updated for lxc-container-create for multi-distro support

This change updates the lxc-container-create role to build lxc containers using the download template. The build supports ubuntu 14.04/16.04 and RedHat/CentOS 7 using the multi-distro framework. This change is incorporating updates built into the lxc_hosts role. Once merged this should unblock all work geared toward multi-distro support and testing. The testing structure has been updated to match what is being done in other roles. A new file was created "manual-tests.rc" which assists in manual testing by exporting the needed environment variables to run the role tests without requiring everything to run through tox which has undesirable side-effects when running tests that span multiple roles. Change-Id: Iee304dd026e0865e0444259d2132122233d90f5f Depends-On: Ie13be2322d28178760481c59805101d6aeef4f36 Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk> Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-05-02 08:56:32 -05:00 · 2016-05-02 08:56:32 -05:00 · 0c16334a2c
parent f2646d36d8
commit 0c16334a2c
20 changed files with 417 additions and 140 deletions
--- a/CONTRIBUTING.rst
+++ b/CONTRIBUTING.rst
@ -16,7 +16,8 @@ When submitting a bug, or working on a bug, please ensure the following criteria
    * The description clearly states or describes the original problem or root cause of the problem.
    * Include historical information on how the problem was identified.
    * Any relevant logs are included.
-    * The provided information should be totally self-contained. External access to web services/sites should not be needed.
+    * The provided information should be totally self-contained. External access to web
+      services/sites should not be needed.
    * Steps to reproduce the problem if possible.


@ -32,20 +33,24 @@ Pull requests submitted through GitHub will be ignored and closed without regard
 Extra
 -----

-Tags: 
-    If it's a bug that needs fixing in a branch in addition to Master, add a '\<release\>-backport-potential' tag (eg ``juno-backport-potential``).  There are predefined tags that will autocomplete.
+Tags:
+    If it's a bug that needs fixing in a branch in addition to Master, add a
+    '\<release\>-backport-potential' tag (eg ``juno-backport-potential``).  There are predefined
+    tags that will autocomplete.

 Status:
    Please leave this alone, it should be New till someone triages the issue.

 Importance:
-    Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures.
+    Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only
+    use Critical if you have found a bug that can take down whole infrastructures.


 Style guide
 -----------

-When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. 
+When creating tasks and other roles for use in Ansible please create them using the YAML dictionary
+format.

 Example YAML dictionary format:
    .. code-block:: yaml
@ -69,17 +74,20 @@ Example **NOT** in YAML dictionary format:
            - some-other-tag


-Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module.
+Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules
+such as the ansible ``shell`` module.


 Issues
 ------

-When submitting an issue, or working on an issue please ensure the following criteria are met:
+When submitting or working on an issue, please ensure the following criteria are met:
    * The description clearly states or describes the original problem or root cause of the problem.
    * Include historical information on how the problem was identified.
-    * Any relevant logs are included.
-    * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR).
-    * The provided information should be totally self-contained. External access to web services/sites should not be needed.
+    * Include any relevant logs.
+    * If the issue is a bug that needs fixing in a branch other than Master, add the
+      ‘backport potential’ tag TO THE ISSUE (not the PR).
+    * The provided information should be totally self-contained. External access to web
+      services/sites should not be needed.
    * If the issue is needed for a hotfix release, add the 'expedite' label.
    * Steps to reproduce the problem if possible.
--- a/README.rst
+++ b/README.rst
@ -3,7 +3,8 @@ OpenStack LXC container create
 :tags: openstack, lxc, container, cloud, ansible
 :category: \*nix

-Role for creating LXC containers. This role has been setup for use in OpenStack. This role will create several directories on the LXC host for use in bind mounted storage within the container. 
+Role for creating LXC containers. This role has been setup for use in OpenStack. This role will
+create several directories on the LXC host for use in bind mounted storage within the container.

 Example Play:
    .. code-block:: yaml
@ -51,10 +52,6 @@ Example Inventory:
                                "netmask": "255.255.252.0",
                                "type": "veth"
                            }
-                        },
-                        "properties": {
-                            "container_release": "trusty",
-                            "is_metal": true
                        }
                    },
                    "container1": {
@ -71,10 +68,7 @@ Example Inventory:
                            }
                        },
                        "physical_host": "infra1",
-                        "physical_host_group": "lxc_hosts",
-                        "properties": {
-                            "container_release": "trusty",
-                        }
+                        "physical_host_group": "lxc_hosts"
                    }
                }
            }
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -15,9 +15,6 @@

 lxc_container_config: /etc/lxc/lxc-openstack.conf

-# Default container template to build from
-lxc_container_template: ubuntu
-
 # lxc container rootfs directory and cache path
 lxc_container_directory: "/var/lib/lxc"
 lxc_container_cache_path: "/var/cache/lxc"
@ -32,51 +29,31 @@ lxc_container_fs_type: ext4
 lxc_container_backing_store: lvm
 lxc_container_vg_name: lxc

-# Default image to build from
-lxc_container_release: trusty
-lxc_container_user_name: ubuntu
-lxc_container_user_password: "{{ lookup('pipe', 'date --rfc-3339=ns | sha512sum | base64 | head -c 32') }}"
-lxc_container_template_options: >
-  --release {{ lxc_container_release }}
-  --user {{ lxc_container_user_name }}
-  --password {{ lxc_container_user_password }}
-
-lxc_container_template_main_apt_repo: "https://mirror.rackspace.com/ubuntu"
-lxc_container_template_security_apt_repo: "https://mirror.rackspace.com/ubuntu"
-
-lxc_container_default_interfaces: |
-  # The loopback network interface
-  auto lo
-  iface lo inet loopback
-  # LXC interface, this is ALWAYS assumed to be DHCP.
-  auto eth0
-  iface eth0 inet dhcp
-  # Load any additional configs
-  source /etc/network/interfaces.d/*.cfg
-
 lxc_container_default_mtu: "1500"
-# The container interface variable is a a default object that assume the
-# Ansible iterator type is `with_dict`.
-lxc_container_interface: |
-  ### start generated network for [ {{ item.value.interface }} ] ###
-  auto {{ item.value.interface }}
-  {% if item.value.address is defined %}
-  iface {{ item.value.interface }} inet static
-      address {{ item.value.address }}
-      netmask {{ item.value.netmask }}
-      # needed to enable gratuitous arps on interface events
-      post-up sysctl -w net.ipv4.conf.$IFACE.arp_notify=1
-      # needed to force an interface event (setting mac to what it already is)
-      post-up ip link set $IFACE address $(cat /sys/class/net/$IFACE/address)
-  {% if item.value.gateway is defined %}
-      gateway {{ item.value.gateway }}
-  {% endif %}
-  {% if item.value.static_routes is defined %}
-  {% for route in item.value.static_routes %}
-      post-up ip route add {{ route['cidr'] }} via {{ route['gateway'] }} || true
-  {% endfor %}
-  {% endif %}
-  {% else %}
-  iface {{ item.value.interface }} inet manual
-  {% endif %}
-  ### end generated network for [ {{ item.value.interface }} ] ###
+
+# LXC image server
+lxc_image_cache_server: images.linuxcontainers.org
+
+## Default download template options
+##  This can be customized to use a local build server and options.
+##  By default these options will be fulfilled by the distro specific
+##  variable files found in vars/
+# lxc_container_download_template_options: >
+#   --dist NAME_OF_DISTRO
+#   --release DISTRO_RELEASE
+#   --arch CONTAINER_ARCH
+#   --force-cache
+#   --server SERVER_TO_GET_IMAGES_FROM
+lxc_container_template: download
+lxc_container_variant: default
+lxc_container_download_template_options: >
+  --dist {{ lxc_container_map.distro }}
+  --release {{ lxc_container_map.release }}
+  --arch {{ lxc_container_map.arch }}
+  --force-cache
+  --server {{ lxc_image_cache_server }}
+  --variant={{ lxc_container_variant }}
+
+lxc_cache_resolvers:
+  - 'nameserver 8.8.8.8'
+  - 'nameserver 8.8.4.4'
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@ -12,5 +12,4 @@ Basic Role Example
 .. code-block:: yaml

    - role: "lxc_container_create"
-      lxc_container_release: trusty
      lxc_container_backing_store: dir
--- a/manual-tests.rc
+++ b/manual-tests.rc
@ -0,0 +1,22 @@
+export VIRTUAL_ENV=$(pwd)
+export ANSIBLE_HOST_KEY_CHECKING=False
+export ANSIBLE_SSH_CONTROL_PATH=/tmp/%%h-%%r
+
+# TODO (odyssey4me) These are only here as they are non-standard folder
+# names for Ansible 1.9.x. We are using the standard folder names for
+# Ansible v2.x. We can remove this when we move to Ansible 2.x.
+export ANSIBLE_ACTION_PLUGINS=${HOME}/.ansible/plugins/action
+export ANSIBLE_CALLBACK_PLUGINS=${HOME}/.ansible/plugins/callback
+export ANSIBLE_FILTER_PLUGINS=${HOME}/.ansible/plugins/filter
+export ANSIBLE_LOOKUP_PLUGINS=${HOME}/.ansible/plugins/lookup
+
+# This is required as the default is the current path or a path specified
+# in ansible.cfg
+export ANSIBLE_LIBRARY=${HOME}/.ansible/plugins/library
+
+# This is required as the default is '/etc/ansible/roles' or a path
+# specified in ansible.cfg
+export ANSIBLE_ROLES_PATH=${HOME}/.ansible/roles:$(pwd)/..
+
+echo "Run manual functional tests by executing the following:"
+echo "# ./.tox/functional/bin/ansible-playbook -i tests/inventory tests/test.yml -e \"rolename=$(pwd)\""
--- a/meta/main.yml
+++ b/meta/main.yml
@ -18,11 +18,15 @@ galaxy_info:
  description: Create an LXC container
  company: Rackspace
  license: Apache2
-  min_ansible_version: 1.6.6
+  min_ansible_version: 1.9.4
  platforms:
    - name: Ubuntu
      versions:
        - trusty
+        - xenial
+    - name: EL
+      versions:
+        - 7
  categories:
    - cloud
    - lxc
--- a/other-requirements.txt
+++ b/other-requirements.txt
@ -14,7 +14,13 @@
 # TODO(odyssey4me) remove this once https://review.openstack.org/288634 has merged
 # and the disk images are rebuilt and redeployed.
 curl
+wget

 # Requirements for Paramiko 2.0
-libssl-dev
-libffi-dev
+libssl-dev        [platform:dpkg]
+libffi-dev        [platform:dpkg]
+libffi-devel      [platform:rpm]
+openssl-devel     [platform:rpm]
+
+# For selinux
+libselinux-python [platform:rpm]
--- a/releasenotes/notes/lxc-container-multi-distro-f495f73951fafd1a.yaml
+++ b/releasenotes/notes/lxc-container-multi-distro-f495f73951fafd1a.yaml
@ -0,0 +1,29 @@
+---
+features:
+  - The ``lxc_container_create`` role will now build a container
+    based on the distro of the host OS.
+  - The ``lxc_container_create`` role now supports Ubuntu 14.04,
+    16.04, and RHEL/CentOS 7
+upgrade:
+  - The ``lxc_container_create`` role no longer uses the distro specific lxc
+    container create template.
+  - |
+    The following variable changes have been made in the  ``lxc_host`` role:
+
+    * **lxc_container_template**: Removed because the template option is now
+      contained within the operating system specific variable file loaded at
+      runtime.
+    * **lxc_container_template_options**: This option was renamed to
+      *lxc_container_download_template_options*. The deprecation filter was not
+      used because the values provided from this option have been
+      fundamentally changed and old overrides will cause problems.
+    * **lxc_container_release**: Removed because image is now tied with the host
+      operating system.
+    * **lxc_container_user_name**: Removed because the default users are no longer
+      created when the cached image is created.
+    * **lxc_container_user_password**: Removed because the default users are no
+      longer created when the cached image is created.
+    * **lxc_container_template_main_apt_repo**: Removed because this option is now
+      being set within the cache creation process and is no longer needed here.
+    * **lxc_container_template_security_apt_repo**: Removed because this option is
+      now being set within the cache creation process and is no longer needed here.
--- a/run_tests.sh
+++ b/run_tests.sh
@ -19,7 +19,11 @@ FUNCTIONAL_TEST=${FUNCTIONAL_TEST:-true}

 # prep the host
 if [ "$(which apt-get)" ]; then
-  apt-get install -y build-essential python2.7 python-dev git-core libssl-dev libffi-dev
+  apt-get update && apt-get install -y build-essential python2.7 python-dev git-core libffi-dev libssl-dev
+fi
+
+if [ "$(which yum)" ]; then
+  yum install -y '@Development Tools' python-devel git libffi-devel openssl-devel
 fi

 # get pip, if necessary
@ -33,9 +37,9 @@ pip install tox

 # run through each tox env and execute the test
 for tox_env in $(awk -F= '/envlist/ {print $2}' tox.ini | sed 's/,/ /g'); do
-  if [ "${tox_env}" != "ansible-functional" ]; then
+  if [ "${tox_env}" != "functional" ]; then
    tox -e ${tox_env}
-  elif [ "${tox_env}" == "ansible-functional" ]; then
+  elif [ "${tox_env}" == "functional" ]; then
    if ${FUNCTIONAL_TEST}; then
      tox -e ${tox_env}
    fi
--- a/tasks/container_create.yml
+++ b/tasks/container_create.yml
@ -57,61 +57,43 @@
  lxc_container:
    name: "{{ inventory_hostname }}"
    container_log: "true"
-    config: "{{ properties.container_config|default(lxc_container_config) }}"
-    template: "{{ properties.container_template|default(lxc_container_template) }}"
+    config: "{{ lxc_container_config }}"
+    template: "{{ lxc_container_template }}"
    state: started
-    backing_store: "{{ properties.container_backing_store|default(lxc_container_backing_store) }}"
+    backing_store: "{{ lxc_container_backing_store }}"
    directory: "{{ lxc_container_rootfs_directory }}"
-    fs_size: "{{ properties.container_fs_size|default(lxc_container_fs_size) }}"
-    fs_type: "{{ properties.container_fs_type|default(lxc_container_fs_type) }}"
-    vg_name: "{{ properties.container_vg_name|default(lxc_container_vg_name) }}"
-    template_options: "{{ lxc_container_template_options }}"
-    container_command: |
-      if [ -f  "/usr/lib/systemd/system/poweroff.target" ];then
-        ln -sf /usr/lib/systemd/system/poweroff.target /etc/systemd/system/sigpwr.target || true
-      fi
-      ln -s /dev/null /etc/systemd/system/systemd-udevd.service || true
-      ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket || true
-      ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket || true
-      ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount || true
-      echo -e '{{ lxc_container_default_interfaces }}' | tee /etc/network/interfaces
+    fs_size: "{{ lxc_container_fs_size }}"
+    fs_type: "{{ lxc_container_fs_type }}"
+    vg_name: "{{ lxc_container_vg_name }}"
+    template_options: "{{ lxc_container_download_template_options }}"
+    container_command: "{{ lxc_container_map.prep_commands }}"
    container_config:
      - "lxc.autodev=1"
      - "lxc.pts=1024"
      - "lxc.kmsg=0"
      - "lxc.hook.autodev=/var/lib/lxc/{{ inventory_hostname }}/autodev"
+      - "lxc.mount.entry=/openstack/backup/{{ inventory_hostname }} var/backup none defaults,bind,rw 0 0"
  delegate_to: "{{ physical_host }}"
  tags:
    - lxc-container-create

- name: Load container service mounts and profile
-  lxc_container:
-    name: "{{ inventory_hostname }}"
-    container_command: |
-      mkdir -p /var/backup
-      mkdir -p /var/log/{{ properties.service_name }}
-    container_config:
-      - "lxc.mount.entry=/openstack/backup/{{ inventory_hostname }} var/backup none defaults,bind,rw 0 0"
-      - "lxc.mount.entry=/openstack/log/{{ inventory_hostname }} var/log/{{ properties.service_name }} none defaults,bind,rw 0 0"
-  when: properties.service_name is defined
-  delegate_to: "{{ physical_host }}"
-  tags:
-    - lxc-container-service-config
-
 - name: Container network interfaces
  lxc_container:
    name: "{{ inventory_hostname }}"
    container_command: |
-      if [ ! -d "/etc/network/interfaces.d" ];then
-        mkdir -p /etc/network/interfaces.d
-      fi
-      configmd5sum=$(md5sum /etc/network/interfaces.d/{{ item.value.interface }}.cfg 2>/dev/null)
-      echo -e '{{ lxc_container_interface }}' | tee /etc/network/interfaces.d/{{ item.value.interface }}.cfg
-      if ! md5sum -c --status <<< "$configmd5sum" 2>/dev/null; then
-        ifdown {{ item.value.interface }}
-        ifup {{ item.value.interface }}
-      fi
-  with_dict: "{{ container_networks|default({}) }}"
+      echo -e '{{ lxc_container_interface }}' | tee {{ lxc_container_interface_target }}
+  with_dict: container_networks|default({})
+  delegate_to: "{{ physical_host }}"
+  tags:
+    - lxc-container-networks
+
+- name: Container network route interfaces
+  lxc_container:
+    name: "{{ inventory_hostname }}"
+    container_command: |
+      echo -e '{{ lxc_container_default_route_interfaces.route_setup }}' | tee {{ lxc_container_default_route_interfaces.route_file }}
+  when: item.value.static_routes is defined
+  with_dict: container_networks|default({})
  delegate_to: "{{ physical_host }}"
  tags:
    - lxc-container-networks
@ -123,7 +105,7 @@
    owner: "root"
    group: "root"
    mode: "0644"
-  with_dict: "{{ container_networks|default({}) }}"
+  with_dict: container_networks|default({})
  notify:
    - Lxc container restart
  delegate_to: "{{ physical_host }}"
@ -148,9 +130,9 @@
    dest: "/var/lib/lxc/{{ inventory_hostname }}/config"
    line: "lxc.include = /var/lib/lxc/{{ inventory_hostname }}/{{ item.value.interface }}.ini"
    backup: "true"
-  with_dict: "{{ container_networks|default({}) }}"
-  when:
-    - item.value.interface is defined
+  with_dict: container_networks|default({})
+  when: >
+    item.value.interface is defined
  notify:
    - Lxc container restart
  delegate_to: "{{ physical_host }}"
@ -188,18 +170,15 @@
 # Flush the handlers to ensure the container and networking is online.
 - meta: flush_handlers

-# Resets the container user's password using lxc_container because Python2.7
-#  may not be installed at this point.
- name: Force container user password set
-  lxc_container:
-    name: "{{ inventory_hostname }}"
-    container_command: |
-      getent passwd "{{ lxc_container_user_name }}" &&
-      echo "{{ lxc_container_user_name }}:{{ lxc_container_user_password }}" | chpasswd
-  delegate_to: "{{ physical_host }}"
-  no_log: True
+- name: Wait for ssh to be available
+  local_action:
+    module: wait_for
+    port: "{{ ansible_ssh_port | default('22') }}"
+    host: "{{ ansible_ssh_host | default(inventory_hostname) }}"
+    search_regex: OpenSSH
+    delay: 1
  tags:
-    - lxc-container-user-password-regen
+    - lxc-container-networks

 - name: Install container proxy settings
  template:
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -13,10 +13,21 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+- name: Gather variables for each operating system
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ hostvars[physical_host]['ansible_distribution'] | lower }}-{{ hostvars[physical_host]['ansible_distribution_version'] | lower }}.yml"
+    - "{{ hostvars[physical_host]['ansible_distribution'] | lower }}.yml"
+    - "{{ hostvars[physical_host]['ansible_os_family'] | lower }}-{{ hostvars[physical_host]['ansible_distribution_version'].split('.')[0] }}.yml"
+    - "{{ hostvars[physical_host]['ansible_os_family'] | lower }}.yml"
+  delegate_to: "{{ physical_host }}"
+  tags:
+    - always
+
 - include: container_create.yml
  when:
    - physical_host is defined
    - inventory_hostname is defined
    - physical_host != inventory_hostname
  tags:
-    - lxc-container
+    - lxc-container
--- a/tests/group_vars/all_containers.yml
+++ b/tests/group_vars/all_containers.yml
@ -15,6 +15,7 @@

 ansible_ssh_host: "{{ ansible_host }}"
 container_name: "{{ inventory_hostname }}"
+
 container_networks:
  management_address:
    address: "{{ ansible_host }}"
@ -22,6 +23,14 @@ container_networks:
    interface: "eth1"
    netmask: "255.255.252.0"
    type: "veth"
+    static_routes:
+      - cidr: 10.100.100.0/24
+        gateway: 10.100.100.1
+
 physical_host: localhost
+
 properties:
  service_name: "{{ inventory_hostname }}"
+
+global_environment_variables:
+  PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
--- a/tests/inventory
+++ b/tests/inventory
@ -5,4 +5,4 @@ container2 ansible_host=10.100.100.3 ansible_become=True ansible_user=root

 [all_containers]
 container1
-container2
+container2
--- a/tests/test-containers-functional.yml
+++ b/tests/test-containers-functional.yml
@ -46,4 +46,4 @@
        that:
          - "'/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games' in environment_content"
          - "'http_proxy=http://someproxy.example.com' in environment_content"
-          - "'https_proxy=https://someproxy.example.com' in environment_content"
+          - "'https_proxy=https://someproxy.example.com' in environment_content"
--- a/tests/test-prepare-containers.yml
+++ b/tests/test-prepare-containers.yml
@ -16,6 +16,27 @@
 - name: Playbook for creating containers
  hosts: all_containers
  gather_facts: false
+  pre_tasks:
+    - name: Destroy test containers
+      lxc_container:
+        name: "{{ container_name }}"
+        state: "absent"
+      delegate_to: "{{ physical_host }}"
+      tags:
+        - container-destroy
+    - name: Destroy container service directories
+      file:
+        path: "{{ item }}"
+        state: "absent"
+      with_items:
+        - "/openstack/{{ container_name }}"
+        - "/openstack/backup/{{ container_name }}"
+        - "/openstack/log/{{ container_name }}"
+        - "/var/lib/lxc/{{ container_name }}"
+        - "{{ lxc_container_directory|default('/var/lib/lxc') }}/{{ container_name }}"
+      delegate_to: "{{ physical_host }}"
+      tags:
+        - container-directories
  roles:
    - role: "{{ rolename | basename }}"
      lxc_container_release: trusty
--- a/tests/test-prepare-host.yml
+++ b/tests/test-prepare-host.yml
@ -37,16 +37,32 @@
      set_fact:
        lxc_container_cache_files:
          - { src: '/etc/pip.conf', dest: '/etc/pip.conf' }
+      when:
+        - nodepool.stat.exists | bool
+    - name: Set a fact for file to disable GPG signature checking of apt sources for OpenStack-CI instances
+      set_fact:
+        apt_disable_gpg_checking:
          - { src: '/etc/apt/apt.conf.d/99unauthenticated', dest: '/etc/apt/apt.conf.d/99unauthenticated' }
-      when: nodepool.stat.exists | bool
+      when:
+        - nodepool.stat.exists | bool
+        - ansible_pkg_mgr == 'apt'
+    - name: Update the files to copy into the container cache for OpenStack-CI instances
+      set_fact:
+        lxc_container_cache_files:
+          "{{ lxc_container_cache_files + apt_disable_gpg_checking }}"
+      when:
+        - nodepool.stat.exists | bool
+        - ansible_pkg_mgr == 'apt'
    - name: Determine the existing Ubuntu repo configuration
      shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list'
      register: ubuntu_repo
      changed_when: false
+      when: ansible_os_family == 'Debian'
    - name: Set apt repo facts based on discovered information
      set_fact:
        lxc_container_template_main_apt_repo: "{{ ubuntu_repo.stdout }}"
        lxc_container_template_security_apt_rep: "{{ ubuntu_repo.stdout }}"
+      when: ansible_os_family == 'Debian'
  roles:
    - role: "lxc_hosts"
      lxc_net_address: 10.100.100.1
@ -54,8 +70,3 @@
      lxc_net_bridge: lxcbr0
      lxc_kernel_options:
        - { key: 'fs.inotify.max_user_instances', value: 1024 }
-      lxc_container_caches:
-        - url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz"
-          name: "trusty.tgz"
-          sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c"
-          chroot_path: trusty/rootfs-amd64
--- a/tox.ini
+++ b/tox.ini
@ -118,6 +118,7 @@ commands =
                   --force
    ansible-playbook -i {toxinidir}/tests/inventory \
                     -e "rolename={toxinidir}" \
+                     -vv \
                     {toxinidir}/tests/test.yml


--- a/vars/redhat-7.yml
+++ b/vars/redhat-7.yml
@ -0,0 +1,60 @@
+---
+
+# Note this is a used in an iterable and requires the <item.value.interface> variable
+#   The container interface variable is a a default object that assume the
+#   Ansible iterator type is `with_dict`.
+lxc_container_interface: |
+  ### start generated network for [ {{ item.value.interface }} ] ###
+  DEVICE={{ item.value.interface }}
+  BOOTPROTO=none
+  ONBOOT=yes
+  NM_CONTROLLED=no
+  TYPE=Ethernet
+  {% if item.value.address is defined %}
+  IPADDR={{ item.value.address }}
+  NETMASK={{ item.value.netmask }}
+  {% if item.value.gateway is defined %}
+  GATEWAY={{ item.value.gateway }}
+  {% endif %}
+  {% endif %}
+  MTU={{ item.value.mtu|default(lxc_container_default_mtu) }}
+  DELAY=0
+  ### end generated network for [ {{ item.value.interface }} ] ###
+
+# Default interface file
+lxc_container_default_interfaces: |
+  DEVICE=eth0
+  BOOTPROTO=dhcp
+  ONBOOT=yes
+  NM_CONTROLLED=no
+  TYPE=Ethernet
+
+lxc_container_default_route_interfaces:
+  route_file: "/etc/sysconfig/network-scripts/route-{{ item.value.interface }}"
+  route_setup: |
+    {% for route in item.value.static_routes %}
+        {{ route['cidr'] }} via {{ route['gateway'] }} dev {{ item.value.interface }}
+    {% endfor %}
+
+# Note this is a used in an iterable and requires the <item.value.interface> variable
+lxc_container_interface_target: "/etc/sysconfig/network-scripts/ifcfg-{{ item.value.interface }}"
+
+lxc_container_map:
+  distro: centos
+  arch: amd64
+  release: 7
+  prep_commands: |
+    mkdir -p /var/backup
+    rm /etc/resolv.conf
+    {% for resolver in lxc_cache_resolvers %}
+    echo "{{ resolver }}" | tee -a /etc/resolv.conf
+    {% endfor %}
+    if [ -f  "/usr/lib/systemd/system/poweroff.target" ];then
+      ln -sf /usr/lib/systemd/system/poweroff.target /etc/systemd/system/sigpwr.target || true
+    fi
+    ln -s /dev/null /etc/systemd/system/systemd-udevd.service || true
+    ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket || true
+    ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket || true
+    ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount || true
+    echo -e '{{ lxc_container_default_interfaces }}' | tee /etc/sysconfig/network-scripts/ifcfg-eth0
+    chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
--- a/vars/ubuntu-14.04.yml
+++ b/vars/ubuntu-14.04.yml
@ -0,0 +1,71 @@
+---
+
+# Note this is a used in an iterable and requires the <item.value.interface> variable
+#   The container interface variable is a a default object that assume the
+#   Ansible iterator type is `with_dict`.
+lxc_container_interface: |
+  ### start generated network for [ {{ item.value.interface }} ] ###
+  auto {{ item.value.interface }}
+  {% if item.value.address is defined %}
+  iface {{ item.value.interface }} inet static
+      address {{ item.value.address }}
+      netmask {{ item.value.netmask }}
+  {% if item.value.gateway is defined %}
+      gateway {{ item.value.gateway }}
+  {% endif %}
+      mtu {{ item.value.mtu|default(lxc_container_default_mtu) }}
+      # needed to enable gratuitous arps on interface events
+      post-up sysctl -w net.ipv4.conf.$IFACE.arp_notify=1
+      # needed to force an interface event (setting mac to what it already is)
+      post-up ip link set $IFACE address $(cat /sys/class/net/$IFACE/address)
+  {% if item.value.static_routes is defined %}
+  {% for route in item.value.static_routes %}
+      post-up ip route add {{ route['cidr'] }} via {{ route['gateway'] }} || true
+  {% endfor %}
+  {% endif %}
+  {% else %}
+  iface {{ item.value.interface }} inet manual
+  {% endif %}
+  ### end generated network for [ {{ item.value.interface }} ] ###
+
+# Default interface file
+lxc_container_default_interfaces: |
+  # The loopback network interface
+  auto lo
+  iface lo inet loopback
+  # LXC interface, this is ALWAYS assumed to be DHCP.
+  auto eth0
+  iface eth0 inet dhcp
+  # Load any additional configs
+  source /etc/network/interfaces.d/*.cfg
+
+# Notice this is already resolved in the debian interface file
+lxc_container_default_route_interfaces:
+  route_file: "/dev/null"
+  route_setup: "This is already resolved in the debian interface file"
+
+# Note this is a used in an iterable and requires the <item.value.interface> variable
+lxc_container_interface_target: "/etc/network/interfaces.d/{{ item.value.interface }}.cfg"
+
+lxc_container_map:
+  distro: ubuntu
+  arch: amd64
+  release: trusty
+  prep_commands: |
+    mkdir -p /var/backup
+    echo '# Null Tail' | tee /etc/resolvconf/resolv.conf.d/tail
+    echo '# Null original' | tee /etc/resolvconf/resolv.conf.d/original
+    rm /etc/resolvconf/resolv.conf.d/base
+    {% for resolver in lxc_cache_resolvers %}
+    echo 'nameserver {{ resolver }}' | tee -a /etc/resolvconf/resolv.conf.d/base
+    {% endfor %}
+    if [ -f  "/usr/lib/systemd/system/poweroff.target" ];then
+      ln -sf /usr/lib/systemd/system/poweroff.target /etc/systemd/system/sigpwr.target || true
+    fi
+    ln -s /dev/null /etc/systemd/system/systemd-udevd.service || true
+    ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket || true
+    ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket || true
+    ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount || true
+    echo -e '{{ lxc_container_default_interfaces }}' | tee /etc/network/interfaces
+    mkdir -p /etc/network/interfaces.d
+    chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
--- a/vars/ubuntu-16.04.yml
+++ b/vars/ubuntu-16.04.yml
@ -0,0 +1,71 @@
+---
+
+# Note this is a used in an iterable and requires the <item.value.interface> variable
+#   The container interface variable is a a default object that assume the
+#   Ansible iterator type is `with_dict`.
+lxc_container_interface: |
+  ### start generated network for [ {{ item.value.interface }} ] ###
+  auto {{ item.value.interface }}
+  {% if item.value.address is defined %}
+  iface {{ item.value.interface }} inet static
+      address {{ item.value.address }}
+      netmask {{ item.value.netmask }}
+  {% if item.value.gateway is defined %}
+      gateway {{ item.value.gateway }}
+  {% endif %}
+      mtu {{ item.value.mtu|default(lxc_container_default_mtu) }}
+      # needed to enable gratuitous arps on interface events
+      post-up sysctl -w net.ipv4.conf.$IFACE.arp_notify=1
+      # needed to force an interface event (setting mac to what it already is)
+      post-up ip link set $IFACE address $(cat /sys/class/net/$IFACE/address)
+  {% if item.value.static_routes is defined %}
+  {% for route in item.value.static_routes %}
+      post-up ip route add {{ route['cidr'] }} via {{ route['gateway'] }} || true
+  {% endfor %}
+  {% endif %}
+  {% else %}
+  iface {{ item.value.interface }} inet manual
+  {% endif %}
+  ### end generated network for [ {{ item.value.interface }} ] ###
+
+# Default interface file
+lxc_container_default_interfaces: |
+  # The loopback network interface
+  auto lo
+  iface lo inet loopback
+  # LXC interface, this is ALWAYS assumed to be DHCP.
+  auto eth0
+  iface eth0 inet dhcp
+  # Load any additional configs
+  source /etc/network/interfaces.d/*.cfg
+
+# Notice this is already resolved in the debian interface file
+lxc_container_default_route_interfaces:
+  route_file: "/dev/null"
+  route_setup: "This is already resolved in the debian interface file"
+
+# Note this is a used in an iterable and requires the <item.value.interface> variable
+lxc_container_interface_target: "/etc/network/interfaces.d/{{ item.value.interface }}.cfg"
+
+lxc_container_map:
+  distro: ubuntu
+  arch: amd64
+  release: xenial
+  prep_commands: |
+    mkdir -p /var/backup
+    echo '# Null Tail' | tee /etc/resolvconf/resolv.conf.d/tail
+    echo '# Null original' | tee /etc/resolvconf/resolv.conf.d/original
+    rm /etc/resolvconf/resolv.conf.d/base
+    {% for resolver in lxc_cache_resolvers %}
+    echo 'nameserver {{ resolver }}' | tee -a /etc/resolvconf/resolv.conf.d/base
+    {% endfor %}
+    if [ -f  "/usr/lib/systemd/system/poweroff.target" ];then
+      ln -sf /usr/lib/systemd/system/poweroff.target /etc/systemd/system/sigpwr.target || true
+    fi
+    ln -s /dev/null /etc/systemd/system/systemd-udevd.service || true
+    ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket || true
+    ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket || true
+    ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount || true
+    echo -e '{{ lxc_container_default_interfaces }}' | tee /etc/network/interfaces
+    mkdir -p /etc/network/interfaces.d
+    chage -I -1 -d -1 -m 0 -M 99999 -E -1 root