From 0c16334a2c34509f1fd60cc56e15f6f035c8a20a Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Mon, 2 May 2016 08:56:32 -0500 Subject: [PATCH] updated for lxc-container-create for multi-distro support This change updates the lxc-container-create role to build lxc containers using the download template. The build supports ubuntu 14.04/16.04 and RedHat/CentOS 7 using the multi-distro framework. This change is incorporating updates built into the lxc_hosts role. Once merged this should unblock all work geared toward multi-distro support and testing. The testing structure has been updated to match what is being done in other roles. A new file was created "manual-tests.rc" which assists in manual testing by exporting the needed environment variables to run the role tests without requiring everything to run through tox which has undesirable side-effects when running tests that span multiple roles. Change-Id: Iee304dd026e0865e0444259d2132122233d90f5f Depends-On: Ie13be2322d28178760481c59805101d6aeef4f36 Co-Authored-By: Jesse Pretorius Signed-off-by: Kevin Carter --- CONTRIBUTING.rst | 28 +++--- README.rst | 12 +-- defaults/main.yml | 77 ++++++---------- doc/source/index.rst | 1 - manual-tests.rc | 22 +++++ meta/main.yml | 6 +- other-requirements.txt | 10 ++- ...ntainer-multi-distro-f495f73951fafd1a.yaml | 29 ++++++ run_tests.sh | 10 ++- tasks/container_create.yml | 89 +++++++------------ tasks/main.yml | 13 ++- tests/group_vars/all_containers.yml | 9 ++ tests/inventory | 2 +- tests/test-containers-functional.yml | 2 +- tests/test-prepare-containers.yml | 21 +++++ tests/test-prepare-host.yml | 23 +++-- tox.ini | 1 + vars/redhat-7.yml | 60 +++++++++++++ vars/ubuntu-14.04.yml | 71 +++++++++++++++ vars/ubuntu-16.04.yml | 71 +++++++++++++++ 20 files changed, 417 insertions(+), 140 deletions(-) create mode 100644 manual-tests.rc create mode 100644 releasenotes/notes/lxc-container-multi-distro-f495f73951fafd1a.yaml create mode 100644 vars/redhat-7.yml create mode 100644 vars/ubuntu-14.04.yml create mode 100644 vars/ubuntu-16.04.yml diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index dfda98a..3a71c37 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -16,7 +16,8 @@ When submitting a bug, or working on a bug, please ensure the following criteria * The description clearly states or describes the original problem or root cause of the problem. * Include historical information on how the problem was identified. * Any relevant logs are included. - * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * The provided information should be totally self-contained. External access to web + services/sites should not be needed. * Steps to reproduce the problem if possible. @@ -32,20 +33,24 @@ Pull requests submitted through GitHub will be ignored and closed without regard Extra ----- -Tags: - If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a + '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined + tags that will autocomplete. Status: Please leave this alone, it should be New till someone triages the issue. Importance: - Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only + use Critical if you have found a bug that can take down whole infrastructures. Style guide ----------- -When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. +When creating tasks and other roles for use in Ansible please create them using the YAML dictionary +format. Example YAML dictionary format: .. code-block:: yaml @@ -69,17 +74,20 @@ Example **NOT** in YAML dictionary format: - some-other-tag -Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules +such as the ansible ``shell`` module. Issues ------ -When submitting an issue, or working on an issue please ensure the following criteria are met: +When submitting or working on an issue, please ensure the following criteria are met: * The description clearly states or describes the original problem or root cause of the problem. * Include historical information on how the problem was identified. - * Any relevant logs are included. - * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). - * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Include any relevant logs. + * If the issue is a bug that needs fixing in a branch other than Master, add the + ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web + services/sites should not be needed. * If the issue is needed for a hotfix release, add the 'expedite' label. * Steps to reproduce the problem if possible. diff --git a/README.rst b/README.rst index a1f5168..9e2fc52 100644 --- a/README.rst +++ b/README.rst @@ -3,7 +3,8 @@ OpenStack LXC container create :tags: openstack, lxc, container, cloud, ansible :category: \*nix -Role for creating LXC containers. This role has been setup for use in OpenStack. This role will create several directories on the LXC host for use in bind mounted storage within the container. +Role for creating LXC containers. This role has been setup for use in OpenStack. This role will +create several directories on the LXC host for use in bind mounted storage within the container. Example Play: .. code-block:: yaml @@ -51,10 +52,6 @@ Example Inventory: "netmask": "255.255.252.0", "type": "veth" } - }, - "properties": { - "container_release": "trusty", - "is_metal": true } }, "container1": { @@ -71,10 +68,7 @@ Example Inventory: } }, "physical_host": "infra1", - "physical_host_group": "lxc_hosts", - "properties": { - "container_release": "trusty", - } + "physical_host_group": "lxc_hosts" } } } diff --git a/defaults/main.yml b/defaults/main.yml index 6c71849..d12169e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -15,9 +15,6 @@ lxc_container_config: /etc/lxc/lxc-openstack.conf -# Default container template to build from -lxc_container_template: ubuntu - # lxc container rootfs directory and cache path lxc_container_directory: "/var/lib/lxc" lxc_container_cache_path: "/var/cache/lxc" @@ -32,51 +29,31 @@ lxc_container_fs_type: ext4 lxc_container_backing_store: lvm lxc_container_vg_name: lxc -# Default image to build from -lxc_container_release: trusty -lxc_container_user_name: ubuntu -lxc_container_user_password: "{{ lookup('pipe', 'date --rfc-3339=ns | sha512sum | base64 | head -c 32') }}" -lxc_container_template_options: > - --release {{ lxc_container_release }} - --user {{ lxc_container_user_name }} - --password {{ lxc_container_user_password }} - -lxc_container_template_main_apt_repo: "https://mirror.rackspace.com/ubuntu" -lxc_container_template_security_apt_repo: "https://mirror.rackspace.com/ubuntu" - -lxc_container_default_interfaces: | - # The loopback network interface - auto lo - iface lo inet loopback - # LXC interface, this is ALWAYS assumed to be DHCP. - auto eth0 - iface eth0 inet dhcp - # Load any additional configs - source /etc/network/interfaces.d/*.cfg - lxc_container_default_mtu: "1500" -# The container interface variable is a a default object that assume the -# Ansible iterator type is `with_dict`. -lxc_container_interface: | - ### start generated network for [ {{ item.value.interface }} ] ### - auto {{ item.value.interface }} - {% if item.value.address is defined %} - iface {{ item.value.interface }} inet static - address {{ item.value.address }} - netmask {{ item.value.netmask }} - # needed to enable gratuitous arps on interface events - post-up sysctl -w net.ipv4.conf.$IFACE.arp_notify=1 - # needed to force an interface event (setting mac to what it already is) - post-up ip link set $IFACE address $(cat /sys/class/net/$IFACE/address) - {% if item.value.gateway is defined %} - gateway {{ item.value.gateway }} - {% endif %} - {% if item.value.static_routes is defined %} - {% for route in item.value.static_routes %} - post-up ip route add {{ route['cidr'] }} via {{ route['gateway'] }} || true - {% endfor %} - {% endif %} - {% else %} - iface {{ item.value.interface }} inet manual - {% endif %} - ### end generated network for [ {{ item.value.interface }} ] ### + +# LXC image server +lxc_image_cache_server: images.linuxcontainers.org + +## Default download template options +## This can be customized to use a local build server and options. +## By default these options will be fulfilled by the distro specific +## variable files found in vars/ +# lxc_container_download_template_options: > +# --dist NAME_OF_DISTRO +# --release DISTRO_RELEASE +# --arch CONTAINER_ARCH +# --force-cache +# --server SERVER_TO_GET_IMAGES_FROM +lxc_container_template: download +lxc_container_variant: default +lxc_container_download_template_options: > + --dist {{ lxc_container_map.distro }} + --release {{ lxc_container_map.release }} + --arch {{ lxc_container_map.arch }} + --force-cache + --server {{ lxc_image_cache_server }} + --variant={{ lxc_container_variant }} + +lxc_cache_resolvers: + - 'nameserver 8.8.8.8' + - 'nameserver 8.8.4.4' diff --git a/doc/source/index.rst b/doc/source/index.rst index 09f8ef1..31d4555 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -12,5 +12,4 @@ Basic Role Example .. code-block:: yaml - role: "lxc_container_create" - lxc_container_release: trusty lxc_container_backing_store: dir diff --git a/manual-tests.rc b/manual-tests.rc new file mode 100644 index 0000000..fa1cdf9 --- /dev/null +++ b/manual-tests.rc @@ -0,0 +1,22 @@ +export VIRTUAL_ENV=$(pwd) +export ANSIBLE_HOST_KEY_CHECKING=False +export ANSIBLE_SSH_CONTROL_PATH=/tmp/%%h-%%r + +# TODO (odyssey4me) These are only here as they are non-standard folder +# names for Ansible 1.9.x. We are using the standard folder names for +# Ansible v2.x. We can remove this when we move to Ansible 2.x. +export ANSIBLE_ACTION_PLUGINS=${HOME}/.ansible/plugins/action +export ANSIBLE_CALLBACK_PLUGINS=${HOME}/.ansible/plugins/callback +export ANSIBLE_FILTER_PLUGINS=${HOME}/.ansible/plugins/filter +export ANSIBLE_LOOKUP_PLUGINS=${HOME}/.ansible/plugins/lookup + +# This is required as the default is the current path or a path specified +# in ansible.cfg +export ANSIBLE_LIBRARY=${HOME}/.ansible/plugins/library + +# This is required as the default is '/etc/ansible/roles' or a path +# specified in ansible.cfg +export ANSIBLE_ROLES_PATH=${HOME}/.ansible/roles:$(pwd)/.. + +echo "Run manual functional tests by executing the following:" +echo "# ./.tox/functional/bin/ansible-playbook -i tests/inventory tests/test.yml -e \"rolename=$(pwd)\"" diff --git a/meta/main.yml b/meta/main.yml index dd46384..c54d234 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -18,11 +18,15 @@ galaxy_info: description: Create an LXC container company: Rackspace license: Apache2 - min_ansible_version: 1.6.6 + min_ansible_version: 1.9.4 platforms: - name: Ubuntu versions: - trusty + - xenial + - name: EL + versions: + - 7 categories: - cloud - lxc diff --git a/other-requirements.txt b/other-requirements.txt index 67cd643..a145f8b 100644 --- a/other-requirements.txt +++ b/other-requirements.txt @@ -14,7 +14,13 @@ # TODO(odyssey4me) remove this once https://review.openstack.org/288634 has merged # and the disk images are rebuilt and redeployed. curl +wget # Requirements for Paramiko 2.0 -libssl-dev -libffi-dev +libssl-dev [platform:dpkg] +libffi-dev [platform:dpkg] +libffi-devel [platform:rpm] +openssl-devel [platform:rpm] + +# For selinux +libselinux-python [platform:rpm] diff --git a/releasenotes/notes/lxc-container-multi-distro-f495f73951fafd1a.yaml b/releasenotes/notes/lxc-container-multi-distro-f495f73951fafd1a.yaml new file mode 100644 index 0000000..21a0e44 --- /dev/null +++ b/releasenotes/notes/lxc-container-multi-distro-f495f73951fafd1a.yaml @@ -0,0 +1,29 @@ +--- +features: + - The ``lxc_container_create`` role will now build a container + based on the distro of the host OS. + - The ``lxc_container_create`` role now supports Ubuntu 14.04, + 16.04, and RHEL/CentOS 7 +upgrade: + - The ``lxc_container_create`` role no longer uses the distro specific lxc + container create template. + - | + The following variable changes have been made in the ``lxc_host`` role: + + * **lxc_container_template**: Removed because the template option is now + contained within the operating system specific variable file loaded at + runtime. + * **lxc_container_template_options**: This option was renamed to + *lxc_container_download_template_options*. The deprecation filter was not + used because the values provided from this option have been + fundamentally changed and old overrides will cause problems. + * **lxc_container_release**: Removed because image is now tied with the host + operating system. + * **lxc_container_user_name**: Removed because the default users are no longer + created when the cached image is created. + * **lxc_container_user_password**: Removed because the default users are no + longer created when the cached image is created. + * **lxc_container_template_main_apt_repo**: Removed because this option is now + being set within the cache creation process and is no longer needed here. + * **lxc_container_template_security_apt_repo**: Removed because this option is + now being set within the cache creation process and is no longer needed here. diff --git a/run_tests.sh b/run_tests.sh index f7a19cc..bfe311e 100755 --- a/run_tests.sh +++ b/run_tests.sh @@ -19,7 +19,11 @@ FUNCTIONAL_TEST=${FUNCTIONAL_TEST:-true} # prep the host if [ "$(which apt-get)" ]; then - apt-get install -y build-essential python2.7 python-dev git-core libssl-dev libffi-dev + apt-get update && apt-get install -y build-essential python2.7 python-dev git-core libffi-dev libssl-dev +fi + +if [ "$(which yum)" ]; then + yum install -y '@Development Tools' python-devel git libffi-devel openssl-devel fi # get pip, if necessary @@ -33,9 +37,9 @@ pip install tox # run through each tox env and execute the test for tox_env in $(awk -F= '/envlist/ {print $2}' tox.ini | sed 's/,/ /g'); do - if [ "${tox_env}" != "ansible-functional" ]; then + if [ "${tox_env}" != "functional" ]; then tox -e ${tox_env} - elif [ "${tox_env}" == "ansible-functional" ]; then + elif [ "${tox_env}" == "functional" ]; then if ${FUNCTIONAL_TEST}; then tox -e ${tox_env} fi diff --git a/tasks/container_create.yml b/tasks/container_create.yml index 612e3e9..ae69586 100644 --- a/tasks/container_create.yml +++ b/tasks/container_create.yml @@ -57,61 +57,43 @@ lxc_container: name: "{{ inventory_hostname }}" container_log: "true" - config: "{{ properties.container_config|default(lxc_container_config) }}" - template: "{{ properties.container_template|default(lxc_container_template) }}" + config: "{{ lxc_container_config }}" + template: "{{ lxc_container_template }}" state: started - backing_store: "{{ properties.container_backing_store|default(lxc_container_backing_store) }}" + backing_store: "{{ lxc_container_backing_store }}" directory: "{{ lxc_container_rootfs_directory }}" - fs_size: "{{ properties.container_fs_size|default(lxc_container_fs_size) }}" - fs_type: "{{ properties.container_fs_type|default(lxc_container_fs_type) }}" - vg_name: "{{ properties.container_vg_name|default(lxc_container_vg_name) }}" - template_options: "{{ lxc_container_template_options }}" - container_command: | - if [ -f "/usr/lib/systemd/system/poweroff.target" ];then - ln -sf /usr/lib/systemd/system/poweroff.target /etc/systemd/system/sigpwr.target || true - fi - ln -s /dev/null /etc/systemd/system/systemd-udevd.service || true - ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket || true - ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket || true - ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount || true - echo -e '{{ lxc_container_default_interfaces }}' | tee /etc/network/interfaces + fs_size: "{{ lxc_container_fs_size }}" + fs_type: "{{ lxc_container_fs_type }}" + vg_name: "{{ lxc_container_vg_name }}" + template_options: "{{ lxc_container_download_template_options }}" + container_command: "{{ lxc_container_map.prep_commands }}" container_config: - "lxc.autodev=1" - "lxc.pts=1024" - "lxc.kmsg=0" - "lxc.hook.autodev=/var/lib/lxc/{{ inventory_hostname }}/autodev" + - "lxc.mount.entry=/openstack/backup/{{ inventory_hostname }} var/backup none defaults,bind,rw 0 0" delegate_to: "{{ physical_host }}" tags: - lxc-container-create -- name: Load container service mounts and profile - lxc_container: - name: "{{ inventory_hostname }}" - container_command: | - mkdir -p /var/backup - mkdir -p /var/log/{{ properties.service_name }} - container_config: - - "lxc.mount.entry=/openstack/backup/{{ inventory_hostname }} var/backup none defaults,bind,rw 0 0" - - "lxc.mount.entry=/openstack/log/{{ inventory_hostname }} var/log/{{ properties.service_name }} none defaults,bind,rw 0 0" - when: properties.service_name is defined - delegate_to: "{{ physical_host }}" - tags: - - lxc-container-service-config - - name: Container network interfaces lxc_container: name: "{{ inventory_hostname }}" container_command: | - if [ ! -d "/etc/network/interfaces.d" ];then - mkdir -p /etc/network/interfaces.d - fi - configmd5sum=$(md5sum /etc/network/interfaces.d/{{ item.value.interface }}.cfg 2>/dev/null) - echo -e '{{ lxc_container_interface }}' | tee /etc/network/interfaces.d/{{ item.value.interface }}.cfg - if ! md5sum -c --status <<< "$configmd5sum" 2>/dev/null; then - ifdown {{ item.value.interface }} - ifup {{ item.value.interface }} - fi - with_dict: "{{ container_networks|default({}) }}" + echo -e '{{ lxc_container_interface }}' | tee {{ lxc_container_interface_target }} + with_dict: container_networks|default({}) + delegate_to: "{{ physical_host }}" + tags: + - lxc-container-networks + +- name: Container network route interfaces + lxc_container: + name: "{{ inventory_hostname }}" + container_command: | + echo -e '{{ lxc_container_default_route_interfaces.route_setup }}' | tee {{ lxc_container_default_route_interfaces.route_file }} + when: item.value.static_routes is defined + with_dict: container_networks|default({}) delegate_to: "{{ physical_host }}" tags: - lxc-container-networks @@ -123,7 +105,7 @@ owner: "root" group: "root" mode: "0644" - with_dict: "{{ container_networks|default({}) }}" + with_dict: container_networks|default({}) notify: - Lxc container restart delegate_to: "{{ physical_host }}" @@ -148,9 +130,9 @@ dest: "/var/lib/lxc/{{ inventory_hostname }}/config" line: "lxc.include = /var/lib/lxc/{{ inventory_hostname }}/{{ item.value.interface }}.ini" backup: "true" - with_dict: "{{ container_networks|default({}) }}" - when: - - item.value.interface is defined + with_dict: container_networks|default({}) + when: > + item.value.interface is defined notify: - Lxc container restart delegate_to: "{{ physical_host }}" @@ -188,18 +170,15 @@ # Flush the handlers to ensure the container and networking is online. - meta: flush_handlers -# Resets the container user's password using lxc_container because Python2.7 -# may not be installed at this point. -- name: Force container user password set - lxc_container: - name: "{{ inventory_hostname }}" - container_command: | - getent passwd "{{ lxc_container_user_name }}" && - echo "{{ lxc_container_user_name }}:{{ lxc_container_user_password }}" | chpasswd - delegate_to: "{{ physical_host }}" - no_log: True +- name: Wait for ssh to be available + local_action: + module: wait_for + port: "{{ ansible_ssh_port | default('22') }}" + host: "{{ ansible_ssh_host | default(inventory_hostname) }}" + search_regex: OpenSSH + delay: 1 tags: - - lxc-container-user-password-regen + - lxc-container-networks - name: Install container proxy settings template: diff --git a/tasks/main.yml b/tasks/main.yml index 13b6d26..5183484 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -13,10 +13,21 @@ # See the License for the specific language governing permissions and # limitations under the License. +- name: Gather variables for each operating system + include_vars: "{{ item }}" + with_first_found: + - "{{ hostvars[physical_host]['ansible_distribution'] | lower }}-{{ hostvars[physical_host]['ansible_distribution_version'] | lower }}.yml" + - "{{ hostvars[physical_host]['ansible_distribution'] | lower }}.yml" + - "{{ hostvars[physical_host]['ansible_os_family'] | lower }}-{{ hostvars[physical_host]['ansible_distribution_version'].split('.')[0] }}.yml" + - "{{ hostvars[physical_host]['ansible_os_family'] | lower }}.yml" + delegate_to: "{{ physical_host }}" + tags: + - always + - include: container_create.yml when: - physical_host is defined - inventory_hostname is defined - physical_host != inventory_hostname tags: - - lxc-container \ No newline at end of file + - lxc-container diff --git a/tests/group_vars/all_containers.yml b/tests/group_vars/all_containers.yml index 4cc9794..38f17f5 100644 --- a/tests/group_vars/all_containers.yml +++ b/tests/group_vars/all_containers.yml @@ -15,6 +15,7 @@ ansible_ssh_host: "{{ ansible_host }}" container_name: "{{ inventory_hostname }}" + container_networks: management_address: address: "{{ ansible_host }}" @@ -22,6 +23,14 @@ container_networks: interface: "eth1" netmask: "255.255.252.0" type: "veth" + static_routes: + - cidr: 10.100.100.0/24 + gateway: 10.100.100.1 + physical_host: localhost + properties: service_name: "{{ inventory_hostname }}" + +global_environment_variables: + PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" diff --git a/tests/inventory b/tests/inventory index a16c745..e9a9b7c 100644 --- a/tests/inventory +++ b/tests/inventory @@ -5,4 +5,4 @@ container2 ansible_host=10.100.100.3 ansible_become=True ansible_user=root [all_containers] container1 -container2 \ No newline at end of file +container2 diff --git a/tests/test-containers-functional.yml b/tests/test-containers-functional.yml index 1a1293b..1c2d861 100644 --- a/tests/test-containers-functional.yml +++ b/tests/test-containers-functional.yml @@ -46,4 +46,4 @@ that: - "'/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games' in environment_content" - "'http_proxy=http://someproxy.example.com' in environment_content" - - "'https_proxy=https://someproxy.example.com' in environment_content" \ No newline at end of file + - "'https_proxy=https://someproxy.example.com' in environment_content" diff --git a/tests/test-prepare-containers.yml b/tests/test-prepare-containers.yml index e4bfc24..656f51a 100644 --- a/tests/test-prepare-containers.yml +++ b/tests/test-prepare-containers.yml @@ -16,6 +16,27 @@ - name: Playbook for creating containers hosts: all_containers gather_facts: false + pre_tasks: + - name: Destroy test containers + lxc_container: + name: "{{ container_name }}" + state: "absent" + delegate_to: "{{ physical_host }}" + tags: + - container-destroy + - name: Destroy container service directories + file: + path: "{{ item }}" + state: "absent" + with_items: + - "/openstack/{{ container_name }}" + - "/openstack/backup/{{ container_name }}" + - "/openstack/log/{{ container_name }}" + - "/var/lib/lxc/{{ container_name }}" + - "{{ lxc_container_directory|default('/var/lib/lxc') }}/{{ container_name }}" + delegate_to: "{{ physical_host }}" + tags: + - container-directories roles: - role: "{{ rolename | basename }}" lxc_container_release: trusty diff --git a/tests/test-prepare-host.yml b/tests/test-prepare-host.yml index 56f9d9b..036c9d3 100644 --- a/tests/test-prepare-host.yml +++ b/tests/test-prepare-host.yml @@ -37,16 +37,32 @@ set_fact: lxc_container_cache_files: - { src: '/etc/pip.conf', dest: '/etc/pip.conf' } + when: + - nodepool.stat.exists | bool + - name: Set a fact for file to disable GPG signature checking of apt sources for OpenStack-CI instances + set_fact: + apt_disable_gpg_checking: - { src: '/etc/apt/apt.conf.d/99unauthenticated', dest: '/etc/apt/apt.conf.d/99unauthenticated' } - when: nodepool.stat.exists | bool + when: + - nodepool.stat.exists | bool + - ansible_pkg_mgr == 'apt' + - name: Update the files to copy into the container cache for OpenStack-CI instances + set_fact: + lxc_container_cache_files: + "{{ lxc_container_cache_files + apt_disable_gpg_checking }}" + when: + - nodepool.stat.exists | bool + - ansible_pkg_mgr == 'apt' - name: Determine the existing Ubuntu repo configuration shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list' register: ubuntu_repo changed_when: false + when: ansible_os_family == 'Debian' - name: Set apt repo facts based on discovered information set_fact: lxc_container_template_main_apt_repo: "{{ ubuntu_repo.stdout }}" lxc_container_template_security_apt_rep: "{{ ubuntu_repo.stdout }}" + when: ansible_os_family == 'Debian' roles: - role: "lxc_hosts" lxc_net_address: 10.100.100.1 @@ -54,8 +70,3 @@ lxc_net_bridge: lxcbr0 lxc_kernel_options: - { key: 'fs.inotify.max_user_instances', value: 1024 } - lxc_container_caches: - - url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz" - name: "trusty.tgz" - sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c" - chroot_path: trusty/rootfs-amd64 diff --git a/tox.ini b/tox.ini index 4e2c194..0671385 100644 --- a/tox.ini +++ b/tox.ini @@ -118,6 +118,7 @@ commands = --force ansible-playbook -i {toxinidir}/tests/inventory \ -e "rolename={toxinidir}" \ + -vv \ {toxinidir}/tests/test.yml diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml new file mode 100644 index 0000000..dffaf1a --- /dev/null +++ b/vars/redhat-7.yml @@ -0,0 +1,60 @@ +--- + +# Note this is a used in an iterable and requires the variable +# The container interface variable is a a default object that assume the +# Ansible iterator type is `with_dict`. +lxc_container_interface: | + ### start generated network for [ {{ item.value.interface }} ] ### + DEVICE={{ item.value.interface }} + BOOTPROTO=none + ONBOOT=yes + NM_CONTROLLED=no + TYPE=Ethernet + {% if item.value.address is defined %} + IPADDR={{ item.value.address }} + NETMASK={{ item.value.netmask }} + {% if item.value.gateway is defined %} + GATEWAY={{ item.value.gateway }} + {% endif %} + {% endif %} + MTU={{ item.value.mtu|default(lxc_container_default_mtu) }} + DELAY=0 + ### end generated network for [ {{ item.value.interface }} ] ### + +# Default interface file +lxc_container_default_interfaces: | + DEVICE=eth0 + BOOTPROTO=dhcp + ONBOOT=yes + NM_CONTROLLED=no + TYPE=Ethernet + +lxc_container_default_route_interfaces: + route_file: "/etc/sysconfig/network-scripts/route-{{ item.value.interface }}" + route_setup: | + {% for route in item.value.static_routes %} + {{ route['cidr'] }} via {{ route['gateway'] }} dev {{ item.value.interface }} + {% endfor %} + +# Note this is a used in an iterable and requires the variable +lxc_container_interface_target: "/etc/sysconfig/network-scripts/ifcfg-{{ item.value.interface }}" + +lxc_container_map: + distro: centos + arch: amd64 + release: 7 + prep_commands: | + mkdir -p /var/backup + rm /etc/resolv.conf + {% for resolver in lxc_cache_resolvers %} + echo "{{ resolver }}" | tee -a /etc/resolv.conf + {% endfor %} + if [ -f "/usr/lib/systemd/system/poweroff.target" ];then + ln -sf /usr/lib/systemd/system/poweroff.target /etc/systemd/system/sigpwr.target || true + fi + ln -s /dev/null /etc/systemd/system/systemd-udevd.service || true + ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket || true + ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket || true + ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount || true + echo -e '{{ lxc_container_default_interfaces }}' | tee /etc/sysconfig/network-scripts/ifcfg-eth0 + chage -I -1 -d -1 -m 0 -M 99999 -E -1 root diff --git a/vars/ubuntu-14.04.yml b/vars/ubuntu-14.04.yml new file mode 100644 index 0000000..0b9dc05 --- /dev/null +++ b/vars/ubuntu-14.04.yml @@ -0,0 +1,71 @@ +--- + +# Note this is a used in an iterable and requires the variable +# The container interface variable is a a default object that assume the +# Ansible iterator type is `with_dict`. +lxc_container_interface: | + ### start generated network for [ {{ item.value.interface }} ] ### + auto {{ item.value.interface }} + {% if item.value.address is defined %} + iface {{ item.value.interface }} inet static + address {{ item.value.address }} + netmask {{ item.value.netmask }} + {% if item.value.gateway is defined %} + gateway {{ item.value.gateway }} + {% endif %} + mtu {{ item.value.mtu|default(lxc_container_default_mtu) }} + # needed to enable gratuitous arps on interface events + post-up sysctl -w net.ipv4.conf.$IFACE.arp_notify=1 + # needed to force an interface event (setting mac to what it already is) + post-up ip link set $IFACE address $(cat /sys/class/net/$IFACE/address) + {% if item.value.static_routes is defined %} + {% for route in item.value.static_routes %} + post-up ip route add {{ route['cidr'] }} via {{ route['gateway'] }} || true + {% endfor %} + {% endif %} + {% else %} + iface {{ item.value.interface }} inet manual + {% endif %} + ### end generated network for [ {{ item.value.interface }} ] ### + +# Default interface file +lxc_container_default_interfaces: | + # The loopback network interface + auto lo + iface lo inet loopback + # LXC interface, this is ALWAYS assumed to be DHCP. + auto eth0 + iface eth0 inet dhcp + # Load any additional configs + source /etc/network/interfaces.d/*.cfg + +# Notice this is already resolved in the debian interface file +lxc_container_default_route_interfaces: + route_file: "/dev/null" + route_setup: "This is already resolved in the debian interface file" + +# Note this is a used in an iterable and requires the variable +lxc_container_interface_target: "/etc/network/interfaces.d/{{ item.value.interface }}.cfg" + +lxc_container_map: + distro: ubuntu + arch: amd64 + release: trusty + prep_commands: | + mkdir -p /var/backup + echo '# Null Tail' | tee /etc/resolvconf/resolv.conf.d/tail + echo '# Null original' | tee /etc/resolvconf/resolv.conf.d/original + rm /etc/resolvconf/resolv.conf.d/base + {% for resolver in lxc_cache_resolvers %} + echo 'nameserver {{ resolver }}' | tee -a /etc/resolvconf/resolv.conf.d/base + {% endfor %} + if [ -f "/usr/lib/systemd/system/poweroff.target" ];then + ln -sf /usr/lib/systemd/system/poweroff.target /etc/systemd/system/sigpwr.target || true + fi + ln -s /dev/null /etc/systemd/system/systemd-udevd.service || true + ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket || true + ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket || true + ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount || true + echo -e '{{ lxc_container_default_interfaces }}' | tee /etc/network/interfaces + mkdir -p /etc/network/interfaces.d + chage -I -1 -d -1 -m 0 -M 99999 -E -1 root diff --git a/vars/ubuntu-16.04.yml b/vars/ubuntu-16.04.yml new file mode 100644 index 0000000..8a7baae --- /dev/null +++ b/vars/ubuntu-16.04.yml @@ -0,0 +1,71 @@ +--- + +# Note this is a used in an iterable and requires the variable +# The container interface variable is a a default object that assume the +# Ansible iterator type is `with_dict`. +lxc_container_interface: | + ### start generated network for [ {{ item.value.interface }} ] ### + auto {{ item.value.interface }} + {% if item.value.address is defined %} + iface {{ item.value.interface }} inet static + address {{ item.value.address }} + netmask {{ item.value.netmask }} + {% if item.value.gateway is defined %} + gateway {{ item.value.gateway }} + {% endif %} + mtu {{ item.value.mtu|default(lxc_container_default_mtu) }} + # needed to enable gratuitous arps on interface events + post-up sysctl -w net.ipv4.conf.$IFACE.arp_notify=1 + # needed to force an interface event (setting mac to what it already is) + post-up ip link set $IFACE address $(cat /sys/class/net/$IFACE/address) + {% if item.value.static_routes is defined %} + {% for route in item.value.static_routes %} + post-up ip route add {{ route['cidr'] }} via {{ route['gateway'] }} || true + {% endfor %} + {% endif %} + {% else %} + iface {{ item.value.interface }} inet manual + {% endif %} + ### end generated network for [ {{ item.value.interface }} ] ### + +# Default interface file +lxc_container_default_interfaces: | + # The loopback network interface + auto lo + iface lo inet loopback + # LXC interface, this is ALWAYS assumed to be DHCP. + auto eth0 + iface eth0 inet dhcp + # Load any additional configs + source /etc/network/interfaces.d/*.cfg + +# Notice this is already resolved in the debian interface file +lxc_container_default_route_interfaces: + route_file: "/dev/null" + route_setup: "This is already resolved in the debian interface file" + +# Note this is a used in an iterable and requires the variable +lxc_container_interface_target: "/etc/network/interfaces.d/{{ item.value.interface }}.cfg" + +lxc_container_map: + distro: ubuntu + arch: amd64 + release: xenial + prep_commands: | + mkdir -p /var/backup + echo '# Null Tail' | tee /etc/resolvconf/resolv.conf.d/tail + echo '# Null original' | tee /etc/resolvconf/resolv.conf.d/original + rm /etc/resolvconf/resolv.conf.d/base + {% for resolver in lxc_cache_resolvers %} + echo 'nameserver {{ resolver }}' | tee -a /etc/resolvconf/resolv.conf.d/base + {% endfor %} + if [ -f "/usr/lib/systemd/system/poweroff.target" ];then + ln -sf /usr/lib/systemd/system/poweroff.target /etc/systemd/system/sigpwr.target || true + fi + ln -s /dev/null /etc/systemd/system/systemd-udevd.service || true + ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket || true + ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket || true + ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount || true + echo -e '{{ lxc_container_default_interfaces }}' | tee /etc/network/interfaces + mkdir -p /etc/network/interfaces.d + chage -I -1 -d -1 -m 0 -M 99999 -E -1 root