Merge pull request 'Commit changes to /etc of lxc containers that are git repositories' (#149) from lxc_etc-commit into unstable

Reviewed-on: #149
2022-03-30 16:36:38 +02:00 · 2022-03-30 16:36:38 +02:00 · ef50defc0a
parent 31c2629d31 5dc6a1d36b
commit ef50defc0a
3 changed files with 63 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -13,6 +13,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 ### Added

 * minifirewall: configure proxy/backup/sysctl values
+* etc-git: Commit /etc in lxc containers when they are git repositories

 ### Changed

--- a/etc-git/tasks/commit.yml
+++ b/etc-git/tasks/commit.yml
@ -50,3 +50,30 @@
  when:
    - _usr_share_scripts_git.stat.exists
    - _usr_share_scripts_git.stat.isdir
+
+- name: Check if there are lxc containers
+  stat:
+    path: /var/lib/lxc
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
+  register: _var_lib_lxc
+
+- name: Get lxc containers and commit their /etc when needed
+  block:
+    - name: Get all lxc containers
+      find:
+        paths: /var/lib/lxc
+        recurse: no
+        file_type: directory
+      register: _lxc_containers
+
+    - name: "Commit /etc in all containers"
+      include_tasks:
+        file: lxc_commit.yml
+      loop: "{{ _lxc_containers.files | map(attribute='path') | map('basename') }}"
+      loop_control:
+        loop_var: container
+  when:
+    - _var_lib_lxc.stat.exists
+    - _var_lib_lxc.stat.isdir or _var_lib_lxc.stat.islnk
--- a/etc-git/tasks/lxc_commit.yml
+++ b/etc-git/tasks/lxc_commit.yml
@ -0,0 +1,35 @@
+---
+- name: "Assert that we have been called with `container` defined"
+  assert:
+    that:
+      - container is defined
+
+- name: "Define path to /etc in {{ container }} container"
+  set_fact:
+    container_etc: "{{ ('/var/lib/lxc', container, 'rootfs/etc') | path_join }}"
+
+- name: "Check if /etc is a git repository in {{ container }}"
+  stat:
+    path: "{{ (container_etc, '.git') | path_join }}"
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
+  register: "container_etc_git"
+
+- name: "Evocommit /etc of {{ container }}"
+  command:
+    argv:
+      - /usr/local/bin/evocommit
+      - '--ansible'
+      - '--repository'
+      - "{{ container_etc }}"
+      - '--message'
+      - "{{ commit_message | mandatory }}"
+  changed_when:
+    - "container_etc_git_commit.stdout"
+    - "'CHANGED:' in container_etc_git_commit.stdout"
+  ignore_errors: yes
+  register: "container_etc_git_commit"
+  when:
+    - "container_etc_git.stat.exists"
+    - "container_etc_git.stat.isdir"