected]> * Add note about activated pool mountpoint. --------- Co-authored-by: Felix Fontein <[email protected]> (cherry picked from commit fdd1331)

… hooks to inventory plugin iocage (#9731) Implement #9650 Add parameter hooks to inventory plugin iocage (#9651) * Add parameter hooks to inventory plugin iocage. * Add changelog fragment. * Update plugins/inventory/iocage.py Co-authored-by: Felix Fontein <[email protected]> * Parameter renamed to hooks_results * Fix DOCUMENTATION YAML 4-space indentation. * Fix DOCUMENTATION YAML 2-space indentation. * Update changelogs/fragments/9651-iocage-inventory-hooks.yml Co-authored-by: Felix Fontein <[email protected]> * Add note about activated pool mountpoint. --------- Co-authored-by: Felix Fontein <[email protected]> (cherry picked from commit fdd1331) Co-authored-by: Vladimir Botka <[email protected]>

ansibullbot added feature This issue/PR relates to a feature request inventory inventory plugin plugins plugin (any type) labels Jan 30, 2025

vbotka mentioned this issue Jan 30, 2025

Implement #9650 Add parameter hooks to inventory plugin iocage #9651

Merged

ansibullbot added the has_pr label Feb 9, 2025

patchback bot mentioned this issue Feb 11, 2025

[PR #9651/fdd1331e backport][stable-10] Implement #9650 Add parameter hooks to inventory plugin iocage #9731

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add parameter hooks to inventory plugin iocage #9650

Add parameter hooks to inventory plugin iocage #9650

vbotka commented Jan 30, 2025 •

edited

Loading

ansibullbot commented Jan 30, 2025

Add parameter hooks to inventory plugin iocage #9650

Add parameter hooks to inventory plugin iocage #9650

Comments

vbotka commented Jan 30, 2025 • edited Loading

Summary

Issue Type

Component Name

Additional Information

Code of Conduct

ansibullbot commented Jan 30, 2025

vbotka commented Jan 30, 2025 •

edited

Loading