Podman volume mount of single files are replaced by a directory mount rather than inserted correctly

[hb9hnt]

ISSUE TYPE

• Bug Report

SUMMARY

Ansible navigator breaks volume mounts if you try to mount a single file rather than a directory. Specifying the following mount

ansible-navigator:
  execution-environment:
    container-engine: podman
    volume-mounts:
      - src: /home/myuser/.ansible/linux_vault_key.txt
        dest: /var/tmp/vault-key.txt
        options: "ro"

leads to the following podman mount CLI option:

podman [...] -v /home/myuser/.ansible/:/var/tmp/:ro

ANSIBLE-NAVIGATOR VERSION

$ ansible-navigator --version
ansible-navigator 24.2.0

CONFIGURATION

---
ansible-navigator:
  logging:
    level: debug
  ansible-lint:
    config: .ansible-lint
  color:
    enable: True
  mode: stdout
  execution-environment:
    container-engine: podman
    environment-variables:
      set:
        ANSIBLE_VAULT_PASSWORD_FILE: /var/tmp/vault-key.txt
    volume-mounts:
      - src: /home/myuser/.ansible/linux_vault_key.txt
        dest: /var/tmp/vault-key.txt
        options: "ro"
    image:  gitlab.mydomain.com:5050/project/awx
    pull:
      policy: missing

LOG FILE

The relevant part of the debug log file has been mentioned above. The mount on the podman command doesn't look as specified:

podman [...] -v /home/myuser/.ansible/:/var/tmp/:ro

this leads to the following errors from ansible-playbook:

No config file found; using defaults
[WARNING]: Error getting vault password file (default): The vault password file
/var/tmp/vault-key.txt was not found
ERROR! The vault password file /var/tmp/vault-key.txt was not found

STEPS TO REPRODUCE

Specify a file mount rather than a directory mount as mentioned above.

EXPECTED RESULTS

The podman option that should be used is as follows:

podman [...] -v /home/myuser/.ansible/linux_vault_key.txt:/var/tmp/vault-key.txt:ro

ACTUAL RESULTS

Only a directory mount is inserted in the podman command

podman [...] -v /home/myuser/.ansible/:/var/tmp/:ro

[ssbarnea]

This looks like a valid bug. A PR would be welcomed here.

[hb9hnt]

I looked into this a bit closer. It seems that this is a bug in ansible-runner that was introduced on purpose in another PR:

ansible/ansible-runner#728

to fix the following bug:

#471

As far as I can tell the bug has nothing to do with why we should only allow directory mounts rather than file mounts, too.

@cidrblock Would you happen to remember why it was necessary to disallow file mounts to fix the mentioned issue?

[marshallford]

Any resolution to this issue? Or is the outcome simply that file mounts should not be be used (based on the PR in ansible-runner it sure looks that way)?

Thanks!

[cidrblock]

I don't think the intent of that fix was to explicitely disallow file mount but instead to normalize the directory names in a manner they could be deduplicated. The missing ability to mount just a file is just an oversight as I think it's less commonly done.

I don't see a reason why individual file mounts would be an issue, although the runner code would need to be updated with an escape hatch to bypass the directory logic and let the file mount striaght through.

Good catch all.

The best path forward I think would be for an issue to be opened in the runner repo, linked back to this and a PR if anyone has time.