Add Bionic testing
Now that bionic testing is added into the tests repos, we can start testing it in the repo. Since bionic uses lxc >= 3, we need to make some adjustments to the role to allow the role to work with both lxc > 3 and lxc < 3, there were several config options changes which will impact on upgradeability. LXC >= 3 requires networks to have an index, we can achieve this by taking the network dict and converting it to a list, and using those to generate the id "with_indexed_items". Depends-On: https://review.openstack.org/#/c/566959/ Depends-On: https://review.openstack.org/#/c/567038/ Change-Id: Ib80c2ed2a01a4a6a8c48aed9bdf9a50e45ea9564 Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
parent
3b1b5a34bf
commit
62eff6ca2a
|
@ -26,15 +26,6 @@ lxc_container_wait_params:
|
||||||
|
|
||||||
|
|
||||||
lxc_container_config: /etc/lxc/lxc-openstack.conf
|
lxc_container_config: /etc/lxc/lxc-openstack.conf
|
||||||
lxc_container_default_config_list:
|
|
||||||
- "lxc.start.auto=1"
|
|
||||||
- "lxc.start.delay=15"
|
|
||||||
- "lxc.group=onboot"
|
|
||||||
- "lxc.group=openstack"
|
|
||||||
- "lxc.autodev=1"
|
|
||||||
- "lxc.pts=1024"
|
|
||||||
- "lxc.kmsg=0"
|
|
||||||
- "lxc.hook.autodev=/var/lib/lxc/{{ inventory_hostname }}/autodev"
|
|
||||||
lxc_container_config_list: []
|
lxc_container_config_list: []
|
||||||
lxc_container_commands: ""
|
lxc_container_commands: ""
|
||||||
lxc_container_extra_commands: "{{ _lxc_container_extra_commands | default('echo noop') }}"
|
lxc_container_extra_commands: "{{ _lxc_container_extra_commands | default('echo noop') }}"
|
||||||
|
@ -146,6 +137,9 @@ lxc_container_allow_restarts: yes
|
||||||
|
|
||||||
lxc_container_network_veth_pair_prefix: "{{ inventory_hostname[-8:].replace('-', '').replace('_', '') }}"
|
lxc_container_network_veth_pair_prefix: "{{ inventory_hostname[-8:].replace('-', '').replace('_', '') }}"
|
||||||
lxc_container_network_veth_pair: "{{ lxc_container_network_veth_pair_prefix }}_{{ item.value.interface }}"
|
lxc_container_network_veth_pair: "{{ lxc_container_network_veth_pair_prefix }}_{{ item.value.interface }}"
|
||||||
|
# In order to use "with_indexed_items" we need a specific var to reference item.1.interface
|
||||||
|
# This is for the container-interface.ini.j2 template only.
|
||||||
|
lxc_container_network_veth_pair_indexed: "{{ lxc_container_network_veth_pair_prefix }}_{{ item.1.interface }}"
|
||||||
|
|
||||||
# A default set of container networks used within the LXC containers.
|
# A default set of container networks used within the LXC containers.
|
||||||
lxc_container_networks:
|
lxc_container_networks:
|
||||||
|
|
|
@ -133,14 +133,16 @@
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ macs.results }}"
|
- "{{ macs.results }}"
|
||||||
|
|
||||||
|
# NOTE(andymccr): We need an index for the interfaces in LXC >= 3 converting
|
||||||
|
# to a list and using with_indexed_items for this purpose.
|
||||||
- name: LXC host config for container networks
|
- name: LXC host config for container networks
|
||||||
template:
|
template:
|
||||||
src: "container-interface.ini.j2"
|
src: "container-interface.ini.j2"
|
||||||
dest: "/var/lib/lxc/{{ inventory_hostname }}/{{ item.value.interface }}.ini"
|
dest: "/var/lib/lxc/{{ inventory_hostname }}/{{ item.1.interface }}.ini"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
group: "root"
|
group: "root"
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
with_dict: "{{ lxc_container_networks_combined }}"
|
with_indexed_items: "{{ lxc_container_networks_combined.values() | list }}"
|
||||||
register: network_config
|
register: network_config
|
||||||
delegate_to: "{{ physical_host }}"
|
delegate_to: "{{ physical_host }}"
|
||||||
|
|
||||||
|
@ -181,7 +183,7 @@
|
||||||
with_items:
|
with_items:
|
||||||
- "lxc.hook.pre-start = /var/lib/lxc/{{ inventory_hostname }}/veth-cleanup.sh"
|
- "lxc.hook.pre-start = /var/lib/lxc/{{ inventory_hostname }}/veth-cleanup.sh"
|
||||||
- "lxc.hook.post-stop = /var/lib/lxc/{{ inventory_hostname }}/veth-cleanup.sh"
|
- "lxc.hook.post-stop = /var/lib/lxc/{{ inventory_hostname }}/veth-cleanup.sh"
|
||||||
- "lxc.haltsignal = SIGRTMIN+4"
|
- "{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary ('lxc.signal.halt', 'lxc.haltsignal') }} = SIGRTMIN+4"
|
||||||
delegate_to: "{{ physical_host }}"
|
delegate_to: "{{ physical_host }}"
|
||||||
|
|
||||||
- name: Run veth wiring
|
- name: Run veth wiring
|
||||||
|
|
|
@ -13,6 +13,18 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Pull lxc version
|
||||||
|
command: "lxc-ls --version"
|
||||||
|
changed_when: false
|
||||||
|
register: lxc_version
|
||||||
|
delegate_to: "{{ physical_host }}"
|
||||||
|
tags:
|
||||||
|
- skip_ansible_lint
|
||||||
|
|
||||||
|
- name: Enable or Disable lxc three syntax
|
||||||
|
set_fact:
|
||||||
|
lxc_three_syntax: "{{ (lxc_version.stdout.split('.')[0] | int) >= 3 }}"
|
||||||
|
|
||||||
- name: Allow the usage of local facts
|
- name: Allow the usage of local facts
|
||||||
file:
|
file:
|
||||||
path: /etc/ansible/facts.d/
|
path: /etc/ansible/facts.d/
|
||||||
|
|
|
@ -1,20 +1,22 @@
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
|
{### For lxc > 3.0 use lxc.net.[i] otherwise use lxc.network #}
|
||||||
|
{% set _lxc_net_var = (lxc_three_syntax | bool) | ternary ('lxc.net.' + ((item.0 | default(0)) | string),'lxc.network') %}
|
||||||
|
|
||||||
# Create a veth pair within the container
|
# Create a veth pair within the contaihostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04'ner
|
||||||
lxc.network.type = {{ item.value.type|default('veth') }}
|
{{ _lxc_net_var }}.type = {{ item.1.type|default('veth') }}
|
||||||
# Network device within the container
|
# Network device within the container
|
||||||
lxc.network.name = {{ item.value.interface }}
|
{{ _lxc_net_var }}.name = {{ item.1.interface }}
|
||||||
{% if item.value.type is not defined or item.value.type == 'veth' %}
|
{% if item.1.type is not defined or item.1.type == 'veth' %}
|
||||||
# Name the veth after the container
|
# Name the veth after the container
|
||||||
# NOTE(major): The lxc.network.veth.pair line must appear right after
|
# NOTE(major): The lxc.network.veth.pair line must appear right after
|
||||||
# lxc.network.name or it will be ignored.
|
# lxc.network.name or it will be ignored.
|
||||||
lxc.network.veth.pair = {{ lxc_container_network_veth_pair[-15:] }}
|
{{ _lxc_net_var }}.veth.pair = {{ lxc_container_network_veth_pair_indexed[-15:] }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
# Host link to attach to, this should be a bridge if lxc.network.type = veth
|
# Host link to attach to, this should be a bridge if lxc.network.type = veth
|
||||||
lxc.network.link = {{ item.value.bridge }}
|
{{ _lxc_net_var }}.link = {{ item.1.bridge }}
|
||||||
# Hardware Address
|
# Hardware Address
|
||||||
lxc.network.hwaddr = {{ hostvars[inventory_hostname][item.value.interface + '_mac_address'] }}
|
{{ _lxc_net_var }}.hwaddr = {{ hostvars[inventory_hostname][item.1.interface + '_mac_address'] }}
|
||||||
# enable the device on boot
|
# enable the device on boot
|
||||||
lxc.network.flags = up
|
{{ _lxc_net_var }}.flags = up
|
||||||
# Set the container network MTU
|
# Set the container network MTU
|
||||||
lxc.network.mtu = {{ item.value.mtu|default(lxc_container_default_mtu) }}
|
{{ _lxc_net_var }}.mtu = {{ item.1.mtu|default(lxc_container_default_mtu) }}
|
||||||
|
|
|
@ -3,7 +3,7 @@ ansible_host: 10.100.100.2
|
||||||
ansible_become: True
|
ansible_become: True
|
||||||
ansible_user: root
|
ansible_user: root
|
||||||
lxc_container_config_list:
|
lxc_container_config_list:
|
||||||
- "lxc.aa_profile=lxc-openstack"
|
- "{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary('lxc.apparmor.profile', 'lxc.aa_profile') }}=lxc-openstack"
|
||||||
- "lxc.mount.entry=/openstack/{{ inventory_hostname }} opt/test1 none bind,create=dir 0 0"
|
- "lxc.mount.entry=/openstack/{{ inventory_hostname }} opt/test1 none bind,create=dir 0 0"
|
||||||
|
|
||||||
lxc_container_commands: |
|
lxc_container_commands: |
|
||||||
|
|
|
@ -4,4 +4,4 @@ ansible_become: True
|
||||||
ansible_user: root
|
ansible_user: root
|
||||||
lxc_container_config_list:
|
lxc_container_config_list:
|
||||||
# The unconfined profile is causing problems with overlayfs. See https://bugs.launchpad.net/openstack-ansible/+bug/1612412
|
# The unconfined profile is causing problems with overlayfs. See https://bugs.launchpad.net/openstack-ansible/+bug/1612412
|
||||||
- "lxc.aa_profile={{ (lxc_container_backing_store == 'overlayfs') | ternary('lxc-openstack', 'unconfined') }}"
|
- "{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary('lxc.apparmor.profile', 'lxc.aa_profile') }}={{ (lxc_container_backing_store == 'overlayfs') | ternary('lxc-openstack', 'unconfined') }}"
|
||||||
|
|
|
@ -36,22 +36,22 @@
|
||||||
- lxc_container_list.stdout | search("container2\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\s+)*10.100.100.3(,\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})*\s+")
|
- lxc_container_list.stdout | search("container2\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\s+)*10.100.100.3(,\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})*\s+")
|
||||||
- lxc_container_list.stdout | search("container3\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\s+)*10.100.100.4(,\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})*\s+")
|
- lxc_container_list.stdout | search("container3\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\s+)*10.100.100.4(,\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})*\s+")
|
||||||
|
|
||||||
- name: Check for the presence of the right aa_profile for container1
|
- name: Check for the presence of the right app armor profile for container1
|
||||||
command: grep "^lxc.aa_profile = lxc-openstack$" /var/lib/lxc/container1/config
|
command: grep "^{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary('lxc.apparmor.profile', 'lxc.aa_profile') }} = lxc-openstack$" /var/lib/lxc/container1/config
|
||||||
register: container1_profile
|
register: container1_profile
|
||||||
failed_when: container1_profile.rc != 0
|
failed_when: container1_profile.rc != 0
|
||||||
tags:
|
tags:
|
||||||
- skip_ansible_lint
|
- skip_ansible_lint
|
||||||
|
|
||||||
- name: Check for the presence of the right aa_profile for container2
|
- name: Check for the presence of the right app armor profile for container2
|
||||||
command: "grep -E '^lxc.aa_profile = {{ (lxc_container_backing_store == 'overlayfs') | ternary('lxc-openstack', 'unconfined') }}$' /var/lib/lxc/container2/config"
|
command: "grep -E '^{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary('lxc.apparmor.profile', 'lxc.aa_profile') }} = {{ (lxc_container_backing_store == 'overlayfs') | ternary('lxc-openstack', 'unconfined') }}$' /var/lib/lxc/container2/config"
|
||||||
register: container2_profile
|
register: container2_profile
|
||||||
failed_when: container2_profile.rc != 0
|
failed_when: container2_profile.rc != 0
|
||||||
tags:
|
tags:
|
||||||
- skip_ansible_lint
|
- skip_ansible_lint
|
||||||
|
|
||||||
- name: Check for the lack of presence of an aa_profile for container3
|
- name: Check for the lack of presence of an aa_profile for container3
|
||||||
command: grep "lxc.aa_profile" /var/lib/lxc/container3/config
|
command: grep "{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary('lxc.apparmor.profile', 'lxc.aa_profile') }}" /var/lib/lxc/container3/config
|
||||||
register: container3_profile
|
register: container3_profile
|
||||||
failed_when: container3_profile.rc == 0
|
failed_when: container3_profile.rc == 0
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -25,6 +25,16 @@ lxc_container_map:
|
||||||
arch: amd64
|
arch: amd64
|
||||||
release: 7
|
release: 7
|
||||||
|
|
||||||
|
lxc_container_default_config_list:
|
||||||
|
- "lxc.start.auto=1"
|
||||||
|
- "lxc.start.delay=15"
|
||||||
|
- "lxc.group=onboot"
|
||||||
|
- "lxc.group=openstack"
|
||||||
|
- "lxc.autodev=1"
|
||||||
|
- "lxc.pts=1024"
|
||||||
|
- "lxc.kmsg=0"
|
||||||
|
- "lxc.hook.autodev=/var/lib/lxc/{{ inventory_hostname }}/autodev"
|
||||||
|
|
||||||
### REMOVE IN "S"
|
### REMOVE IN "S"
|
||||||
# The networkd commands are executed within the container but using the host
|
# The networkd commands are executed within the container but using the host
|
||||||
# network namespace. Remove this once systemd-networkd is part of the base
|
# network namespace. Remove this once systemd-networkd is part of the base
|
||||||
|
|
|
@ -32,6 +32,16 @@ lxc_container_map:
|
||||||
arch: amd64
|
arch: amd64
|
||||||
release: "42.3"
|
release: "42.3"
|
||||||
|
|
||||||
|
lxc_container_default_config_list:
|
||||||
|
- "lxc.start.auto=1"
|
||||||
|
- "lxc.start.delay=15"
|
||||||
|
- "lxc.group=onboot"
|
||||||
|
- "lxc.group=openstack"
|
||||||
|
- "lxc.autodev=1"
|
||||||
|
- "lxc.pts=1024"
|
||||||
|
- "lxc.kmsg=0"
|
||||||
|
- "lxc.hook.autodev=/var/lib/lxc/{{ inventory_hostname }}/autodev"
|
||||||
|
|
||||||
### REMOVE IN "S"
|
### REMOVE IN "S"
|
||||||
# The machine-id is not removed in the base container. Remove the machine-id
|
# The machine-id is not removed in the base container. Remove the machine-id
|
||||||
# command when the base container no longer has a stored id.
|
# command when the base container no longer has a stored id.
|
||||||
|
|
|
@ -25,6 +25,16 @@ lxc_container_map:
|
||||||
arch: "{{ lxc_architecture_mapping.get( hostvars[physical_host]['ansible_architecture'] | lower ) }}"
|
arch: "{{ lxc_architecture_mapping.get( hostvars[physical_host]['ansible_architecture'] | lower ) }}"
|
||||||
release: xenial
|
release: xenial
|
||||||
|
|
||||||
|
lxc_container_default_config_list:
|
||||||
|
- "lxc.start.auto=1"
|
||||||
|
- "lxc.start.delay=15"
|
||||||
|
- "lxc.group=onboot"
|
||||||
|
- "lxc.group=openstack"
|
||||||
|
- "lxc.autodev=1"
|
||||||
|
- "lxc.pts=1024"
|
||||||
|
- "lxc.kmsg=0"
|
||||||
|
- "lxc.hook.autodev=/var/lib/lxc/{{ inventory_hostname }}/autodev"
|
||||||
|
|
||||||
### REMOVE IN "S"
|
### REMOVE IN "S"
|
||||||
# DBUS is not guarenteeded to be part of the base image. This installs the
|
# DBUS is not guarenteeded to be part of the base image. This installs the
|
||||||
# requirement. Once DBUS is a built in dependency remove this.
|
# requirement. Once DBUS is a built in dependency remove this.
|
||||||
|
|
|
@ -0,0 +1,47 @@
|
||||||
|
---
|
||||||
|
# Copyright 2016, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
# TODO: COnfigure with networkd or the other system.
|
||||||
|
lxc_container_default_route_interfaces: "/etc/network/interfaces.d/{{ item.value.interface }}.cfg"
|
||||||
|
lxc_container_interface_target: "/etc/network/interfaces.d/{{ item.value.interface }}.cfg"
|
||||||
|
lxc_container_default_interface: "/etc/network/interfaces"
|
||||||
|
|
||||||
|
lxc_container_map:
|
||||||
|
distro: ubuntu
|
||||||
|
arch: "{{ lxc_architecture_mapping.get( hostvars[physical_host]['ansible_architecture'] | lower ) }}"
|
||||||
|
release: bionic
|
||||||
|
|
||||||
|
lxc_container_default_config_list:
|
||||||
|
- "lxc.start.auto=1"
|
||||||
|
- "lxc.start.delay=15"
|
||||||
|
- "lxc.group=onboot"
|
||||||
|
- "lxc.group=openstack"
|
||||||
|
- "lxc.autodev=1"
|
||||||
|
- "lxc.pty.max=1024"
|
||||||
|
- "lxc.hook.autodev=/var/lib/lxc/{{ inventory_hostname }}/autodev"
|
||||||
|
|
||||||
|
### REMOVE IN "S"
|
||||||
|
# DBUS is not guarenteeded to be part of the base image. This installs the
|
||||||
|
# requirement. Once DBUS is a built in dependency remove this.
|
||||||
|
# systemd-resolved is not setup in the base image, once we can ensure that all
|
||||||
|
# deployments have this service setup the systemd-resolved lines can be removed.
|
||||||
|
_lxc_container_extra_commands: |
|
||||||
|
apt-get update
|
||||||
|
apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes dbus
|
||||||
|
for action in disable mask; do
|
||||||
|
systemctl ${action} resolvconf.service || true
|
||||||
|
systemctl ${action} systemd-networkd-resolvconf-update.path || true
|
||||||
|
systemctl ${action} systemd-networkd-resolvconf-update.service || true
|
||||||
|
done
|
|
@ -20,6 +20,13 @@
|
||||||
vars:
|
vars:
|
||||||
tox_env: dir
|
tox_env: dir
|
||||||
|
|
||||||
|
- job:
|
||||||
|
name: openstack-ansible-dir-ubuntu-bionic
|
||||||
|
parent: openstack-ansible-functional
|
||||||
|
nodeset: ubuntu-bionic
|
||||||
|
vars:
|
||||||
|
tox_env: dir
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
name: openstack-ansible-dir-centos-7
|
name: openstack-ansible-dir-centos-7
|
||||||
parent: openstack-ansible-functional
|
parent: openstack-ansible-functional
|
||||||
|
|
|
@ -16,9 +16,10 @@
|
||||||
check:
|
check:
|
||||||
jobs:
|
jobs:
|
||||||
- openstack-ansible-linters
|
- openstack-ansible-linters
|
||||||
- openstack-ansible-dir-ubuntu-xenial
|
|
||||||
- openstack-ansible-dir-centos-7
|
- openstack-ansible-dir-centos-7
|
||||||
- openstack-ansible-dir-opensuse-423
|
- openstack-ansible-dir-opensuse-423
|
||||||
|
- openstack-ansible-dir-ubuntu-bionic
|
||||||
|
- openstack-ansible-dir-ubuntu-xenial
|
||||||
- openstack-ansible-btrfs-ubuntu-xenial
|
- openstack-ansible-btrfs-ubuntu-xenial
|
||||||
- openstack-ansible-btrfs-centos-7
|
- openstack-ansible-btrfs-centos-7
|
||||||
- openstack-ansible-btrfs-opensuse-423
|
- openstack-ansible-btrfs-opensuse-423
|
||||||
|
@ -35,6 +36,7 @@
|
||||||
gate:
|
gate:
|
||||||
jobs:
|
jobs:
|
||||||
- openstack-ansible-linters
|
- openstack-ansible-linters
|
||||||
- openstack-ansible-dir-ubuntu-xenial
|
|
||||||
- openstack-ansible-dir-centos-7
|
- openstack-ansible-dir-centos-7
|
||||||
- openstack-ansible-dir-opensuse-423
|
- openstack-ansible-dir-opensuse-423
|
||||||
|
- openstack-ansible-dir-ubuntu-bionic
|
||||||
|
- openstack-ansible-dir-ubuntu-xenial
|
||||||
|
|
Loading…
Reference in New Issue