openstack
/
openstack-ansible-lxc_container_create
Code Issues Proposed changes
openstack-ansible-lxc_conta.../tasks/container_create.yml

218 lines
7.9 KiB
YAML
Raw Blame History

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Check for lxc volume group
shell: "(which vgs > /dev/null && vgs | grep -o '{{ lxc_container_vg_name }}') || false"
register: vg_result
failed_when: false
changed_when: vg_result.rc != 0
delegate_to: "{{ physical_host }}"
tags:
- lxc-container-vg-detect
- name: Set container backend "dir" if "lvm" not found
set_fact:
lxc_container_backing_store: dir
when: vg_result.rc != 0
tags:
- lxc-container-vg-detect
- name: Container service directories
file:
path: "{{ item }}"
state: "directory"
with_items:
- "/openstack/{{ inventory_hostname }}"
- "/openstack/backup/{{ inventory_hostname }}"
- "/openstack/log/{{ inventory_hostname }}"
- "{{ lxc_container_directory }}/{{ inventory_hostname }}"
delegate_to: "{{ physical_host }}"
tags:
- lxc-container-directories
- name: LXC autodev setup
template:
src: "autodev.j2"
dest: "/var/lib/lxc/{{ inventory_hostname }}/autodev"
owner: "root"
group: "root"
mode: "0755"
delegate_to: "{{ physical_host }}"
tags:
- lxc-container-autodev
- name: Create container
lxc_container:
name: "{{ inventory_hostname }}"
container_log: "true"
config: "{{ properties.container_config|default(lxc_container_config) }}"
template: "{{ properties.container_template|default(lxc_container_template) }}"
state: started
backing_store: "{{ properties.container_backing_store|default(lxc_container_backing_store) }}"
directory: "{{ lxc_container_rootfs_directory }}"
fs_size: "{{ properties.container_fs_size|default(lxc_container_fs_size) }}"
fs_type: "{{ properties.container_fs_type|default(lxc_container_fs_type) }}"
vg_name: "{{ properties.container_vg_name|default(lxc_container_vg_name) }}"
template_options: "{{ lxc_container_template_options }}"
container_command: |
if [ -f "/usr/lib/systemd/system/poweroff.target" ];then
ln -sf /usr/lib/systemd/system/poweroff.target /etc/systemd/system/sigpwr.target || true
fi
ln -s /dev/null /etc/systemd/system/systemd-udevd.service || true
ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket || true
ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket || true
ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount || true
echo -e '{{ lxc_container_default_interfaces }}' | tee /etc/network/interfaces
container_config:
- "lxc.autodev=1"
- "lxc.pts=1024"
- "lxc.kmsg=0"
- "lxc.hook.autodev=/var/lib/lxc/{{ inventory_hostname }}/autodev"
delegate_to: "{{ physical_host }}"
tags:
- lxc-container-create
- name: Load container service mounts and profile
lxc_container:
name: "{{ inventory_hostname }}"
container_command: |
mkdir -p /var/backup
mkdir -p /var/log/{{ properties.service_name }}
container_config:
- "lxc.mount.entry=/openstack/backup/{{ inventory_hostname }} var/backup none defaults,bind,rw 0 0"
- "lxc.mount.entry=/openstack/log/{{ inventory_hostname }} var/log/{{ properties.service_name }} none defaults,bind,rw 0 0"
when: properties.service_name is defined
delegate_to: "{{ physical_host }}"
tags:
- lxc-container-service-config
- name: Container network interfaces
lxc_container:
name: "{{ inventory_hostname }}"
container_command: |
if [ ! -d "/etc/network/interfaces.d" ];then
mkdir -p /etc/network/interfaces.d
fi
configmd5sum=$(md5sum /etc/network/interfaces.d/{{ item.value.interface }}.cfg 2>/dev/null)
echo -e '{{ lxc_container_interface }}' | tee /etc/network/interfaces.d/{{ item.value.interface }}.cfg
if ! md5sum -c --status <<< "$configmd5sum" 2>/dev/null; then
ifdown {{ item.value.interface }}
ifup {{ item.value.interface }}
fi
with_dict: "{{ container_networks|default({}) }}"
delegate_to: "{{ physical_host }}"
tags:
- lxc-container-networks
- name: LXC host config for container networks
template:
src: "container-interface.ini.j2"
dest: "/var/lib/lxc/{{ inventory_hostname }}/{{ item.value.interface }}.ini"
owner: "root"
group: "root"
mode: "0644"
with_dict: "{{ container_networks|default({}) }}"
notify:
- Lxc container restart
delegate_to: "{{ physical_host }}"
tags:
- lxc-container-networks
# NOTE(major): the lxc.network.veth.pair line must appear *immediately* after
# the lxc.network.name congfiguration line or it will be ignored. That's why
# you'll find a "insertafter" in this YAML block.
- name: Add veth pair name to match container name
lineinfile:
dest: "/var/lib/lxc/{{ inventory_hostname }}/config"
line: "lxc.network.veth.pair = {{ inventory_hostname[-8:].replace('-', '').replace('_', '') }}_eth0"
insertafter: "^lxc.network.name"
backup: "true"
delegate_to: "{{ physical_host }}"
tags:
- lxc-container-networks
- name: Container network includes
lineinfile:
dest: "/var/lib/lxc/{{ inventory_hostname }}/config"
line: "lxc.include = /var/lib/lxc/{{ inventory_hostname }}/{{ item.value.interface }}.ini"
backup: "true"
with_dict: "{{ container_networks|default({}) }}"
when:
- item.value.interface is defined
notify:
- Lxc container restart
delegate_to: "{{ physical_host }}"
tags:
- lxc-container-networks
# Adds post-down and pre-start hooks
- name: Drop veth cleanup script
template:
src: "veth-cleanup.sh.j2"
dest: "/var/lib/lxc/{{ inventory_hostname }}/veth-cleanup.sh"
owner: "root"
group: "root"
mode: "0755"
delegate_to: "{{ physical_host }}"
tags:
- lxc-container-networks
# This is being defined due to an issue with dangling veth pairs.
# TODO(someone) This should be removed once an upstream patch has
# been submitted to either the kernel or LXC to fix the veth issues.
# Container restart is not happening here because it's not needed.
- name: Defines a pre and post hook script
lineinfile:
dest: "/var/lib/lxc/{{ inventory_hostname }}/config"
line: "{{ item }}"
backup: "true"
with_items:
- "lxc.hook.pre-start = /var/lib/lxc/{{ inventory_hostname }}/veth-cleanup.sh"
- "lxc.hook.post-stop = /var/lib/lxc/{{ inventory_hostname }}/veth-cleanup.sh"
delegate_to: "{{ physical_host }}"
tags:
- lxc-container-networks
# Flush the handlers to ensure the container and networking is online.
- meta: flush_handlers
# Resets the container user's password using lxc_container because Python2.7
# may not be installed at this point.
- name: Force container user password set
lxc_container:
name: "{{ inventory_hostname }}"
container_command: |
getent passwd "{{ lxc_container_user_name }}" &&
echo "{{ lxc_container_user_name }}:{{ lxc_container_user_password }}" | chpasswd
delegate_to: "{{ physical_host }}"
no_log: True
tags:
- lxc-container-user-password-regen
# Setup proxy configs, this is done here to ensure that we have our container proxy setup
# prior to running online commands. This is using lxc_container because python2.7 may not be
# installed at this point.
- name: Run proxy config
lxc_container:
name: "{{ inventory_hostname }}"
container_command: |
if ! grep '{{ item.key }}={{ item.value }}' /etc/environment; then
echo '{{ item.key }}={{ item.value }}' | tee -a /etc/environment
fi
with_dict: "{{ global_environment_variables | default({}) }}"
delegate_to: "{{ physical_host }}"
tags:
- lxc-container-proxy
View Git Blame Copy Permalink