Make current_container_facts work with newer Docker versions and latest ansible-test container changes (#510)

* Add more debug output. * Add basic integration test. * Split into lines. * Fix docker detection, add podman detection. ci_complete * Improve regular expression. * Document that this module is trying its best, but might not be perfect. * Update comment.
2025-12-16 03:52:05 +00:00 · 2022-11-30 22:25:33 +01:00 · 2022-11-30 22:25:33 +01:00 · c2d84efccb
commit c2d84efccb
parent ee9ddb954f
4 changed files with 84 additions and 7 deletions
--- a/changelogs/fragments/510-current_container_facts.yml
+++ b/changelogs/fragments/510-current_container_facts.yml
@ -0,0 +1,2 @@
+minor_changes:
+  - "current_container_facts - make work with current Docker version, also support Podman (https://github.com/ansible-collections/community.docker/pull/510)."
--- a/plugins/modules/current_container_facts.py
+++ b/plugins/modules/current_container_facts.py
@ -9,13 +9,16 @@ from __future__ import absolute_import, division, print_function
 __metaclass__ = type


-DOCUMENTATION = '''
+DOCUMENTATION = r'''
 ---
 module: current_container_facts
 short_description: Return facts about whether the module runs in a Docker container
 version_added: 1.1.0
 description:
  - Return facts about whether the module runs in a Docker container.
+  - This module attempts a best-effort detection. There might be special cases where
+    it does not work; if you encounter one, L(please file an issue,
+    https://github.com/ansible-collections/community.docker/issues/new?assignees=&labels=&template=bug_report.md).
 author:
  - Felix Fontein (@felixfontein)
 extends_documentation_fragment:
@ -34,7 +37,7 @@ EXAMPLES = '''
  when: ansible_module_running_in_container
 '''

-RETURN = '''
+RETURN = r'''
 ansible_facts:
    description: Ansible facts returned by the module
    type: dict
@ -54,9 +57,9 @@ ansible_facts:
        ansible_module_container_type:
            description:
              - The detected container environment.
-              - Contains an empty string if no container was detected.
-              - Otherwise, will be one of C(docker), C(azure_pipelines), or C(github_actions).
+              - Contains an empty string if no container was detected, or a non-empty string identifying the container environment.
              - C(github_actions) is supported since community.docker 2.4.0.
+              - C(podman) is supported since community.docker 3.3.0.
            returned: always
            type: str
            choices:
@ -64,9 +67,11 @@ ansible_facts:
              - docker
              - azure_pipelines
              - github_actions
+              - podman
 '''

 import os
+import re

 from ansible.module_utils.basic import AnsibleModule

@ -74,17 +79,23 @@ from ansible.module_utils.basic import AnsibleModule
 def main():
    module = AnsibleModule(dict(), supports_check_mode=True)

-    path = '/proc/self/cpuset'
+    cpuset_path = '/proc/self/cpuset'
+    mountinfo_path = '/proc/self/mountinfo'
+
    container_id = ''
    container_type = ''

-    if os.path.exists(path):
+    contents = None
+    if os.path.exists(cpuset_path):
        # File content varies based on the environment:
        #   No Container: /
        #   Docker: /docker/c86f3732b5ba3d28bb83b6e14af767ab96abbc52de31313dcb1176a62d91a507
        #   Azure Pipelines (Docker): /azpl_job/0f2edfed602dd6ec9f2e42c867f4d5ee640ebf4c058e6d3196d4393bb8fd0891
        #   Podman: /../../../../../..
-        with open(path, 'rb') as f:
+        # While this was true and worked well for a long time, this seems to be no longer accurate
+        # with newer Docker / Podman versions and/or with cgroupv2. That's why the /proc/self/mountinfo
+        # detection further down is done when this test is inconclusive.
+        with open(cpuset_path, 'rb') as f:
            contents = f.read().decode('utf-8')

        cgroup_path, cgroup_name = os.path.split(contents.strip())
@ -101,6 +112,23 @@ def main():
            container_id = cgroup_name
            container_type = 'github_actions'

+    if not container_id and os.path.exists(mountinfo_path):
+        with open(mountinfo_path, 'rb') as f:
+            contents = f.read().decode('utf-8')
+
+        for line in contents.splitlines():
+            parts = line.split()
+            if len(parts) >= 5 and parts[4] == '/etc/hostname':
+                m = re.match('.*/docker/containers/([a-f0-9]+)/hostname', parts[3])
+                if m:
+                    container_id = m.group(1)
+                    container_type = 'docker'
+
+                m = re.match('/containers/overlay-containers/([a-f0-9]+)/userdata/hostname', parts[3])
+                if m:
+                    container_id = m.group(1)
+                    container_type = 'podman'
+
    module.exit_json(ansible_facts=dict(
        ansible_module_running_in_container=container_id != '',
        ansible_module_container_id=container_id,
--- a/tests/integration/targets/current_container_facts/aliases
+++ b/tests/integration/targets/current_container_facts/aliases
@ -0,0 +1,6 @@
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+azp/4
+skip/rhel
--- a/tests/integration/targets/current_container_facts/tasks/main.yml
+++ b/tests/integration/targets/current_container_facts/tasks/main.yml
@ -0,0 +1,41 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+####################################################################
+# WARNING: These are designed specifically for Ansible tests       #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+
+- name: Get facts
+  current_container_facts:
+  register: result
+
+  # WARNING: This is not a proper test as it won't fail when the module does not work!
+  #          To make this a proper test, we need to know the environment in which this
+  #          test runs, which we do not know in general...
+
+- name: Print facts
+  ansible.builtin.debug:
+    var: result.ansible_facts
+
+- name: Read files
+  ansible.builtin.slurp:
+    src: '{{ item }}'
+  loop:
+    - /proc/self/cgroup
+    - /proc/self/cpuset
+    - /proc/self/mountinfo
+  register: slurp
+  ignore_errors: true
+
+- name: Print files
+  ansible.builtin.debug:
+    msg: |-
+      {{ item.content | ansible.builtin.b64decode | split('
+      ') }}
+  loop: '{{ slurp.results }}'
+  loop_control:
+    label: '{{ item.source | default(item.item) }}'
+  when: item is not failed