Addressing Limitations in Mount Options Retrieval with Proposed ansible.posix.mount_read Module

[jangel97]

While using the ansible.posix.mount module and ansible_mounts facts gathering, I noticed that it's not feasible to extract mount options for specific filesystems, such as /dev/shm on RHEL hosts. This issue might also affect other distributions. This limitation hampers the ability to dynamically assess and adjust the configuration of mounted filesystems via Ansible playbooks. In my scenario, for instance, ensuring that /dev/shm is mounted with the noexec flag is crucial for compliance.

To avoid resorting to the command or shell modules to run findmnt and parse its output, I would advocate for a more integrated solution, a new module that could reliably read the current mounts and their flags directly during runtime.

I propose introducing ansible.posix.mount_read, a new module designed to enhance our capabilities with the following features:

• Read Mount Information: Capable of querying and returning detailed information about all mounted systems or specific mount points.
• Filter Options: Provides the functionality to filter outputs based on particular mount points or options.
• Compatibility: Ensures full compatibility with all Unix-like operating systems supported by the ansible.posix collection.

I believe this proposal could resonate well with the community and among the maintainers. If so, I am prepared to contribute a Pull Request. However, I would first like to open this for discussion to gauge its viability.

Thank you!

[jangel97]

An example of how the proposed module would work in an ansible playbook:

- name: Verify Mount Options on Hosts
  hosts: all
  tasks:
    - name: Read specific mount information
      ansible.posix.mount_read:
        path: "/dev/shm"
      register: shm_mount_info

    - name: Check if 'noexec' is present in mount options
      assert:
        that:
          - "'noexec' in shm_mount_info.mount_options"
        fail_msg: "'noexec' flag is not set on /dev/shm"
        success_msg: "'noexec' flag is set on /dev/shm"

    - name: Display all mounts information
      ansible.posix.mount_read:
        filter: "all" 
      register: all_mounts_info

    - name: Debug output for all mounts
      debug:
        msg: "{{ all_mounts_info }}"

This example highlights how the module can be effectively used for both specific and general mount configuration checks. Eliminating the need for external scripts or commands.

[jangel97]

If this makes sense to maintainers and community I can try to work on a PR for the proposed module. Thx!

[sivel]

We are in the process of adding a new mount_facts module to ansible-core in https://github.com/ansible/ansible/pull/83508

Here is example output from that module for /dev/shm:

            "/dev/shm": {
                "ansible_context": {
                    "source": "/proc/mounts",
                    "source_data": "tmpfs /dev/shm tmpfs rw,nosuid,nodev,size=2980048k,nr_inodes=745012 0 0"
                },
                "block_available": 745010,
                "block_size": 4096,
                "block_total": 745012,
                "block_used": 2,
                "device": "tmpfs",
                "dump": 0,
                "fstype": "tmpfs",
                "inode_available": 745009,
                "inode_total": 745012,
                "inode_used": 3,
                "mount": "/dev/shm",
                "options": "rw,nosuid,nodev,size=2980048k,nr_inodes=745012",
                "passno": 0,
                "size_available": 3051560960,
                "size_total": 3051569152,
                "uuid": "N/A"
            }

It includes the full options, which for other of my mounts does include noexec.

[jangel97]

Oh awesome, this would work great for me! Therefore, I am closing this one. Thx!