Add Bionic testing

Now that bionic testing is added into the tests repos, we can
start testing it in the repo.

cgmanager isn't in bionic, and therefore is removed

The service module isn't in bionic, and therefore it's been renamed to
"systemd".

The apparmor setup we were doing was breaking the apparmor profiles
required. While this worked in xenial it breaks bionic. To fix this
we're just disabling the apparmor profiles instead of trying to to
augment them through block file changes.

Depends-On: https://review.openstack.org/#/c/566959/
Change-Id: Ie4bca80d0dba7b0da0b5829b91cd6d815894aeaa
Co-Authored-By: Kevin Carter <kevin.carter@rackspace.com>

defaults/main.yml

@@ -150,7 +150,7 @@ lxc_cache_prep_post_commands: '## post command skipped ##'
 # "{{ ansible_distribution }}-{{ ansible_distribution_version }}-container.yml"
 # or by providing the full path to a local file containing all of the variables
 # needed to prepare a container. built-in supported values are:
-#   [redhat-7.yml, suse-42.yml, ubuntu-16.04.yml]
+#   [redhat-7.yml, suse-42.yml, ubuntu-16.04.yml, ubuntu-18.04.yml]
 lxc_user_defined_container: null
 
 # Full path to the base image prep script. By default this will use the

handlers/main.yml

@@ -14,23 +14,23 @@
 # limitations under the License.
 
 - name: Start apparmor
-  service:
+  systemd:
     name: "apparmor"
     enabled: yes
     state: "started"
 
 - name: Reload apparmor
-  service:
+  systemd:
     name: "apparmor"
-    state: "reloaded"
+    state: "restarted"
 
 - name: Init reload
   command: "initctl reload-configuration"
 
 - name: Restart dbus
-  service:
+  systemd:
     name: "dbus"
-    state: "reloaded"
+    state: "restarted"
 
 - name: Restart machined
   systemd:
@@ -45,7 +45,7 @@
     state: "started"
 
 - name: Restart irqbalance
-  service:
+  systemd:
     name: "irqbalance"
     state: "restarted"
     enabled: "yes"
@@ -81,12 +81,12 @@
     state: "absent"
 
 - name: Restart dnsmasq
-  service:
+  systemd:
     name: "lxc-dnsmasq"
     state: "restarted"
     enabled: "yes"
     daemon_reload: yes
-  register: _lxc_dnsmasq_service
+  register: _lxc_dnsmasq_systemd
-  until: _lxc_dnsmasq_service | success
+  until: _lxc_dnsmasq_systemd | success
   retries: 5
   delay: 5

meta/main.yml

@@ -22,6 +22,7 @@ galaxy_info:
   platforms:
     - name: Ubuntu
       versions:
+        - bionic
         - xenial
     - name: EL
       versions:

tasks/lxc_apparmor.yml

@@ -14,16 +14,18 @@
 
 # NOTE(hwoarang) default dnsmasq profile is too restrictive so we
 # need to adjust it for neutron.
-- name: Relax dnsmasq apparmor profile
+- name: Check for apparmor profile
-  blockinfile:
+  stat:
     path: "/etc/apparmor.d/local/usr.sbin.dnsmasq"
-    block: |-
+  register: sbin_dnsmasq
-      /etc/neutron/** r,
+
-      /openstack/log/** rw,
+- name: Relax dnsmasq apparmor profile
-      /var/log/neutron/** rw,
+  file:
-      /var/lib/neutron/** rw,
+    src: "/etc/apparmor.d/local/usr.sbin.dnsmasq"
-      capability chown,
+    dest: "/etc/apparmor.d/disable/usr.sbin.dnsmasq"
-    marker: "# {mark} ANSIBLE MANAGED BLOCK"
+    state: link
+  when:
+    - sbin_dnsmasq.stat.exists | bool
   notify:
     - Start apparmor
     - Reload apparmor
@@ -34,11 +36,18 @@
 
 # NOTE(hwoarang) add attach_disconnected to ping profile to allow it to
 # work on overlayfs
-- name: Relax ping apparmor profile
+- name: Check for apparmor profile
-  lineinfile:
+  stat:
-    line: /{usr/,}bin/ping flags=(attach_disconnected) {
     path: "/etc/apparmor.d/bin.ping"
-    regexp: '^/\{usr/,\}bin/ping.*\{'
+  register: bin_ping
+
+- name: Relax ping apparmor profile
+  file:
+    src: "/etc/apparmor.d/bin.ping"
+    dest: "/etc/apparmor.d/disable/usr.sbin.dnsmasq"
+    state: link
+  when:
+    - bin_ping.stat.exists | bool
   notify:
     - Start apparmor
     - Reload apparmor
@@ -61,4 +70,3 @@
     - lxc-files
     - lxc-apparmor
     - lxc_hosts-config
-

templates/prep-scripts/ubuntu_18_prep.sh.j2

@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+# TODO(evrardjp): Make this script ubuntu version agnostic or
+# remove it if no change happens in bionic vs xenial
+set -e -x
+
+{{ lxc_cache_prep_pre_commands }}
+
+{% include 'templates/prep-scripts/_container_sys_setup.sh.j2' %}
+
+export DEBIAN_FRONTEND=noninteractive
+apt-get remove -y --purge snap* lxc* lxd* resolvconf* || true
+
+# Update base distribution
+apt-get update
+apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes gnupg
+
+apt-key add /root/repo.keys
+rm /root/repo.keys
+
+apt-get upgrade -y
+apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes {{ lxc_cache_distro_packages | join(' ') }}
+apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes
+rm -f /usr/bin/python
+rm /etc/machine-id || true
+rm /var/lib/dbus/machine-id || true
+touch /etc/machine-id
+rm /etc/sysctl.d/* || true
+echo '' > /etc/sysctl.conf
+ln -s /usr/bin/python2.7 /usr/bin/python
+mkdir -p /root/.ssh
+chmod 700 /root/.ssh
+userdel --force --remove ubuntu || true
+apt-get clean
+mkdir -p /var/backup
+mkdir -p /etc/network/interfaces.d
+chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
+for action in disable mask; do
+  systemctl ${action} resolvconf.service || true
+  systemctl ${action} systemd-networkd-resolvconf-update.path || true
+  systemctl ${action} systemd-networkd-resolvconf-update.service || true
+done
+
+{% for locale in lxc_cache_locales %}
+locale-gen {{ locale }}
+{% if loop.first | bool %}
+update-locale LANG={{ locale }}
+{% endif %}
+{% endfor %}
+
+# Set the IP of the lxcbr0 interface as the DNS server
+echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf
+systemctl enable systemd-networkd
+{{ lxc_cache_prep_post_commands }}

vars/ubuntu-18.04-host.yml

@@ -0,0 +1,57 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## APT Cache Options
+cache_timeout: 600
+
+# Required apt packages.
+lxc_hosts_distro_packages:
+  - apparmor
+  - apparmor-profiles
+  - apparmor-utils
+  - aria2
+  - bridge-utils
+  - btrfs-tools
+  - cgroup-lite
+  - dbus
+  - debootstrap
+  - dnsmasq-base
+  - git
+  - ifupdown
+  - iptables
+  - irqbalance
+  - language-pack-en
+  - liblxc1
+  - lxc
+  - lxc-dev
+  - lxc-templates
+  - python-dev
+  - python-lxc
+  - python3-lxc
+  - systemd-container
+  - pxz
+
+# Package to remove from the host
+lxc_hosts_remove_distro_packages:
+  - dnsmasq
+
+lxc_xz_bin: pxz
+
+system_config_dir: "/etc/default"
+systemd_utils_prefix: "/lib/systemd"
+
+lxc_cached_network_interfaces:
+  - src: "lxc-net-bridge.cfg.j2"
+    dest: "/etc/network/interfaces.d/lxc-net-bridge.cfg"

vars/ubuntu-18.04.yml

@@ -0,0 +1,56 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+_lxc_hosts_container_image_url: "http://cdimage.ubuntu.com/ubuntu-base/releases/18.04/release/ubuntu-base-18.04-base-{{ lxc_cache_map.arch }}.tar.gz"
+
+_lxc_cache_map:
+  distro: ubuntu
+  arch: "{{ lxc_architecture_mapping.get( ansible_architecture ) }}"
+  release: bionic
+  copy_from_host:
+    - /etc/apt/sources.list
+    - /etc/apt/apt.conf.d/
+    - /etc/apt/preferences.d/
+    - /etc/environment
+    - /etc/localtime
+    - /root/repo.keys
+    - /etc/protocols
+
+_lxc_cache_prep_template: "prep-scripts/ubuntu_18_prep.sh.j2"
+
+_lxc_cache_distro_packages:
+  - apt-transport-https
+  - ca-certificates
+  - cron # bionic doesn't have cronie
+  - dbus
+  - debianutils # for 'which' executable
+  - gcc
+  - iproute2
+  - iputils-ping
+  - libffi-dev
+  - libssl-dev
+  - locales
+  - netbase
+  - openssh-server
+  - openssl
+  - python2.7
+  - python-dev
+  - python3-dev
+  - rsync
+  - sudo
+  - systemd
+  - systemd-sysv
+  - tar
+  - wget

zuul.d/project.yaml

@@ -18,6 +18,7 @@
         - openstack-ansible-linters
         - openstack-ansible-functional-centos-7
         - openstack-ansible-functional-opensuse-423
+        - openstack-ansible-functional-ubuntu-bionic
         - openstack-ansible-functional-ubuntu-xenial
         - openstack-ansible-lxc-dir-centos-7
         - openstack-ansible-lxc-dir-opensuse-423
@@ -40,4 +41,5 @@
         - openstack-ansible-linters
         - openstack-ansible-functional-centos-7
         - openstack-ansible-functional-opensuse-423
+        - openstack-ansible-functional-ubuntu-bionic
         - openstack-ansible-functional-ubuntu-xenial