Make chroot command configurable

2026-01-02 18:53:55 +01:00
parent ce972e55dd
commit fe0b72c9d8
14 changed files with 26 additions and 30 deletions
--- a/roles/configuration/tasks/bootloader.yml
+++ b/roles/configuration/tasks/bootloader.yml
@@ -18,7 +18,7 @@
          --bootloader-id={{ configuration_bootloader_id }}
        configuration_bootloader_cmd: >-
          {{ configuration_efibootmgr_cmd if configuration_use_efibootmgr else configuration_grub_cmd }}
-      ansible.builtin.command: "arch-chroot /mnt {{ configuration_bootloader_cmd }}"
+      ansible.builtin.command: "{{ chroot_command }} /mnt {{ configuration_bootloader_cmd }}"
      register: configuration_bootloader_result
      changed_when: configuration_bootloader_result.rc == 0

@@ -43,7 +43,7 @@
              else '/usr/bin/dracut --regenerate-all --force'
            )
          }}
-      ansible.builtin.command: "arch-chroot /mnt {{ configuration_initramfs_cmd }}"
+      ansible.builtin.command: "{{ chroot_command }} /mnt {{ configuration_initramfs_cmd }}"
      register: configuration_initramfs_result
      changed_when: configuration_initramfs_result.rc == 0

@@ -59,6 +59,6 @@
            if is_rhel | bool
            else '/usr/sbin/grub-mkconfig -o /boot/grub/grub.cfg'
          }}
-      ansible.builtin.command: "arch-chroot /mnt {{ configuration_grub_cfg_cmd }}"
+      ansible.builtin.command: "{{ chroot_command }} /mnt {{ configuration_grub_cfg_cmd }}"
      register: configuration_grub_result
      changed_when: configuration_grub_result.rc == 0
--- a/roles/configuration/tasks/encryption/tpm2.yml
+++ b/roles/configuration/tasks/encryption/tpm2.yml
@@ -35,9 +35,9 @@
               if configuration_luks_tpm2_pcrs_effective | length > 0 else [])
            + [configuration_luks_device]
          }}
-        configuration_luks_enroll_chroot_args: "{{ ['arch-chroot', '/mnt'] + configuration_luks_enroll_args }}"
-      ansible.builtin.command:
-        argv: "{{ configuration_luks_enroll_chroot_args }}"
+        configuration_luks_enroll_chroot_cmd: >-
+          {{ chroot_command }} /mnt {{ configuration_luks_enroll_args | join(' ') }}
+      ansible.builtin.command: "{{ configuration_luks_enroll_chroot_cmd }}"
      register: configuration_luks_tpm2_enroll_chroot
      changed_when: configuration_luks_tpm2_enroll_chroot.rc == 0
      failed_when: false
--- a/roles/configuration/tasks/locales.yml
+++ b/roles/configuration/tasks/locales.yml
@@ -23,7 +23,7 @@

    - name: Generate locales
      when: not is_rhel | bool
-      ansible.builtin.command: arch-chroot /mnt /usr/sbin/locale-gen
+      ansible.builtin.command: "{{ chroot_command }} /mnt /usr/sbin/locale-gen"
      register: configuration_locale_result
      changed_when: configuration_locale_result.rc == 0

--- a/roles/configuration/tasks/selinux.yml
+++ b/roles/configuration/tasks/selinux.yml
@@ -5,7 +5,7 @@
    - name: Fix SELinux by pre-labeling the filesystem before first boot
      when: os | lower in ['almalinux', 'rhel8', 'rhel9', 'rhel10', 'rocky'] and selinux | bool
      ansible.builtin.command: >
-        arch-chroot /mnt /sbin/setfiles -v -F
+        {{ chroot_command }} /mnt /sbin/setfiles -v -F
        -e /dev -e /proc -e /sys -e /run
        /etc/selinux/targeted/contexts/files/file_contexts /
      register: configuration_setfiles_result
--- a/roles/configuration/tasks/services.yml
+++ b/roles/configuration/tasks/services.yml
@@ -1,7 +1,7 @@
 ---
 - name: Enable Systemd Services
  ansible.builtin.command: >
-    arch-chroot /mnt systemctl enable NetworkManager
+    {{ chroot_command }} /mnt systemctl enable NetworkManager
    {{ ' firewalld' if firewalld_enabled | bool else '' }}
    {{
      ' ssh' if os | lower in ['ubuntu', 'ubuntu-lts'] else
@@ -16,7 +16,7 @@

 - name: Disable firewalld when disabled
  when: not firewalld_enabled | bool
-  ansible.builtin.command: arch-chroot /mnt systemctl disable --now firewalld
+  ansible.builtin.command: "{{ chroot_command }} /mnt systemctl disable --now firewalld"
  register: configuration_disable_firewalld_result
  changed_when: configuration_disable_firewalld_result.rc == 0
  failed_when: false
--- a/roles/configuration/tasks/users.yml
+++ b/roles/configuration/tasks/users.yml
@@ -4,11 +4,11 @@
    configuration_user_group: >-
      {{ "sudo" if is_debian | bool else "wheel" }}
    configuration_useradd_cmd: >-
-      arch-chroot /mnt /usr/sbin/useradd --create-home --user-group
+      {{ chroot_command }} /mnt /usr/sbin/useradd --create-home --user-group
      --groups {{ configuration_user_group }} {{ user_name }}
      --password {{ user_password | password_hash('sha512') }} --shell /bin/bash
    configuration_root_cmd: >-
-      arch-chroot /mnt /usr/sbin/usermod --password
+      {{ chroot_command }} /mnt /usr/sbin/usermod --password
      '{{ root_password | password_hash('sha512') }}' root --shell /bin/bash
  ansible.builtin.command: "{{ item }}"
  loop: