openstack/openstack-ansible-lxc_container_create
Code Issues Proposed changes

updated for lxc-container-create for multi-distro support

Browse Source 
This change updates the lxc-container-create role to build lxc containers
using the download template. The build supports ubuntu 14.04/16.04 and
RedHat/CentOS 7 using the multi-distro framework.

This change is incorporating updates built into the lxc_hosts role. Once
merged this should unblock all work geared toward multi-distro support and
testing. The testing structure has been updated to match what is being done
in other roles.

A new file was created "manual-tests.rc" which assists in manual testing
by exporting the needed environment variables to run the role tests without
requiring everything to run through tox which has undesirable side-effects
when running tests that span multiple roles.

Change-Id: Iee304dd026e0865e0444259d2132122233d90f5f
Depends-On: Ie13be2322d28178760481c59805101d6aeef4f36
Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
Kevin Carter 2016-05-02 08:56:32 -05:00
parent f2646d36d8
commit 0c16334a2c
No known key found for this signature in database
GPG Key ID: 69FEFFC5E2D9273F
20 changed files with 417 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CONTRIBUTING.rst
View File

@ -16,7 +16,8 @@ When submitting a bug, or working on a bug, please ensure the following criteria
* The description clearly states or describes the original problem or root cause of the problem.
* Include historical information on how the problem was identified.
* Any relevant logs are included.
* The provided information should be totally self-contained. External access to web services/sites should not be needed.
* The provided information should be totally self-contained. External access to web
services/sites should not be needed.
* Steps to reproduce the problem if possible.
@ -32,20 +33,24 @@ Pull requests submitted through GitHub will be ignored and closed without regard
Extra
-----
Tags:
If it's a bug that needs fixing in a branch in addition to Master, add a '\<release\>-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete.
Tags:
If it's a bug that needs fixing in a branch in addition to Master, add a
'\<release\>-backport-potential' tag (eg ``juno-backport-potential``). There are predefined
tags that will autocomplete.
Status:
Please leave this alone, it should be New till someone triages the issue.
Importance:
Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures.
Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only
use Critical if you have found a bug that can take down whole infrastructures.
Style guide
-----------
When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format.
When creating tasks and other roles for use in Ansible please create them using the YAML dictionary
format.
Example YAML dictionary format:
.. code-block:: yaml
@ -69,17 +74,20 @@ Example **NOT** in YAML dictionary format:
- some-other-tag
Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module.
Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules
such as the ansible ``shell`` module.
Issues
------
When submitting an issue, or working on an issue please ensure the following criteria are met:
When submitting or working on an issue, please ensure the following criteria are met:
* The description clearly states or describes the original problem or root cause of the problem.
* Include historical information on how the problem was identified.
* Any relevant logs are included.
* If the issue is a bug that needs fixing in a branch other than Master, add the backport potential tag TO THE ISSUE (not the PR).
* The provided information should be totally self-contained. External access to web services/sites should not be needed.
* Include any relevant logs.
* If the issue is a bug that needs fixing in a branch other than Master, add the
backport potential tag TO THE ISSUE (not the PR).
* The provided information should be totally self-contained. External access to web
services/sites should not be needed.
* If the issue is needed for a hotfix release, add the 'expedite' label.
* Steps to reproduce the problem if possible.

12
README.rst
View File

@ -3,7 +3,8 @@ OpenStack LXC container create
:tags: openstack, lxc, container, cloud, ansible
:category: \*nix
Role for creating LXC containers. This role has been setup for use in OpenStack. This role will create several directories on the LXC host for use in bind mounted storage within the container.
Role for creating LXC containers. This role has been setup for use in OpenStack. This role will
create several directories on the LXC host for use in bind mounted storage within the container.
Example Play:
.. code-block:: yaml
@ -51,10 +52,6 @@ Example Inventory:
"netmask": "255.255.252.0",
"type": "veth"
}
},
"properties": {
"container_release": "trusty",
"is_metal": true
}
},
"container1": {
@ -71,10 +68,7 @@ Example Inventory:
}
},
"physical_host": "infra1",
"physical_host_group": "lxc_hosts",
"properties": {
"container_release": "trusty",
}
"physical_host_group": "lxc_hosts"
}
}
}

77
defaults/main.yml
View File

@ -15,9 +15,6 @@
lxc_container_config: /etc/lxc/lxc-openstack.conf
# Default container template to build from
lxc_container_template: ubuntu
# lxc container rootfs directory and cache path
lxc_container_directory: "/var/lib/lxc"
lxc_container_cache_path: "/var/cache/lxc"
@ -32,51 +29,31 @@ lxc_container_fs_type: ext4
lxc_container_backing_store: lvm
lxc_container_vg_name: lxc
# Default image to build from
lxc_container_release: trusty
lxc_container_user_name: ubuntu
lxc_container_user_password: "{{ lookup('pipe', 'date --rfc-3339=ns | sha512sum | base64 | head -c 32') }}"
lxc_container_template_options: >
--release {{ lxc_container_release }}
--user {{ lxc_container_user_name }}
--password {{ lxc_container_user_password }}
lxc_container_template_main_apt_repo: "https://mirror.rackspace.com/ubuntu"
lxc_container_template_security_apt_repo: "https://mirror.rackspace.com/ubuntu"
lxc_container_default_interfaces: |
# The loopback network interface
auto lo
iface lo inet loopback
# LXC interface, this is ALWAYS assumed to be DHCP.
auto eth0
iface eth0 inet dhcp
# Load any additional configs
source /etc/network/interfaces.d/*.cfg
lxc_container_default_mtu: "1500"
# The container interface variable is a a default object that assume the
# Ansible iterator type is `with_dict`.
lxc_container_interface: |
### start generated network for [ {{ item.value.interface }} ] ###
auto {{ item.value.interface }}
{% if item.value.address is defined %}
iface {{ item.value.interface }} inet static
address {{ item.value.address }}
netmask {{ item.value.netmask }}
# needed to enable gratuitous arps on interface events
post-up sysctl -w net.ipv4.conf.$IFACE.arp_notify=1
# needed to force an interface event (setting mac to what it already is)
post-up ip link set $IFACE address $(cat /sys/class/net/$IFACE/address)
{% if item.value.gateway is defined %}
gateway {{ item.value.gateway }}
{% endif %}
{% if item.value.static_routes is defined %}
{% for route in item.value.static_routes %}
post-up ip route add {{ route['cidr'] }} via {{ route['gateway'] }} || true
{% endfor %}
{% endif %}
{% else %}
iface {{ item.value.interface }} inet manual
{% endif %}
### end generated network for [ {{ item.value.interface }} ] ###
# LXC image server
lxc_image_cache_server: images.linuxcontainers.org
## Default download template options
## This can be customized to use a local build server and options.
## By default these options will be fulfilled by the distro specific
## variable files found in vars/
# lxc_container_download_template_options: >
# --dist NAME_OF_DISTRO
# --release DISTRO_RELEASE
# --arch CONTAINER_ARCH
# --force-cache
# --server SERVER_TO_GET_IMAGES_FROM
lxc_container_template: download
lxc_container_variant: default
lxc_container_download_template_options: >
--dist {{ lxc_container_map.distro }}
--release {{ lxc_container_map.release }}
--arch {{ lxc_container_map.arch }}
--force-cache
--server {{ lxc_image_cache_server }}
--variant={{ lxc_container_variant }}
lxc_cache_resolvers:
- 'nameserver 8.8.8.8'
- 'nameserver 8.8.4.4'

1
doc/source/index.rst
View File

@ -12,5 +12,4 @@ Basic Role Example
.. code-block:: yaml
- role: "lxc_container_create"
lxc_container_release: trusty
lxc_container_backing_store: dir

22
manual-tests.rc Normal file
View File

@ -0,0 +1,22 @@
export VIRTUAL_ENV=$(pwd)
export ANSIBLE_HOST_KEY_CHECKING=False
export ANSIBLE_SSH_CONTROL_PATH=/tmp/%%h-%%r
# TODO (odyssey4me) These are only here as they are non-standard folder
# names for Ansible 1.9.x. We are using the standard folder names for
# Ansible v2.x. We can remove this when we move to Ansible 2.x.
export ANSIBLE_ACTION_PLUGINS=${HOME}/.ansible/plugins/action
export ANSIBLE_CALLBACK_PLUGINS=${HOME}/.ansible/plugins/callback
export ANSIBLE_FILTER_PLUGINS=${HOME}/.ansible/plugins/filter
export ANSIBLE_LOOKUP_PLUGINS=${HOME}/.ansible/plugins/lookup
# This is required as the default is the current path or a path specified
# in ansible.cfg
export ANSIBLE_LIBRARY=${HOME}/.ansible/plugins/library
# This is required as the default is '/etc/ansible/roles' or a path
# specified in ansible.cfg
export ANSIBLE_ROLES_PATH=${HOME}/.ansible/roles:$(pwd)/..
echo "Run manual functional tests by executing the following:"
echo "# ./.tox/functional/bin/ansible-playbook -i tests/inventory tests/test.yml -e \"rolename=$(pwd)\""

6
meta/main.yml
View File

@ -18,11 +18,15 @@ galaxy_info:
description: Create an LXC container
company: Rackspace
license: Apache2
min_ansible_version: 1.6.6
min_ansible_version: 1.9.4
platforms:
- name: Ubuntu
versions:
- trusty
- xenial
- name: EL
versions:
- 7
categories:
- cloud
- lxc

10
other-requirements.txt
View File

@ -14,7 +14,13 @@
# TODO(odyssey4me) remove this once https://review.openstack.org/288634 has merged
# and the disk images are rebuilt and redeployed.
curl
wget
# Requirements for Paramiko 2.0
libssl-dev
libffi-dev
libssl-dev [platform:dpkg]
libffi-dev [platform:dpkg]
libffi-devel [platform:rpm]
openssl-devel [platform:rpm]
# For selinux
libselinux-python [platform:rpm]

29
releasenotes/notes/lxc-container-multi-distro-f495f73951fafd1a.yaml Normal file
View File

@ -0,0 +1,29 @@
---
features:
- The ``lxc_container_create`` role will now build a container
based on the distro of the host OS.
- The ``lxc_container_create`` role now supports Ubuntu 14.04,
16.04, and RHEL/CentOS 7
upgrade:
- The ``lxc_container_create`` role no longer uses the distro specific lxc
container create template.
- |
The following variable changes have been made in the ``lxc_host`` role:
* **lxc_container_template**: Removed because the template option is now
contained within the operating system specific variable file loaded at
runtime.
* **lxc_container_template_options**: This option was renamed to
*lxc_container_download_template_options*. The deprecation filter was not
used because the values provided from this option have been
fundamentally changed and old overrides will cause problems.
* **lxc_container_release**: Removed because image is now tied with the host
operating system.
* **lxc_container_user_name**: Removed because the default users are no longer
created when the cached image is created.
* **lxc_container_user_password**: Removed because the default users are no
longer created when the cached image is created.
* **lxc_container_template_main_apt_repo**: Removed because this option is now
being set within the cache creation process and is no longer needed here.
* **lxc_container_template_security_apt_repo**: Removed because this option is
now being set within the cache creation process and is no longer needed here.

10
run_tests.sh
View File

@ -19,7 +19,11 @@ FUNCTIONAL_TEST=${FUNCTIONAL_TEST:-true}
# prep the host
if [ "$(which apt-get)" ]; then
apt-get install -y build-essential python2.7 python-dev git-core libssl-dev libffi-dev
apt-get update && apt-get install -y build-essential python2.7 python-dev git-core libffi-dev libssl-dev
fi
if [ "$(which yum)" ]; then
yum install -y '@Development Tools' python-devel git libffi-devel openssl-devel
fi
# get pip, if necessary
@ -33,9 +37,9 @@ pip install tox
# run through each tox env and execute the test
for tox_env in $(awk -F= '/envlist/ {print $2}' tox.ini | sed 's/,/ /g'); do
if [ "${tox_env}" != "ansible-functional" ]; then
if [ "${tox_env}" != "functional" ]; then
tox -e ${tox_env}
elif [ "${tox_env}" == "ansible-functional" ]; then
elif [ "${tox_env}" == "functional" ]; then
if ${FUNCTIONAL_TEST}; then
tox -e ${tox_env}
fi

89
tasks/container_create.yml
View File

@ -57,61 +57,43 @@
lxc_container:
name: "{{ inventory_hostname }}"
container_log: "true"
config: "{{ properties.container_config|default(lxc_container_config) }}"
template: "{{ properties.container_template|default(lxc_container_template) }}"
config: "{{ lxc_container_config }}"
template: "{{ lxc_container_template }}"
state: started
backing_store: "{{ properties.container_backing_store|default(lxc_container_backing_store) }}"
backing_store: "{{ lxc_container_backing_store }}"
directory: "{{ lxc_container_rootfs_directory }}"
fs_size: "{{ properties.container_fs_size|default(lxc_container_fs_size) }}"
fs_type: "{{ properties.container_fs_type|default(lxc_container_fs_type) }}"
vg_name: "{{ properties.container_vg_name|default(lxc_container_vg_name) }}"
template_options: "{{ lxc_container_template_options }}"
container_command: |
if [ -f "/usr/lib/systemd/system/poweroff.target" ];then
ln -sf /usr/lib/systemd/system/poweroff.target /etc/systemd/system/sigpwr.target || true
fi
ln -s /dev/null /etc/systemd/system/systemd-udevd.service || true
ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket || true
ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket || true
ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount || true
echo -e '{{ lxc_container_default_interfaces }}' | tee /etc/network/interfaces
fs_size: "{{ lxc_container_fs_size }}"
fs_type: "{{ lxc_container_fs_type }}"
vg_name: "{{ lxc_container_vg_name }}"
template_options: "{{ lxc_container_download_template_options }}"
container_command: "{{ lxc_container_map.prep_commands }}"
container_config:
- "lxc.autodev=1"
- "lxc.pts=1024"
- "lxc.kmsg=0"
- "lxc.hook.autodev=/var/lib/lxc/{{ inventory_hostname }}/autodev"
- "lxc.mount.entry=/openstack/backup/{{ inventory_hostname }} var/backup none defaults,bind,rw 0 0"
delegate_to: "{{ physical_host }}"
tags:
- lxc-container-create
- name: Load container service mounts and profile
lxc_container:
name: "{{ inventory_hostname }}"
container_command: |
mkdir -p /var/backup
mkdir -p /var/log/{{ properties.service_name }}
container_config:
- "lxc.mount.entry=/openstack/backup/{{ inventory_hostname }} var/backup none defaults,bind,rw 0 0"
- "lxc.mount.entry=/openstack/log/{{ inventory_hostname }} var/log/{{ properties.service_name }} none defaults,bind,rw 0 0"
when: properties.service_name is defined
delegate_to: "{{ physical_host }}"
tags:
- lxc-container-service-config
- name: Container network interfaces
lxc_container:
name: "{{ inventory_hostname }}"
container_command: |
if [ ! -d "/etc/network/interfaces.d" ];then
mkdir -p /etc/network/interfaces.d
fi
configmd5sum=$(md5sum /etc/network/interfaces.d/{{ item.value.interface }}.cfg 2>/dev/null)
echo -e '{{ lxc_container_interface }}' | tee /etc/network/interfaces.d/{{ item.value.interface }}.cfg
if ! md5sum -c --status <<< "$configmd5sum" 2>/dev/null; then
ifdown {{ item.value.interface }}
ifup {{ item.value.interface }}
fi
with_dict: "{{ container_networks|default({}) }}"
echo -e '{{ lxc_container_interface }}' | tee {{ lxc_container_interface_target }}
with_dict: container_networks|default({})
delegate_to: "{{ physical_host }}"
tags:
- lxc-container-networks
- name: Container network route interfaces
lxc_container:
name: "{{ inventory_hostname }}"
container_command: |
echo -e '{{ lxc_container_default_route_interfaces.route_setup }}' | tee {{ lxc_container_default_route_interfaces.route_file }}
when: item.value.static_routes is defined
with_dict: container_networks|default({})
delegate_to: "{{ physical_host }}"
tags:
- lxc-container-networks
@ -123,7 +105,7 @@
owner: "root"
group: "root"
mode: "0644"
with_dict: "{{ container_networks|default({}) }}"
with_dict: container_networks|default({})
notify:
- Lxc container restart
delegate_to: "{{ physical_host }}"
@ -148,9 +130,9 @@
dest: "/var/lib/lxc/{{ inventory_hostname }}/config"
line: "lxc.include = /var/lib/lxc/{{ inventory_hostname }}/{{ item.value.interface }}.ini"
backup: "true"
with_dict: "{{ container_networks|default({}) }}"
when:
- item.value.interface is defined
with_dict: container_networks|default({})
when: >
item.value.interface is defined
notify:
- Lxc container restart
delegate_to: "{{ physical_host }}"
@ -188,18 +170,15 @@
# Flush the handlers to ensure the container and networking is online.
- meta: flush_handlers
# Resets the container user's password using lxc_container because Python2.7
# may not be installed at this point.
- name: Force container user password set
lxc_container:
name: "{{ inventory_hostname }}"
container_command: |
getent passwd "{{ lxc_container_user_name }}" &&
echo "{{ lxc_container_user_name }}:{{ lxc_container_user_password }}" | chpasswd
delegate_to: "{{ physical_host }}"
no_log: True
- name: Wait for ssh to be available
local_action:
module: wait_for
port: "{{ ansible_ssh_port | default('22') }}"
host: "{{ ansible_ssh_host | default(inventory_hostname) }}"
search_regex: OpenSSH
delay: 1
tags:
- lxc-container-user-password-regen
- lxc-container-networks
- name: Install container proxy settings
template:

13
tasks/main.yml
View File

@ -13,10 +13,21 @@
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Gather variables for each operating system
include_vars: "{{ item }}"
with_first_found:
- "{{ hostvars[physical_host]['ansible_distribution'] | lower }}-{{ hostvars[physical_host]['ansible_distribution_version'] | lower }}.yml"
- "{{ hostvars[physical_host]['ansible_distribution'] | lower }}.yml"
- "{{ hostvars[physical_host]['ansible_os_family'] | lower }}-{{ hostvars[physical_host]['ansible_distribution_version'].split('.')[0] }}.yml"
- "{{ hostvars[physical_host]['ansible_os_family'] | lower }}.yml"
delegate_to: "{{ physical_host }}"
tags:
- always
- include: container_create.yml
when:
- physical_host is defined
- inventory_hostname is defined
- physical_host != inventory_hostname
tags:
- lxc-container
- lxc-container

9
tests/group_vars/all_containers.yml
View File

@ -15,6 +15,7 @@
ansible_ssh_host: "{{ ansible_host }}"
container_name: "{{ inventory_hostname }}"
container_networks:
management_address:
address: "{{ ansible_host }}"
@ -22,6 +23,14 @@ container_networks:
interface: "eth1"
netmask: "255.255.252.0"
type: "veth"
static_routes:
- cidr: 10.100.100.0/24
gateway: 10.100.100.1
physical_host: localhost
properties:
service_name: "{{ inventory_hostname }}"
global_environment_variables:
PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

2
tests/inventory
View File

@ -5,4 +5,4 @@ container2 ansible_host=10.100.100.3 ansible_become=True ansible_user=root
[all_containers]
container1
container2
container2

2
tests/test-containers-functional.yml
View File

@ -46,4 +46,4 @@
that:
- "'/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games' in environment_content"
- "'http_proxy=http://someproxy.example.com' in environment_content"
- "'https_proxy=https://someproxy.example.com' in environment_content"
- "'https_proxy=https://someproxy.example.com' in environment_content"

21
tests/test-prepare-containers.yml
View File

@ -16,6 +16,27 @@
- name: Playbook for creating containers
hosts: all_containers
gather_facts: false
pre_tasks:
- name: Destroy test containers
lxc_container:
name: "{{ container_name }}"
state: "absent"
delegate_to: "{{ physical_host }}"
tags:
- container-destroy
- name: Destroy container service directories
file:
path: "{{ item }}"
state: "absent"
with_items:
- "/openstack/{{ container_name }}"
- "/openstack/backup/{{ container_name }}"
- "/openstack/log/{{ container_name }}"
- "/var/lib/lxc/{{ container_name }}"
- "{{ lxc_container_directory|default('/var/lib/lxc') }}/{{ container_name }}"
delegate_to: "{{ physical_host }}"
tags:
- container-directories
roles:
- role: "{{ rolename | basename }}"
lxc_container_release: trusty

23
tests/test-prepare-host.yml
View File

@ -37,16 +37,32 @@
set_fact:
lxc_container_cache_files:
- { src: '/etc/pip.conf', dest: '/etc/pip.conf' }
when:
- nodepool.stat.exists | bool
- name: Set a fact for file to disable GPG signature checking of apt sources for OpenStack-CI instances
set_fact:
apt_disable_gpg_checking:
- { src: '/etc/apt/apt.conf.d/99unauthenticated', dest: '/etc/apt/apt.conf.d/99unauthenticated' }
when: nodepool.stat.exists | bool
when:
- nodepool.stat.exists | bool
- ansible_pkg_mgr == 'apt'
- name: Update the files to copy into the container cache for OpenStack-CI instances
set_fact:
lxc_container_cache_files:
"{{ lxc_container_cache_files + apt_disable_gpg_checking }}"
when:
- nodepool.stat.exists | bool
- ansible_pkg_mgr == 'apt'
- name: Determine the existing Ubuntu repo configuration
shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list'
register: ubuntu_repo
changed_when: false
when: ansible_os_family == 'Debian'
- name: Set apt repo facts based on discovered information
set_fact:
lxc_container_template_main_apt_repo: "{{ ubuntu_repo.stdout }}"
lxc_container_template_security_apt_rep: "{{ ubuntu_repo.stdout }}"
when: ansible_os_family == 'Debian'
roles:
- role: "lxc_hosts"
lxc_net_address: 10.100.100.1
@ -54,8 +70,3 @@
lxc_net_bridge: lxcbr0
lxc_kernel_options:
- { key: 'fs.inotify.max_user_instances', value: 1024 }
lxc_container_caches:
- url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz"
name: "trusty.tgz"
sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c"
chroot_path: trusty/rootfs-amd64

1
tox.ini
View File

@ -118,6 +118,7 @@ commands =
--force
ansible-playbook -i {toxinidir}/tests/inventory \
-e "rolename={toxinidir}" \
-vv \
{toxinidir}/tests/test.yml

60
vars/redhat-7.yml Normal file
View File

@ -0,0 +1,60 @@
---
# Note this is a used in an iterable and requires the <item.value.interface> variable
# The container interface variable is a a default object that assume the
# Ansible iterator type is `with_dict`.
lxc_container_interface: |
### start generated network for [ {{ item.value.interface }} ] ###
DEVICE={{ item.value.interface }}
BOOTPROTO=none
ONBOOT=yes
NM_CONTROLLED=no
TYPE=Ethernet
{% if item.value.address is defined %}
IPADDR={{ item.value.address }}
NETMASK={{ item.value.netmask }}
{% if item.value.gateway is defined %}
GATEWAY={{ item.value.gateway }}
{% endif %}
{% endif %}
MTU={{ item.value.mtu|default(lxc_container_default_mtu) }}
DELAY=0
### end generated network for [ {{ item.value.interface }} ] ###
# Default interface file
lxc_container_default_interfaces: |
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
NM_CONTROLLED=no
TYPE=Ethernet
lxc_container_default_route_interfaces:
route_file: "/etc/sysconfig/network-scripts/route-{{ item.value.interface }}"
route_setup: |
{% for route in item.value.static_routes %}
{{ route['cidr'] }} via {{ route['gateway'] }} dev {{ item.value.interface }}
{% endfor %}
# Note this is a used in an iterable and requires the <item.value.interface> variable
lxc_container_interface_target: "/etc/sysconfig/network-scripts/ifcfg-{{ item.value.interface }}"
lxc_container_map:
distro: centos
arch: amd64
release: 7
prep_commands: |
mkdir -p /var/backup
rm /etc/resolv.conf
{% for resolver in lxc_cache_resolvers %}
echo "{{ resolver }}" | tee -a /etc/resolv.conf
{% endfor %}
if [ -f "/usr/lib/systemd/system/poweroff.target" ];then
ln -sf /usr/lib/systemd/system/poweroff.target /etc/systemd/system/sigpwr.target || true
fi
ln -s /dev/null /etc/systemd/system/systemd-udevd.service || true
ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket || true
ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket || true
ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount || true
echo -e '{{ lxc_container_default_interfaces }}' | tee /etc/sysconfig/network-scripts/ifcfg-eth0
chage -I -1 -d -1 -m 0 -M 99999 -E -1 root

71
vars/ubuntu-14.04.yml Normal file
View File

@ -0,0 +1,71 @@
---
# Note this is a used in an iterable and requires the <item.value.interface> variable
# The container interface variable is a a default object that assume the
# Ansible iterator type is `with_dict`.
lxc_container_interface: |
### start generated network for [ {{ item.value.interface }} ] ###
auto {{ item.value.interface }}
{% if item.value.address is defined %}
iface {{ item.value.interface }} inet static
address {{ item.value.address }}
netmask {{ item.value.netmask }}
{% if item.value.gateway is defined %}
gateway {{ item.value.gateway }}
{% endif %}
mtu {{ item.value.mtu|default(lxc_container_default_mtu) }}
# needed to enable gratuitous arps on interface events
post-up sysctl -w net.ipv4.conf.$IFACE.arp_notify=1
# needed to force an interface event (setting mac to what it already is)
post-up ip link set $IFACE address $(cat /sys/class/net/$IFACE/address)
{% if item.value.static_routes is defined %}
{% for route in item.value.static_routes %}
post-up ip route add {{ route['cidr'] }} via {{ route['gateway'] }} || true
{% endfor %}
{% endif %}
{% else %}
iface {{ item.value.interface }} inet manual
{% endif %}
### end generated network for [ {{ item.value.interface }} ] ###
# Default interface file
lxc_container_default_interfaces: |
# The loopback network interface
auto lo
iface lo inet loopback
# LXC interface, this is ALWAYS assumed to be DHCP.
auto eth0
iface eth0 inet dhcp
# Load any additional configs
source /etc/network/interfaces.d/*.cfg
# Notice this is already resolved in the debian interface file
lxc_container_default_route_interfaces:
route_file: "/dev/null"
route_setup: "This is already resolved in the debian interface file"
# Note this is a used in an iterable and requires the <item.value.interface> variable
lxc_container_interface_target: "/etc/network/interfaces.d/{{ item.value.interface }}.cfg"
lxc_container_map:
distro: ubuntu
arch: amd64
release: trusty
prep_commands: |
mkdir -p /var/backup
echo '# Null Tail' | tee /etc/resolvconf/resolv.conf.d/tail
echo '# Null original' | tee /etc/resolvconf/resolv.conf.d/original
rm /etc/resolvconf/resolv.conf.d/base
{% for resolver in lxc_cache_resolvers %}
echo 'nameserver {{ resolver }}' | tee -a /etc/resolvconf/resolv.conf.d/base
{% endfor %}
if [ -f "/usr/lib/systemd/system/poweroff.target" ];then
ln -sf /usr/lib/systemd/system/poweroff.target /etc/systemd/system/sigpwr.target || true
fi
ln -s /dev/null /etc/systemd/system/systemd-udevd.service || true
ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket || true
ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket || true
ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount || true
echo -e '{{ lxc_container_default_interfaces }}' | tee /etc/network/interfaces
mkdir -p /etc/network/interfaces.d
chage -I -1 -d -1 -m 0 -M 99999 -E -1 root

71
vars/ubuntu-16.04.yml Normal file
View File

@ -0,0 +1,71 @@
---
# Note this is a used in an iterable and requires the <item.value.interface> variable
# The container interface variable is a a default object that assume the
# Ansible iterator type is `with_dict`.
lxc_container_interface: |
### start generated network for [ {{ item.value.interface }} ] ###
auto {{ item.value.interface }}
{% if item.value.address is defined %}
iface {{ item.value.interface }} inet static
address {{ item.value.address }}
netmask {{ item.value.netmask }}
{% if item.value.gateway is defined %}
gateway {{ item.value.gateway }}
{% endif %}
mtu {{ item.value.mtu|default(lxc_container_default_mtu) }}
# needed to enable gratuitous arps on interface events
post-up sysctl -w net.ipv4.conf.$IFACE.arp_notify=1
# needed to force an interface event (setting mac to what it already is)
post-up ip link set $IFACE address $(cat /sys/class/net/$IFACE/address)
{% if item.value.static_routes is defined %}
{% for route in item.value.static_routes %}
post-up ip route add {{ route['cidr'] }} via {{ route['gateway'] }} || true
{% endfor %}
{% endif %}
{% else %}
iface {{ item.value.interface }} inet manual
{% endif %}
### end generated network for [ {{ item.value.interface }} ] ###
# Default interface file
lxc_container_default_interfaces: |
# The loopback network interface
auto lo
iface lo inet loopback
# LXC interface, this is ALWAYS assumed to be DHCP.
auto eth0
iface eth0 inet dhcp
# Load any additional configs
source /etc/network/interfaces.d/*.cfg
# Notice this is already resolved in the debian interface file
lxc_container_default_route_interfaces:
route_file: "/dev/null"
route_setup: "This is already resolved in the debian interface file"
# Note this is a used in an iterable and requires the <item.value.interface> variable
lxc_container_interface_target: "/etc/network/interfaces.d/{{ item.value.interface }}.cfg"
lxc_container_map:
distro: ubuntu
arch: amd64
release: xenial
prep_commands: |
mkdir -p /var/backup
echo '# Null Tail' | tee /etc/resolvconf/resolv.conf.d/tail
echo '# Null original' | tee /etc/resolvconf/resolv.conf.d/original
rm /etc/resolvconf/resolv.conf.d/base
{% for resolver in lxc_cache_resolvers %}
echo 'nameserver {{ resolver }}' | tee -a /etc/resolvconf/resolv.conf.d/base
{% endfor %}
if [ -f "/usr/lib/systemd/system/poweroff.target" ];then
ln -sf /usr/lib/systemd/system/poweroff.target /etc/systemd/system/sigpwr.target || true
fi
ln -s /dev/null /etc/systemd/system/systemd-udevd.service || true
ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket || true
ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket || true
ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount || true
echo -e '{{ lxc_container_default_interfaces }}' | tee /etc/network/interfaces
mkdir -p /etc/network/interfaces.d
chage -I -1 -d -1 -m 0 -M 99999 -E -1 root