iso_extract: Reimplement using 7zip (not requiring root) (#24937)

* Reimplement iso_extract using 7zip (not requiring root)

So one of the drawbacks of the original implementation is that it required root for mounting/unmount the ISO image.
This is now no longer needed as we use 7zip for extracting files from the ISO.

* Fall back to using mount/umount if 7zip not found

As discussed with others.

Also improved integration tests.
pull/20930/merge
Dag Wieers 7 years ago committed by jctanner
parent 9364fa202f
commit 25e67d804c

@ -3,6 +3,7 @@
# Copyright: (c) 2013, Jeroen Hoekx <jeroen.hoekx@dsquare.be>
# Copyright: (c) 2016, Matt Robinson <git@nerdoftheherd.com>
# Copyright: (c) 2017, Dag Wieers <dag@wieers.com>
# Copyright: (c) 2017, Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
@ -13,36 +14,60 @@ ANSIBLE_METADATA = {'metadata_version': '1.0',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = r'''
---
author:
- Jeroen Hoekx (@jhoekx)
- Matt Robinson (@ribbons)
- Dag Wieers (@dagwieers)
module: iso_extract
short_description: Extract files from an ISO image.
short_description: Extract files from an ISO image
description:
- This module mounts an iso image in a temporary directory and extracts
files from there to a given destination.
version_added: "2.3"
- This module has two possible ways of operation.
- If 7zip is installed on the system, this module extracts files from an ISO
into a temporary directory and copies files to a given destination,
if needed.
- If the user has mount-capabilities (CAP_SYS_ADMIN on Linux) this module
mounts the ISO image to a temporary location, and copies files to a given
destination, if needed.
version_added: '2.3'
requirements:
- Either 7z (from I(7zip) or I(p7zip) package)
- Or mount capabilities (root-access, or CAP_SYS_ADMIN capability on Linux)
options:
image:
description:
- The ISO image to extract files from.
required: true
aliases: ['path', 'src']
required: yes
aliases: [ path, src ]
dest:
description:
- The destination directory to extract files to.
required: true
required: yes
files:
description:
- A list of files to extract from the image.
- Extracting directories does not work.
required: true
required: yes
force:
description:
- If C(yes), which will replace the remote file when contents are different than the source.
- If C(no), the file will only be extracted and copied if the destination does not already exist.
type: bool
default: 'yes'
aliases: [ thirsty ]
version_added: '2.4'
executable:
description:
- The path to the C(7z) executable to use for extracting files from the ISO.
default: '7z'
version_added: '2.4'
notes:
- Only the file hash (content) is taken into account for extracting files
from the ISO image.
- Only the file checksum (content) is taken into account when extracting files
from the ISO image. If C(force=no), only checks the presence of the file.
- In Ansible v2.3 this module was using C(mount) and C(umount) commands only,
requiring root access. This is no longer needed with the introduction of 7zip
for extraction.
'''
EXAMPLES = r'''
@ -59,63 +84,132 @@ RETURN = r'''
#
'''
import os
import os.path
import shutil
import tempfile
try: # python 3.3+
from shlex import quote
except ImportError: # older python
from pipes import quote
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.pycompat24 import get_exception
def main():
module = AnsibleModule(
argument_spec = dict(
image = dict(required=True, type='path', aliases=['path', 'src']),
dest = dict(required=True, type='path'),
files = dict(required=True, type='list'),
argument_spec=dict(
image=dict(type='path', required=True, aliases=['path', 'src']),
dest=dict(type='path', required=True),
files=dict(type='list', required=True),
force=dict(type='bool', default=True, aliases=['thirsty']),
executable=dict(type='path'), # No default on purpose
),
supports_check_mode = True,
supports_check_mode=True,
)
image = module.params['image']
dest = module.params['dest']
files = module.params['files']
force = module.params['force']
executable = module.params['executable']
changed = False
result = dict(
changed=False,
dest=dest,
image=image,
)
# We want to know if the user provided it or not, so we set default here
if executable is None:
executable = '7z'
binary = module.get_bin_path(executable, None)
# When executable was provided and binary not found, warn user !
if module.params['executable'] is not None and not binary:
module.warn("Executable '%s' is not found on the system, trying to mount ISO instead." % executable)
if not os.path.exists(dest):
module.fail_json(msg='Directory "%s" does not exist' % dest)
module.fail_json(msg="Directory '%s' does not exist" % dest)
if not os.path.exists(os.path.dirname(image)):
module.fail_json(msg='ISO image "%s" does not exist' % image)
module.fail_json(msg="ISO image '%s' does not exist" % image)
result['files'] = []
extract_files = list(files)
if not force:
# Check if we have to process any files based on existence
for f in files:
dest_file = os.path.join(dest, os.path.basename(f))
if os.path.exists(dest_file):
result['files'].append(dict(
checksum=None,
dest=dest_file,
src=f,
))
extract_files.remove(f)
if not extract_files:
module.exit_json(**result)
tmp_dir = tempfile.mkdtemp()
rc, out, err = module.run_command('mount -o loop,ro "%s" "%s"' % (image, tmp_dir))
# Use 7zip when we have a binary, otherwise try to mount
if binary:
cmd = '%s x "%s" -o"%s" %s' % (binary, image, tmp_dir, ' '.join([quote(f) for f in extract_files]))
else:
cmd = 'mount -o loop,ro "%s" "%s"' % (image, tmp_dir)
rc, out, err = module.run_command(cmd)
if rc != 0:
os.rmdir(tmp_dir)
module.fail_json(msg='Failed to mount ISO image "%s"' % image)
result.update(dict(
cmd=cmd,
rc=rc,
stderr=err,
stdout=out,
))
shutil.rmtree(tmp_dir)
if binary:
module.fail_json(msg="Failed to extract from ISO image '%s' to '%s'" % (image, tmp_dir), **result)
else:
module.fail_json(msg="Failed to mount ISO image '%s' to '%s', and we could not find executable '%s'." % (image, tmp_dir, executable), **result)
e = None
try:
for file in files:
tmp_src = os.path.join(tmp_dir, file)
src_hash = module.sha1(tmp_src)
for f in extract_files:
tmp_src = os.path.join(tmp_dir, f)
if not os.path.exists(tmp_src):
module.fail_json(msg="Failed to extract '%s' from ISO image" % f, **result)
src_checksum = module.sha1(tmp_src)
dest_file = os.path.join(dest, os.path.basename(file))
dest_file = os.path.join(dest, os.path.basename(f))
if os.path.exists(dest_file):
dest_hash = module.sha1(dest_file)
dest_checksum = module.sha1(dest_file)
else:
dest_hash = None
dest_checksum = None
result['files'].append(dict(
checksum=src_checksum,
dest=dest_file,
src=f,
))
if src_hash != dest_hash:
if src_checksum != dest_checksum:
if not module.check_mode:
shutil.copy(tmp_src, dest_file)
changed = True
result['changed'] = True
finally:
if not binary:
module.run_command('umount "%s"' % tmp_dir)
os.rmdir(tmp_dir)
module.exit_json(changed=changed)
shutil.rmtree(tmp_dir)
module.exit_json(**result)
if __name__ == '__main__':
main()

@ -1,5 +1,2 @@
posix/ci/group1
needs/privileged
needs/root
skip/freebsd
skip/osx

@ -0,0 +1,74 @@
# Test code for the iso_extract module.
# (c) 2017, James Tanner <tanner.jc@gmail.com>
# (c) 2017, Dag Wieers <dag@wieers.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: Gather facts
setup:
become: yes
- name: Add EPEL repository
yum_repository:
name: epel
description: EPEL yum repo
baseurl: https://download.fedoraproject.org/pub/epel/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/
state: present
when: ansible_distribution in ['CentOS']
- name: Install 7zip package if we are on Fedora or CentOS
yum:
name: p7zip-plugins
state: installed
update_cache: yes
become: yes
when: ansible_distribution in ['Fedora', 'CentOS']
- name: Install 7zip package if we are on OpenSUSE
zypper:
name: p7zip
state: installed
update_cache: yes
become: yes
when: ansible_distribution in ['openSUSE Leap']
- name: Install 7zip package if we are on Ubuntu
apt:
name: p7zip-full
state: installed
update_cache: yes
become: yes
when: ansible_distribution in ['Ubuntu']
# FIXME: The homebrew module no longer seems to work
# "Error: Running Homebrew as root is extremely dangerous."
- name: Install 7zip package if we are on MacOSX
# macports:
# name: p7zip
# state: installed
# update_cache: yes
homebrew:
name: p7zip
state: present
update_homebrew: yes
when: ansible_distribution in ['MacOSX']
- name: Install 7zip package if we are on FreeBSD
pkgng:
name: p7zip
state: present
become: yes
when: ansible_distribution in ['FreeBSD']

@ -1,5 +1,6 @@
# Test code for the iso_extract module.
# (c) 2017, James Tanner <tanner.jc@gmail.com>
# (c) 2017, Dag Wieers <dag@wieers.com>
# This file is part of Ansible
#
@ -16,30 +17,27 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- set_fact: output_dir_test={{output_dir}}/test_command_raw
- set_fact:
output_dir_test: '{{ output_dir }}/test_iso_extract'
- name: make sure our testing sub-directory does not exist
file: path="{{ output_dir_test }}" state=absent
- name: Install 7zip
include_tasks: 7zip.yml
- name: create our testing sub-directory
file: path="{{ output_dir_test }}" state=directory
- name: Prepare environment
include_tasks: prepare.yml
##
## iso_extract
##
- name: Test in normal mode
include_tasks: tests.yml
vars:
in_check_mode: no
- name: copy the iso to the test dir
copy:
src: test.iso
dest: "{{ output_dir_test }}"
- name: Prepare environment
include_tasks: prepare.yml
- name: extract the iso
iso_extract:
image: "{{ output_dir_test }}/test.iso"
dest: "{{ output_dir_test }}"
files:
- 1.txt
- 2.txt
register: iso_extract_test0
- name: Test in check-mode
include_tasks: tests.yml
vars:
in_check_mode: yes
check_mode: yes
# FIXME - fill this in after figuring out how to allow mounts

@ -0,0 +1,33 @@
# Test code for the iso_extract module.
# (c) 2017, James Tanner <tanner.jc@gmail.com>
# (c) 2017, Dag Wieers <dag@wieers.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: Make sure our testing sub-directory does not exist
file:
path: '{{ output_dir_test }}'
state: absent
- name: Create our testing sub-directory
file:
path: '{{ output_dir_test }}'
state: directory
- name: copy the iso to the test dir
copy:
src: test.iso
dest: '{{ output_dir_test }}'

@ -0,0 +1,52 @@
# Test code for the iso_extract module.
# (c) 2017, James Tanner <tanner.jc@gmail.com>
# (c) 2017, Dag Wieers <dag@wieers.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: Extract the iso
iso_extract:
image: '{{ output_dir_test }}/test.iso'
dest: '{{ output_dir_test }}'
files:
- 1.txt
- 2.txt
register: iso_extract_test0
- assert:
that:
- iso_extract_test0|changed == true
- name: Extract the iso again
iso_extract:
image: '{{ output_dir_test }}/test.iso'
dest: '{{ output_dir_test }}'
files:
- 1.txt
- 2.txt
register: iso_extract_test0_again
- name: Test iso_extract_test0_again (normal mode)
assert:
that:
- iso_extract_test0_again|changed == false
when: not in_check_mode
- name: Test iso_extract_test0_again (check-mode)
assert:
that:
- iso_extract_test0_again|changed == true
when: in_check_mode

@ -217,7 +217,6 @@ lib/ansible/modules/files/archive.py
lib/ansible/modules/files/assemble.py
lib/ansible/modules/files/blockinfile.py
lib/ansible/modules/files/ini_file.py
lib/ansible/modules/files/iso_extract.py
lib/ansible/modules/files/replace.py
lib/ansible/modules/files/synchronize.py
lib/ansible/modules/files/tempfile.py

Loading…
Cancel
Save