openstack-ansible-lxc_conta.../tasks/lxc_container_network_new.yml
Kevin Carter 815ece7454 Unify container network interfaces with networkd
Unify container network interfaces using Systemd Networkd for ubuntu,
centos, and openSUSE. This change allows the role to use a single way to
configure container networks.

Care has been taken to ensure we're able to cleanly upgrade to the new
capabilities within existing environments without breaking any feature
compatibility or causing any container restarts.

It's also worth noting that all of the pre/post networking up/down
script options have been converted to systemd "oneshot" services. This
retains the ability to run adhoc scripts post network availability
while also opening up this capability, which used to be ubuntu only,
to all of our supported operating systems.

> Our usage of `lxc-attach` was removed in favor of `nsenter` to fix a
  issue where multiple `lxc-attach` commands issued to a single physical
  host could result in a hang.

> Scripts that were being generated inline have been placed into
  template files. This solves a long standing memory consumption issue
  when creating lots of containers. The old shell tasks will now be 
  executed from a generated script. While this should also help with 
  debugging, the main driver is to ensure better system stability.

> A lot of cleanup has been done throughout the task files and
  templates. In the process of updating the role to use unified
  networking a lot of duplicate tasks, scripts, and processes have
  consolidated.

> Handlers have been added for network connection wait conditions and
  to various service restarts.

> The OSA plugins have been added to this role as a dependency. We
  rely on the connection plugins throughout the stack however we were
  doing a lot of workarounds to cater to the possibility of a deployer
  running this role without them. This change simply adds the plugins
  as a known dependency which allows for a more streamlined setup.

Change-Id: I5d3ddcfa11d575648a69a04f2fb30236c2c89da3
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2018-03-01 10:55:14 +00:00

71 lines
2.0 KiB
YAML

---
# Copyright 2018, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create networkd directory
file:
path: "/etc/systemd/network"
state: directory
- name: Drop container network file (interfaces)
template:
src: "container_network.network.j2"
dest: "/etc/systemd/network/{{ item.value.interface }}.network"
owner: "root"
group: "root"
mode: "0644"
with_dict: "{{ lxc_container_networks_combined }}"
notify:
- Enable dbus
- Enable resolved
- Restart networkd
- name: Create resolved link
file:
src: "/var/run/systemd/resolve/resolv.conf"
dest: "/etc/resolv.conf"
force: true
state: link
when:
- lxc_container_enable_resolved | bool
notify:
- Enable dbus
- Enable resolved
### REMOVE IN "S"
# NOTE(cloudnull): These tasks are cleaning up the old interfaces
# files. Remove this in the "S" release.
- name: Remove old route network interface(s)
file:
path: "{{ lxc_container_default_route_interfaces }}"
state: absent
with_dict: "{{ lxc_container_networks_combined }}"
when:
- lxc_container_default_route_interfaces is defined
- name: Remove old network interface(s)
file:
path: "{{ lxc_container_interface_target }}"
state: absent
with_dict: "{{ lxc_container_networks_combined }}"
when:
- lxc_container_interface_target is defined
- name: Remove old default network interface
file:
path: "{{ lxc_container_default_interface }}"
state: absent
when:
- lxc_container_default_interface is defined