Add Bionic testing

Now that bionic testing is added into the tests repos, we can
start testing it in the repo.

Since bionic uses lxc >= 3, we need to make some adjustments to the role
to allow the role to work with both lxc > 3 and lxc < 3, there were
several config options changes which will impact on upgradeability.

LXC >= 3 requires networks to have an index, we can achieve this by
taking the network dict and converting it to a list, and using those to
generate the id "with_indexed_items".

Depends-On: https://review.openstack.org/#/c/566959/
Depends-On: https://review.openstack.org/#/c/567038/
Change-Id: Ib80c2ed2a01a4a6a8c48aed9bdf9a50e45ea9564
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>

defaults/main.yml

@@ -26,15 +26,6 @@ lxc_container_wait_params:
 
 
 lxc_container_config: /etc/lxc/lxc-openstack.conf
-lxc_container_default_config_list:
-  - "lxc.start.auto=1"
-  - "lxc.start.delay=15"
-  - "lxc.group=onboot"
-  - "lxc.group=openstack"
-  - "lxc.autodev=1"
-  - "lxc.pts=1024"
-  - "lxc.kmsg=0"
-  - "lxc.hook.autodev=/var/lib/lxc/{{ inventory_hostname }}/autodev"
 lxc_container_config_list: []
 lxc_container_commands: ""
 lxc_container_extra_commands: "{{ _lxc_container_extra_commands | default('echo noop') }}"
@@ -146,6 +137,9 @@ lxc_container_allow_restarts: yes
 
 lxc_container_network_veth_pair_prefix: "{{ inventory_hostname[-8:].replace('-', '').replace('_', '') }}"
 lxc_container_network_veth_pair: "{{ lxc_container_network_veth_pair_prefix }}_{{ item.value.interface }}"
+# In order to use "with_indexed_items" we need a specific var to reference item.1.interface
+# This is for the container-interface.ini.j2 template only.
+lxc_container_network_veth_pair_indexed: "{{ lxc_container_network_veth_pair_prefix }}_{{ item.1.interface }}"
 
 # A default set of container networks used within the LXC containers.
 lxc_container_networks:

tasks/lxc_container_config.yml

@@ -133,14 +133,16 @@
   with_items:
     - "{{ macs.results }}"
 
+# NOTE(andymccr): We need an index for the interfaces in LXC >= 3 converting
+#                 to a list and using with_indexed_items for this purpose.
 - name: LXC host config for container networks
   template:
     src: "container-interface.ini.j2"
-    dest: "/var/lib/lxc/{{ inventory_hostname }}/{{ item.value.interface }}.ini"
+    dest: "/var/lib/lxc/{{ inventory_hostname }}/{{ item.1.interface }}.ini"
     owner: "root"
     group: "root"
     mode: "0644"
-  with_dict: "{{ lxc_container_networks_combined }}"
+  with_indexed_items: "{{ lxc_container_networks_combined.values() | list }}"
   register: network_config
   delegate_to: "{{ physical_host }}"
 
@@ -181,7 +183,7 @@
   with_items:
     - "lxc.hook.pre-start = /var/lib/lxc/{{ inventory_hostname }}/veth-cleanup.sh"
     - "lxc.hook.post-stop = /var/lib/lxc/{{ inventory_hostname }}/veth-cleanup.sh"
-    - "lxc.haltsignal = SIGRTMIN+4"
+    - "{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary ('lxc.signal.halt', 'lxc.haltsignal') }} = SIGRTMIN+4"
   delegate_to: "{{ physical_host }}"
 
 - name: Run veth wiring

tasks/main.yml

@@ -13,6 +13,18 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: Pull lxc version
+  command: "lxc-ls --version"
+  changed_when: false
+  register: lxc_version
+  delegate_to: "{{ physical_host }}"
+  tags:
+    - skip_ansible_lint
+
+- name: Enable or Disable lxc three syntax
+  set_fact:
+    lxc_three_syntax: "{{ (lxc_version.stdout.split('.')[0] | int) >= 3 }}"
+
 - name: Allow the usage of local facts
   file:
     path: /etc/ansible/facts.d/

templates/container-interface.ini.j2

@@ -1,20 +1,22 @@
 # {{ ansible_managed }}
+{### For lxc > 3.0 use lxc.net.[i] otherwise use lxc.network #}
+{% set _lxc_net_var = (lxc_three_syntax | bool) | ternary ('lxc.net.' + ((item.0 | default(0)) | string),'lxc.network') %}
 
-# Create a veth pair within the container
-lxc.network.type = {{ item.value.type|default('veth') }}
+# Create a veth pair within the contaihostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04'ner
+{{ _lxc_net_var }}.type = {{ item.1.type|default('veth') }}
 # Network device within the container
-lxc.network.name = {{ item.value.interface }}
-{% if item.value.type is not defined or item.value.type == 'veth' %}
+{{ _lxc_net_var }}.name = {{ item.1.interface }}
+{% if item.1.type is not defined or item.1.type == 'veth' %}
 # Name the veth after the container
 # NOTE(major): The lxc.network.veth.pair line must appear right after
 # lxc.network.name or it will be ignored.
-lxc.network.veth.pair = {{ lxc_container_network_veth_pair[-15:] }}
+{{ _lxc_net_var }}.veth.pair = {{ lxc_container_network_veth_pair_indexed[-15:] }}
 {% endif %}
 # Host link to attach to, this should be a bridge if lxc.network.type = veth
-lxc.network.link = {{ item.value.bridge }}
+{{ _lxc_net_var }}.link = {{ item.1.bridge }}
 # Hardware Address
-lxc.network.hwaddr = {{ hostvars[inventory_hostname][item.value.interface + '_mac_address'] }}
+{{ _lxc_net_var }}.hwaddr = {{ hostvars[inventory_hostname][item.1.interface + '_mac_address'] }}
 # enable the device on boot
-lxc.network.flags = up
+{{ _lxc_net_var }}.flags = up
 # Set the container network MTU
-lxc.network.mtu = {{ item.value.mtu|default(lxc_container_default_mtu) }}
+{{ _lxc_net_var }}.mtu = {{ item.1.mtu|default(lxc_container_default_mtu) }}

tests/host_vars/container1.yml

@@ -3,7 +3,7 @@ ansible_host: 10.100.100.2
 ansible_become: True
 ansible_user: root
 lxc_container_config_list:
-  - "lxc.aa_profile=lxc-openstack"
+  - "{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary('lxc.apparmor.profile', 'lxc.aa_profile') }}=lxc-openstack"
   - "lxc.mount.entry=/openstack/{{ inventory_hostname }} opt/test1 none bind,create=dir 0 0"
 
 lxc_container_commands: |

tests/host_vars/container2.yml

@@ -4,4 +4,4 @@ ansible_become: True
 ansible_user: root
 lxc_container_config_list:
   # The unconfined profile is causing problems with overlayfs. See https://bugs.launchpad.net/openstack-ansible/+bug/1612412
-  - "lxc.aa_profile={{ (lxc_container_backing_store == 'overlayfs') | ternary('lxc-openstack', 'unconfined') }}"
+  - "{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary('lxc.apparmor.profile', 'lxc.aa_profile') }}={{ (lxc_container_backing_store == 'overlayfs') | ternary('lxc-openstack', 'unconfined') }}"

tests/test-containers-functional.yml

@@ -36,22 +36,22 @@
           - lxc_container_list.stdout | search("container2\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\s+)*10.100.100.3(,\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})*\s+")
           - lxc_container_list.stdout | search("container3\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\s+)*10.100.100.4(,\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})*\s+")
 
-    - name: Check for the presence of the right aa_profile for container1
-      command: grep "^lxc.aa_profile = lxc-openstack$" /var/lib/lxc/container1/config
+    - name: Check for the presence of the right app armor profile for container1
+      command: grep "^{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary('lxc.apparmor.profile', 'lxc.aa_profile') }} = lxc-openstack$" /var/lib/lxc/container1/config
       register: container1_profile
       failed_when: container1_profile.rc != 0
       tags:
         - skip_ansible_lint
 
-    - name: Check for the presence of the right aa_profile for container2
-      command: "grep -E '^lxc.aa_profile = {{ (lxc_container_backing_store == 'overlayfs') | ternary('lxc-openstack', 'unconfined') }}$' /var/lib/lxc/container2/config"
+    - name: Check for the presence of the right app armor profile for container2
+      command: "grep -E '^{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary('lxc.apparmor.profile', 'lxc.aa_profile') }} = {{ (lxc_container_backing_store == 'overlayfs') | ternary('lxc-openstack', 'unconfined') }}$' /var/lib/lxc/container2/config"
       register: container2_profile
       failed_when: container2_profile.rc != 0
       tags:
         - skip_ansible_lint
 
     - name: Check for the lack of presence of an aa_profile for container3
-      command: grep "lxc.aa_profile" /var/lib/lxc/container3/config
+      command: grep "{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary('lxc.apparmor.profile', 'lxc.aa_profile') }}" /var/lib/lxc/container3/config
       register: container3_profile
       failed_when: container3_profile.rc == 0
       tags:

vars/redhat-7.yml

@@ -25,6 +25,16 @@ lxc_container_map:
   arch: amd64
   release: 7
 
+lxc_container_default_config_list:
+  - "lxc.start.auto=1"
+  - "lxc.start.delay=15"
+  - "lxc.group=onboot"
+  - "lxc.group=openstack"
+  - "lxc.autodev=1"
+  - "lxc.pts=1024"
+  - "lxc.kmsg=0"
+  - "lxc.hook.autodev=/var/lib/lxc/{{ inventory_hostname }}/autodev"
+
 ### REMOVE IN "S"
 # The networkd commands are executed within the container but using the host
 # network namespace. Remove this once systemd-networkd is part of the base

vars/suse-42.yml

@@ -32,6 +32,16 @@ lxc_container_map:
   arch: amd64
   release: "42.3"
 
+lxc_container_default_config_list:
+  - "lxc.start.auto=1"
+  - "lxc.start.delay=15"
+  - "lxc.group=onboot"
+  - "lxc.group=openstack"
+  - "lxc.autodev=1"
+  - "lxc.pts=1024"
+  - "lxc.kmsg=0"
+  - "lxc.hook.autodev=/var/lib/lxc/{{ inventory_hostname }}/autodev"
+
 ### REMOVE IN "S"
 # The machine-id is not removed in the base container. Remove the machine-id
 # command when the base container no longer has a stored id.

vars/ubuntu-16.04.yml

@@ -25,6 +25,16 @@ lxc_container_map:
   arch: "{{ lxc_architecture_mapping.get( hostvars[physical_host]['ansible_architecture'] | lower ) }}"
   release: xenial
 
+lxc_container_default_config_list:
+  - "lxc.start.auto=1"
+  - "lxc.start.delay=15"
+  - "lxc.group=onboot"
+  - "lxc.group=openstack"
+  - "lxc.autodev=1"
+  - "lxc.pts=1024"
+  - "lxc.kmsg=0"
+  - "lxc.hook.autodev=/var/lib/lxc/{{ inventory_hostname }}/autodev"
+
 ### REMOVE IN "S"
 # DBUS is not guarenteeded to be part of the base image. This installs the
 # requirement. Once DBUS is a built in dependency remove this.

vars/ubuntu-18.04.yml

@@ -0,0 +1,47 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# TODO: COnfigure with networkd or the other system.
+lxc_container_default_route_interfaces: "/etc/network/interfaces.d/{{ item.value.interface }}.cfg"
+lxc_container_interface_target: "/etc/network/interfaces.d/{{ item.value.interface }}.cfg"
+lxc_container_default_interface: "/etc/network/interfaces"
+
+lxc_container_map:
+  distro: ubuntu
+  arch: "{{ lxc_architecture_mapping.get( hostvars[physical_host]['ansible_architecture'] | lower ) }}"
+  release: bionic
+
+lxc_container_default_config_list:
+  - "lxc.start.auto=1"
+  - "lxc.start.delay=15"
+  - "lxc.group=onboot"
+  - "lxc.group=openstack"
+  - "lxc.autodev=1"
+  - "lxc.pty.max=1024"
+  - "lxc.hook.autodev=/var/lib/lxc/{{ inventory_hostname }}/autodev"
+
+### REMOVE IN "S"
+# DBUS is not guarenteeded to be part of the base image. This installs the
+# requirement. Once DBUS is a built in dependency remove this.
+# systemd-resolved is not setup in the base image, once we can ensure that all
+# deployments have this service setup the systemd-resolved lines can be removed.
+_lxc_container_extra_commands: |
+  apt-get update
+  apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes dbus
+  for action in disable mask; do
+    systemctl ${action} resolvconf.service || true
+    systemctl ${action} systemd-networkd-resolvconf-update.path || true
+    systemctl ${action} systemd-networkd-resolvconf-update.service || true
+  done

zuul.d/jobs.yaml

@@ -20,6 +20,13 @@
     vars:
       tox_env: dir
 
+- job:
+    name: openstack-ansible-dir-ubuntu-bionic
+    parent: openstack-ansible-functional
+    nodeset: ubuntu-bionic
+    vars:
+      tox_env: dir
+
 - job:
     name: openstack-ansible-dir-centos-7
     parent: openstack-ansible-functional

zuul.d/project.yaml

@@ -16,9 +16,10 @@
     check:
       jobs:
         - openstack-ansible-linters
-        - openstack-ansible-dir-ubuntu-xenial
         - openstack-ansible-dir-centos-7
         - openstack-ansible-dir-opensuse-423
+        - openstack-ansible-dir-ubuntu-bionic
+        - openstack-ansible-dir-ubuntu-xenial
         - openstack-ansible-btrfs-ubuntu-xenial
         - openstack-ansible-btrfs-centos-7
         - openstack-ansible-btrfs-opensuse-423
@@ -35,6 +36,7 @@
     gate:
       jobs:
         - openstack-ansible-linters
-        - openstack-ansible-dir-ubuntu-xenial
         - openstack-ansible-dir-centos-7
         - openstack-ansible-dir-opensuse-423
+        - openstack-ansible-dir-ubuntu-bionic
+        - openstack-ansible-dir-ubuntu-xenial