Ansible:检测 Linux 文件系统是否以只读方式挂载 [英] Ansible: Detect if a Linux filesystem is mounted read-only

问题描述

我正在尝试检测特定文件系统是否在 Linux (Ubuntu 16.04) 上以只读或读写方式安装.使用 stat 模块将不起作用，因为它总是返回 posix 权限，而不管写入目录的实际能力如何.我可以使用下面相当麻烦且麻烦的代码来完成此操作，该代码尝试创建一个点文件.我很欣赏一个更干净、更优雅的替代方案，它也可以检测目录是否不是挂载点(这将是一个错误).

- name:判断我们是否对共享目录有写权限命令:touch/mnt/shared-data/.WriteTest注册:shared_dir_write_testfailed_when: "shared_dir_write_test.rc != 0 并且'只读'不在 (shared_dir_write_test.stderr | lower)"changed_when:shared_dir_write_test.rc == 0

Ansible 建议我改用带有 state=touch 的 file 模块，但是下面的代码失败了，因为似乎没有办法检查临时文件文件的结果.

 - name:判断我们是否对共享目录有写权限文件:路径=/mnt/shared-data/.WriteTest state=touch注册:shared_dir_write_testfailed_when: "shared_dir_write_test.failed 和 'read-only' 不在 (shared_dir_write_test.msg | lower)"

<块引用>

条件检查 'shared_dir_write_test.failed 和 'read-only'not in (shared_dir_write_test.stderr | lower)' 失败.错误是:评估条件时出错(shared_dir_write_test.failed 和'只读' 不在 (shared_dir_write_test.stderr | lower)): 'dictobject' 没有属性 'failed'

解决方案

可以从 Ansible 事实中获取信息.实现此目的的 Ansible 代码:

- name:确定共享目录挂载点命令:/usr/bin/env stat -c '%m' {{ shared_dir_real_path }}"注册:shared_dir_mount_pointchanged_when: 假- name:确定挂载点的文件系统类型和挂载选项设置事实:"shared_dir_mount_{{ item }}": "{{ ansible_mounts | selectattr('mount', 'equalto', shared_dir_mount_point.stdout) | map(attribute = item) | join(',') }}"with_items:- fstype- 选项- name:确定对共享数据目录的访问设置事实:shared_dir_access_flags: "{{ ['ro', 'rw'] | intersect(shared_dir_mount_options.split(',') )}}"- 名称:验证访问模式健全性断言:即: shared_dir_access_flags |长度 == 1

然后判断mount是R/W还是R/O我用:

when: "'rw' in shared_dir_access_flags"

或

when: "'ro' in shared_dir_access_flags"

我之前使用的另一种更简洁但可能不太干净的方法是从/proc/self/mountinfo 获取信息.比我希望的更特定于平台，但它只取决于记录的接口.

- name: 获取共享目录挂载选项shell: "grep -F `stat -c '%m' {{ shared_dir_path }}`/proc/self/mountinfo | cut -d' ' -f 6"注册:shared_dir_mount_optionschanged_when: 假

那么判断mount是R/W还是R/O的表达式我会变得有点麻烦:

when: "'rw' in shared_dir_mount_options.stdout.split(',')"

或

when: "'ro' in shared_dir_mount_options.stdout.split(',')"

I'm trying to detect if a particular filesystem is mounted read-only or read-write on Linux (Ubuntu 16.04). Using the stat module won't work because it always returns the posix permissions regardless of the actual ability to write into the directory. I'm able to accomplish this with the rather intrusive and cumbersome code below, which attempts to create a dot file. I'd appreciate a cleaner and more elegant alternative, that can also detect if the directory is not a mount point (which would be an error).

- name: Determine whether we have write access to the shared dir
    command: touch /mnt/shared-data/.WriteTest
    register: shared_dir_write_test
    failed_when: "shared_dir_write_test.rc != 0 and 'read-only' not in (shared_dir_write_test.stderr | lower)"
    changed_when: shared_dir_write_test.rc == 0

Ansible advised me to use instead the file module with state=touch, however the code below fails since there doesn't seem to be a way to examine the interim result of file.

  - name: Determine whether we have write access to the shared dir
    file: path=/mnt/shared-data/.WriteTest state=touch
    register: shared_dir_write_test
    failed_when: "shared_dir_write_test.failed and 'read-only' not in (shared_dir_write_test.msg | lower)"

The conditional check 'shared_dir_write_test.failed and 'read-only' not in (shared_dir_write_test.stderr | lower)' failed. The error was: error while evaluating conditional (shared_dir_write_test.failed and 'read-only' not in (shared_dir_write_test.stderr | lower)): 'dict object' has no attribute 'failed'

解决方案

The information can be obtained from Ansible facts. Ansible code that accomplishes this:

- name: Determine shared-dir mount point
command: "/usr/bin/env stat -c '%m' {{ shared_dir_real_path }}"
register: shared_dir_mount_point
changed_when: False

- name: Determine the mount point's filesystem type and mount options
set_fact:
    "shared_dir_mount_{{ item }}": "{{ ansible_mounts | selectattr('mount', 'equalto', shared_dir_mount_point.stdout) | map(attribute = item) | join(',') }}"
with_items:
    - fstype
    - options

- name: Determine the access to the shared-data directory
set_fact:
    shared_dir_access_flags: "{{ ['ro', 'rw']  | intersect( shared_dir_mount_options.split(',') )}}"

- name: Verify Access mode sanity
assert:
    that: shared_dir_access_flags | length == 1

Then to determine whether the mount is R/W or R/O I use:

when: "'rw' in shared_dir_access_flags"

or

when: "'ro' in shared_dir_access_flags"

Another, more terse but perhaps less clean approach that I used previously, was to obtain the information from /proc/self/mountinfo. A little more platform-specific than I hoped, but it only depends on documented intrefaces.

- name: Get Shared dir mount options
shell: "grep -F `stat -c '%m' {{ shared_dir_path }}` /proc/self/mountinfo | cut -d' ' -f 6"
register: shared_dir_mount_options
changed_when: False

Then the expressions to determine whether the mount is R/W or R/O I would become a bit more cumbersome:

when: "'rw' in shared_dir_mount_options.stdout.split(',')"

or

when: "'ro' in shared_dir_mount_options.stdout.split(',')"

这篇关于Ansible:检测 Linux 文件系统是否以只读方式挂载的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！