HiveBrain v1.2.0
Get Started
← Back to all entries
patternMinor

Vagrantfile change with Ansible playbook to control file permission on Vagrant synced folder for Trellis

Submitted by: @import:stackexchange-devops··
0
Viewed 0 times
vagrantfilefiletrellisvagrantcontrolsyncedwithchangepermissionplaybook

Problem

I use Trellis for my WordPress development. It works great, except I'm finding it hard to change file (or directory) permission within the synced folder.

Generally I'm OK with the default permission setup. However, sometimes I need to give write permission to some of the sub-directories of the main (NFS) synced directory.

This is the Vagrantfile that uses Ansible playbook for the main configuration of the VM (I use VirtualBox). I'm not a Ruby programmer nor have I worked with Ansible, however, by the looks of it, the following is the part of the Vagrantfile where file permissions are being set:

if Vagrant::Util::Platform.windows? and !Vagrant.has_plugin? 'vagrant-winnfsd'
    wordpress_sites.each_pair do |name, site|
        config.vm.synced_folder local_site_path(site), remote_site_path(name, site), owner: 'vagrant', group: 'www-data', mount_options: ['dmode=776', 'fmode=775']
    end
    config.vm.synced_folder ANSIBLE_PATH, ANSIBLE_PATH_ON_VM, mount_options: ['dmode=755', 'fmode=644']
    config.vm.synced_folder File.join(ANSIBLE_PATH, 'bin'), bin_path, mount_options: ['dmode=755', 'fmode=755']
else
    if !Vagrant.has_plugin? 'vagrant-bindfs'
        fail_with_message "vagrant-bindfs missing, please install the plugin with this command:\nvagrant plugin install vagrant-bindfs"
    else
        wordpress_sites.each_pair do |name, site|
            config.vm.synced_folder local_site_path(site), nfs_path(name), type: 'nfs'
            config.bindfs.bind_folder nfs_path(name), remote_site_path(name, site), u: 'vagrant', g: 'www-data', o: 'nonempty'
        end
        config.vm.synced_folder ANSIBLE_PATH, '/ansible-nfs', type: 'nfs'
        config.bindfs.bind_folder '/ansible-nfs', ANSIBLE_PATH_ON_VM, o: 'nonempty', p: '0644,a+D'
        config.bindfs.bind_folder bin_path, bin_path, perms: '0755'
    end
end


How can I make changes to this file in a way so that I can control permission to specific files and folders when I need. Since changing the permiss

Solution

There are two parts of this Vagrantfile, one does the mounting for Windows hosts (the first half), the other one for UNIX hosts (the second half), but essentially the do the same - just with different plugins.

You can see from the config.vm.synced_folder and config.bindfs.bind_folder commands where they set up the appropriate directories with the proper permissions.

To add a new directory with different permissions simply add them to the list. Note that File.join('a','b') simply converts the path to a/b, but it's a nicer way to do it, as it's platform independent (on Windows it can also handle \ style paths).

So for example if you want to give the /tmp/needswrite folder more permission you can simply add the following two lines to their appropriate places:

Windows config:

config.vm.synced_folder File.join(ANSIBLE_PATH, 'tmp', 'needswrite'), File.join(ANSIBLE_PATH_ON_VM, 'tmp', 'needswrite'), mount_options: ['dmode=777', 'fmode=777']


Unix config:

config.bindfs.bind_folder File.join(ANSIBLE_PATH_ON_VM, 'tmp', 'needswrite'), File.join(ANSIBLE_PATH_ON_VM, 'tmp', 'needswrite'), perms: '0777'


This will for example set their permission to 777 instead of the default 755

Note that in the Windows config you have to map from ANSIBLE_PATH to ANSIBLE_PATH_ON_VM, while on the Unix config bindfs will do a remount, so you need to match them with the same directory name.

You can also play with users and groups:

Windows config:

config.vm.synced_folder File.join(ANSIBLE_PATH, 'tmp', 'needswrite'), File.join(ANSIBLE_PATH_ON_VM, 'tmp', 'needswrite'), owner: 'new-owner', group: 'new-group', mount_options: ['dmode=755', 'fmode=755']


Unix config:

config.bindfs.bind_folder File.join(ANSIBLE_PATH_ON_VM, 'tmp', 'needswrite'), File.join(ANSIBLE_PATH_ON_VM, 'tmp', 'needswrite'), u: 'new-owner', g: 'new-group', perms: '0777'


Here we set them to use user new-owner and group new-group

Code Snippets

config.vm.synced_folder File.join(ANSIBLE_PATH, 'tmp', 'needswrite'), File.join(ANSIBLE_PATH_ON_VM, 'tmp', 'needswrite'), mount_options: ['dmode=777', 'fmode=777']
config.bindfs.bind_folder File.join(ANSIBLE_PATH_ON_VM, 'tmp', 'needswrite'), File.join(ANSIBLE_PATH_ON_VM, 'tmp', 'needswrite'), perms: '0777'
config.vm.synced_folder File.join(ANSIBLE_PATH, 'tmp', 'needswrite'), File.join(ANSIBLE_PATH_ON_VM, 'tmp', 'needswrite'), owner: 'new-owner', group: 'new-group', mount_options: ['dmode=755', 'fmode=755']
config.bindfs.bind_folder File.join(ANSIBLE_PATH_ON_VM, 'tmp', 'needswrite'), File.join(ANSIBLE_PATH_ON_VM, 'tmp', 'needswrite'), u: 'new-owner', g: 'new-group', perms: '0777'

Context

StackExchange DevOps Q#202, answer score: 4

Revisions (0)

No revisions yet.