Ansible remote chroot experimentation

00-full-command-transcript.sh

#!/bin/bash

# do this on localhost (deployment host)
# ensure that there's a local ssh private key
ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa

# now make sure that the public key is in the second host's authorized_keys
# then do a test ssh connection to make sure it works, and to add the host
# to known hosts

apt-get update && \
  apt-get purge -y nano && \
  apt-get install -y git vim tmux fail2ban build-essential python2.7 python-dev libssl-dev libffi-dev lxc lxc-dev

curl --silent --show-error --retry 5 https://bootstrap.pypa.io/get-pip.py | sudo python2.7

pip install -U ansible==2.2.0 lxc-python2

git config --global user.email "user@example.com"
git config --global user.name "User"
git config --global push.default matching
git config --global --add gitreview.username "user"

mkdir -p ~/.ansible
git clone https://github.com/openstack/openstack-ansible-plugins.git ~/.ansible/plugins
cd ~/.ansible/plugins
git fetch https://git.openstack.org/openstack/openstack-ansible-plugins refs/changes/38/400338/6 && git cherry-pick FETCH_HEAD

cd ~
ansible-playbook -i 01-inventory.ini 02-playbook.yml -vvv

01-inventory.ini

[all]
localhost ansible_host=localhost
container1 physical_host=localhost
chroot1 physical_host=localhost chroot_path=/opt/chroot1

[all_containers]
container1

[all_chroots]
chroot1

02-playbook.yml

---
- name: Prepare LXC host and container
  hosts: localhost
  gather_facts: yes
  tasks:

    - name: Create the container
      lxc_container:
        name: container1
        template: download
        state: started
        backing_store: dir
        template_options: --dist ubuntu --release xenial --arch amd64 --keyserver hkp://p80.pool.sks-keyservers.net:80

    - name: Create the chroot folder
      file:
        path: /opt/chroot1
        state: directory
      register: _chroot_dir

    - name: Extract a rootfs into the chroot
      shell: tar -xJf /var/cache/lxc/download/ubuntu/xenial/amd64/default/rootfs.tar.xz -C /opt/chroot1
      when: _chroot_dir | changed

    - name: Deploy the chroot/container prep script
      copy:
        content: |
          #!/usr/bin/env bash
          set -e -x
          export DEBIAN_FRONTEND=noninteractive
          apt-get update
          apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes python2.7
          rm -f /usr/bin/python
          ln -s /usr/bin/python2.7 /usr/bin/python
          userdel --force --remove ubuntu || true
          apt-get clean
        dest: "{{ item }}/usr/local/bin/cache-prep-commands.sh"
        mode: "0755"
      register: _prep_script
      with_items:
        - "/var/lib/lxc/container1/rootfs"
        - "/opt/chroot1"

    - name: Execute the chroot/container prep script
      command: "chroot {{ item.item }} /usr/local/bin/cache-prep-commands.sh"
      when: "{{ item.changed | bool }}"
      with_items: "{{ _prep_script['results'] }}"

- name: Demonstrate the connection plugin use to the container without SSH
  hosts: container1
  gather_facts: no
  tasks:

    - name: List the contents of a folder
      command: ls -al /usr/local/bin/

- name: Demonstrate the connection plugin use to the chroot
  hosts: chroot1
  gather_facts: no
  tasks:

    - name: List the contents of a folder
      command: ls -al /usr/local/bin/

group_vars-all_chroots.yml

---
ansible_host: "{{ physical_hostname }}"
physical_hostname: "{{ hostvars[physical_host]['ansible_host'] }}"

group_vars-all_containers.yml

---
ansible_host: "{{ physical_hostname }}"
ansible_user: root
container_name: "{{ inventory_hostname }}"
physical_hostname: "{{ hostvars[physical_host]['ansible_host'] }}"