jokester/ansible-playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: zfs chown recursion high bug

Browse Source
This commit is contained in:
Clément Désiles 2025-11-14 00:05:58 +01:00
parent 9f3e920d7d
commit edf8574091
No known key found for this signature in database
3 changed files with 15 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
roles/zfs/tasks/dataset-ownership.yml
View File

@ -1,5 +1,5 @@
--- ---
# due to Ansible limitations, we cannot loop over a block, so we loop over a distinct tasks file... # due to Ansible limitations, we cannot loop over a block, so we loop over distinct task files
# @see https://stackoverflow.com/a/58911694 # @see https://stackoverflow.com/a/58911694
- name: Set ownership on dataset mountpoint - name: Set ownership on dataset mountpoint
block: block:
@ -7,10 +7,18 @@
ansible.builtin.command: "zfs get -H -o value mountpoint {{ dataset.name }}" ansible.builtin.command: "zfs get -H -o value mountpoint {{ dataset.name }}"
register: mountpoint register: mountpoint
changed_when: false changed_when: false
- name: Set owner of mountpoints
- name: Fail if mountpoint is system directory
ansible.builtin.fail:
msg: "Mountpoint resolved to a system directory ({{ mountpoint.stdout }}), aborting to avoid changing ownership."
when:
- mountpoint.stdout | trim == ''
- mountpoint.stdout | trim is not match('^/$|^(/usr|/bin|/sbin|/etc|/var|/lib|/lib64)$')
- name: Set mountpoint ownership
ansible.builtin.file: ansible.builtin.file:
path: "{{ mountpoint.stdout }}" path: "{{ mountpoint.stdout }}"
owner: "{{ dataset.user | default(main_user) }}" owner: "{{ dataset.user | default(ansible_user) }}"
group: "{{ dataset.group | default(main_user) }}" group: "{{ dataset.group | default(ansible_user) }}"
state: directory state: directory
recurse: true recurse: false

10
roles/zfs/tasks/datasets.yml
View File

@ -8,16 +8,6 @@
origin: "{{ item.origin | default(omit) }}" origin: "{{ item.origin | default(omit) }}"
with_items: "{{ zfs_datasets }}" with_items: "{{ zfs_datasets }}"
- ansible.builtin.command:
cmd: whoami
no_log: true
become: false
register: main_user
- ansible.builtin.set_fact:
main_user: "{{ main_user.stdout }}"
no_log: true
- name: Set dataset ownership - name: Set dataset ownership
ansible.builtin.include_tasks: "./dataset-ownership.yml" ansible.builtin.include_tasks: "./dataset-ownership.yml"
loop: "{{ zfs_datasets }}" loop: "{{ zfs_datasets }}"

4
roles/zfs/tasks/install.yml
View File

@ -6,7 +6,7 @@
failed_when: false failed_when: false
- name: Install zfs - name: Install zfs
when: zfs_dkms_installed.stderr when: zfs_dkms_installed.stderr | length > 0
block: block:
- name: Disable SUDOERS password prompt for makepkg - name: Disable SUDOERS password prompt for makepkg
no_log: true no_log: true
@ -50,7 +50,7 @@
failed_when: false failed_when: false
- name: Install zrepl - name: Install zrepl
when: zrepl_installed.stderr when: zrepl_installed.stderr | length > 0
block: block:
- name: Disable SUDOERS password prompt for makepkg - name: Disable SUDOERS password prompt for makepkg
no_log: true no_log: true