やりたいこと
- CentOSのLXCコンテナを指定した設定でAnsibleでゴンゴンと立てる playbook を書きたい
- パスワードとかも立てるときに設定してしまいたい
問題点
- LXCのCentOSのテンプレートにはrootのパスワードを指定するオプションがない
CentOSテンプレートのusage
usage:
/usr/share/lxc/templates/lxc-centos -n|--name=<container_name>
[-p|--path=<path>] [-c|--clean] [-R|--release=<CentOS_release>] [-a|--arch=<arch of the container>]
[-h|--help]
Mandatory args:
-n,--name container name, used to as an identifier for that container from now on
Optional args:
-p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc/name.
-c,--clean clean the cache
-R,--release CentOS release for the new container. If the host is CentOS, then it will default to the host's release.
--fqdn fully qualified domain name (FQDN) for DNS and system naming
--repo repository to use (url)
-a,--arch Define what arch the container will be [i686,x86_64]
-h,--help print this help
- lxc-create -n centos -t centos などでコンテナを作ると、ランダムなrootパスワードが設定され、 /var/lib/lxc/centos/tmp_root_pass に保存される
調査
- CentOSのテンプレート /usr/lib/share/lxc/lxc-centos に次の記述がある
/usr/lib/share/lxc/lxc-centos(抜粋)
# Some combinations of the tuning knobs below do not exactly make sense.
# but that's ok.
#
# If the "root_password" is non-blank, use it, else set a default.
# This can be passed to the script as an environment variable and is
# set by a shell conditional assignment. Looks weird but it is what it is.
#
# If the root password contains a ding ($) then try to expand it.
# That will pick up things like ${name} and ${RANDOM}.
# If the root password contains more than 3 consecutive X's, pass it as
# a template to mktemp and take the result.
#
# If root_display_password = yes, display the temporary root password at exit.
# If root_store_password = yes, store it in the configuration directory
# If root_prompt_password = yes, invoke "passwd" to force the user to change
# the root password after the container is created.
# If root_expire_password = yes, you will be prompted to change the root
# password at the first login.
#
# These are conditional assignments... The can be overridden from the
# preexisting environment variables...
#
# Make sure this is in single quotes to defer expansion to later!
# :{root_password='Root-${name}-${RANDOM}'}
: ${root_password='Root-${name}-XXXXXX'}
# Now, it doesn't make much sense to display, store, and force change
# together. But, we gotta test, right???
: ${root_display_password='no'}
: ${root_store_password='yes'}
# Prompting for something interactive has potential for mayhem
# with users running under the API... Don't default to "yes"
: ${root_prompt_password='no'}
# Expire root password? Default to yes, but can be overridden from
# the environment variable
: ${root_expire_password='yes'}
- root_password とかいう、名前そのままの環境変数が空でなければ、それがデフォルトとして設定される
- 空の場合は、すでに述べたとおり、Root-${name}-${RANDOM}というランダムなパスワードが設定される
- sudo root_password=password lxc-create -n centos -t centos をやってみたら、rootのパスワードはpasswordでいけた
- root_expire_password=noを設定すると、初回ログイン時にパスワード変更は必要なくなる
暫定的な解決策
- playbookのタスクで、environmentを使ってこんなふうに書けば良い
create-centos-container.yml
- hosts: localhost
tasks:
- name: create centos containers
lxc_container:
name: centos-test
template: centos
container_config:
- lxc.network.ipv4=10.0.3.10/24
template_options: ''
environment:
root_password: password
root_expire_password: no
become: true