Merge "Add Bionic testing"

2018-05-14 20:59:11 +00:00 · 2018-05-14 20:59:11 +00:00 · 3d5f38f23c
commit 3d5f38f23c
parent bc1e87b611 2910c5ad60
8 changed files with 201 additions and 24 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -150,7 +150,7 @@ lxc_cache_prep_post_commands: '## post command skipped ##'
 # "{{ ansible_distribution }}-{{ ansible_distribution_version }}-container.yml"
 # or by providing the full path to a local file containing all of the variables
 # needed to prepare a container. built-in supported values are:
-#   [redhat-7.yml, suse-42.yml, ubuntu-16.04.yml]
+#   [redhat-7.yml, suse-42.yml, ubuntu-16.04.yml, ubuntu-18.04.yml]
 lxc_user_defined_container: null

 # Full path to the base image prep script. By default this will use the
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -14,23 +14,23 @@
 # limitations under the License.

 - name: Start apparmor
-  service:
+  systemd:
    name: "apparmor"
    enabled: yes
    state: "started"

 - name: Reload apparmor
-  service:
+  systemd:
    name: "apparmor"
-    state: "reloaded"
+    state: "restarted"

 - name: Init reload
  command: "initctl reload-configuration"

 - name: Restart dbus
-  service:
+  systemd:
    name: "dbus"
-    state: "reloaded"
+    state: "restarted"

 - name: Restart machined
  systemd:
@ -59,7 +59,7 @@
    - skip_ansible_lint

 - name: Restart irqbalance
-  service:
+  systemd:
    name: "irqbalance"
    state: "restarted"
    enabled: "yes"
@ -95,12 +95,12 @@
    state: "absent"

 - name: Restart dnsmasq
-  service:
+  systemd:
    name: "lxc-dnsmasq"
    state: "restarted"
    enabled: "yes"
    daemon_reload: yes
-  register: _lxc_dnsmasq_service
-  until: _lxc_dnsmasq_service | success
+  register: _lxc_dnsmasq_systemd
+  until: _lxc_dnsmasq_systemd | success
  retries: 5
  delay: 5
--- a/meta/main.yml
+++ b/meta/main.yml
@ -22,6 +22,7 @@ galaxy_info:
  platforms:
    - name: Ubuntu
      versions:
+        - bionic
        - xenial
    - name: EL
      versions:
--- a/tasks/lxc_apparmor.yml
+++ b/tasks/lxc_apparmor.yml
@ -14,16 +14,18 @@

 # NOTE(hwoarang) default dnsmasq profile is too restrictive so we
 # need to adjust it for neutron.
- name: Relax dnsmasq apparmor profile
-  blockinfile:
+- name: Check for apparmor profile
+  stat:
    path: "/etc/apparmor.d/local/usr.sbin.dnsmasq"
-    block: |-
-      /etc/neutron/** r,
-      /openstack/log/** rw,
-      /var/log/neutron/** rw,
-      /var/lib/neutron/** rw,
-      capability chown,
-    marker: "# {mark} ANSIBLE MANAGED BLOCK"
+  register: sbin_dnsmasq
+
+- name: Relax dnsmasq apparmor profile
+  file:
+    src: "/etc/apparmor.d/local/usr.sbin.dnsmasq"
+    dest: "/etc/apparmor.d/disable/usr.sbin.dnsmasq"
+    state: link
+  when:
+    - sbin_dnsmasq.stat.exists | bool
  notify:
    - Start apparmor
    - Reload apparmor
@ -34,11 +36,18 @@

 # NOTE(hwoarang) add attach_disconnected to ping profile to allow it to
 # work on overlayfs
- name: Relax ping apparmor profile
-  lineinfile:
-    line: /{usr/,}bin/ping flags=(attach_disconnected) {
+- name: Check for apparmor profile
+  stat:
    path: "/etc/apparmor.d/bin.ping"
-    regexp: '^/\{usr/,\}bin/ping.*\{'
+  register: bin_ping
+
+- name: Relax ping apparmor profile
+  file:
+    src: "/etc/apparmor.d/bin.ping"
+    dest: "/etc/apparmor.d/disable/usr.sbin.dnsmasq"
+    state: link
+  when:
+    - bin_ping.stat.exists | bool
  notify:
    - Start apparmor
    - Reload apparmor
@ -61,4 +70,3 @@
    - lxc-files
    - lxc-apparmor
    - lxc_hosts-config
-
--- a/templates/prep-scripts/ubuntu_18_prep.sh.j2
+++ b/templates/prep-scripts/ubuntu_18_prep.sh.j2
@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+# TODO(evrardjp): Make this script ubuntu version agnostic or
+# remove it if no change happens in bionic vs xenial
+set -e -x
+
+{{ lxc_cache_prep_pre_commands }}
+
+{% include 'templates/prep-scripts/_container_sys_setup.sh.j2' %}
+
+export DEBIAN_FRONTEND=noninteractive
+apt-get remove -y --purge snap* lxc* lxd* resolvconf* || true
+
+# Update base distribution
+apt-get update
+apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes gnupg
+
+apt-key add /root/repo.keys
+rm /root/repo.keys
+
+apt-get upgrade -y
+apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes {{ lxc_cache_distro_packages | join(' ') }}
+apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes
+rm -f /usr/bin/python
+rm /etc/machine-id || true
+rm /var/lib/dbus/machine-id || true
+touch /etc/machine-id
+rm /etc/sysctl.d/* || true
+echo '' > /etc/sysctl.conf
+ln -s /usr/bin/python2.7 /usr/bin/python
+mkdir -p /root/.ssh
+chmod 700 /root/.ssh
+userdel --force --remove ubuntu || true
+apt-get clean
+mkdir -p /var/backup
+mkdir -p /etc/network/interfaces.d
+chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
+for action in disable mask; do
+  systemctl ${action} resolvconf.service || true
+  systemctl ${action} systemd-networkd-resolvconf-update.path || true
+  systemctl ${action} systemd-networkd-resolvconf-update.service || true
+done
+
+{% for locale in lxc_cache_locales %}
+locale-gen {{ locale }}
+{% if loop.first | bool %}
+update-locale LANG={{ locale }}
+{% endif %}
+{% endfor %}
+
+# Set the IP of the lxcbr0 interface as the DNS server
+echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf
+systemctl enable systemd-networkd
+{{ lxc_cache_prep_post_commands }}
--- a/vars/ubuntu-18.04-host.yml
+++ b/vars/ubuntu-18.04-host.yml
@ -0,0 +1,57 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## APT Cache Options
+cache_timeout: 600
+
+# Required apt packages.
+lxc_hosts_distro_packages:
+  - apparmor
+  - apparmor-profiles
+  - apparmor-utils
+  - aria2
+  - bridge-utils
+  - btrfs-tools
+  - cgroup-lite
+  - dbus
+  - debootstrap
+  - dnsmasq-base
+  - git
+  - ifupdown
+  - iptables
+  - irqbalance
+  - language-pack-en
+  - liblxc1
+  - lxc
+  - lxc-dev
+  - lxc-templates
+  - python-dev
+  - python-lxc
+  - python3-lxc
+  - systemd-container
+  - pxz
+
+# Package to remove from the host
+lxc_hosts_remove_distro_packages:
+  - dnsmasq
+
+lxc_xz_bin: pxz
+
+system_config_dir: "/etc/default"
+systemd_utils_prefix: "/lib/systemd"
+
+lxc_cached_network_interfaces:
+  - src: "lxc-net-bridge.cfg.j2"
+    dest: "/etc/network/interfaces.d/lxc-net-bridge.cfg"
--- a/vars/ubuntu-18.04.yml
+++ b/vars/ubuntu-18.04.yml
@ -0,0 +1,56 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+_lxc_hosts_container_image_url: "http://cdimage.ubuntu.com/ubuntu-base/releases/18.04/release/ubuntu-base-18.04-base-{{ lxc_cache_map.arch }}.tar.gz"
+
+_lxc_cache_map:
+  distro: ubuntu
+  arch: "{{ lxc_architecture_mapping.get( ansible_architecture ) }}"
+  release: bionic
+  copy_from_host:
+    - /etc/apt/sources.list
+    - /etc/apt/apt.conf.d/
+    - /etc/apt/preferences.d/
+    - /etc/environment
+    - /etc/localtime
+    - /root/repo.keys
+    - /etc/protocols
+
+_lxc_cache_prep_template: "prep-scripts/ubuntu_18_prep.sh.j2"
+
+_lxc_cache_distro_packages:
+  - apt-transport-https
+  - ca-certificates
+  - cron # bionic doesn't have cronie
+  - dbus
+  - debianutils # for 'which' executable
+  - gcc
+  - iproute2
+  - iputils-ping
+  - libffi-dev
+  - libssl-dev
+  - locales
+  - netbase
+  - openssh-server
+  - openssl
+  - python2.7
+  - python-dev
+  - python3-dev
+  - rsync
+  - sudo
+  - systemd
+  - systemd-sysv
+  - tar
+  - wget
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@ -18,6 +18,7 @@
        - openstack-ansible-linters
        - openstack-ansible-functional-centos-7
        - openstack-ansible-functional-opensuse-423
+        - openstack-ansible-functional-ubuntu-bionic
        - openstack-ansible-functional-ubuntu-xenial
        - openstack-ansible-lxc-dir-centos-7
        - openstack-ansible-lxc-dir-opensuse-423
@ -40,4 +41,5 @@
        - openstack-ansible-linters
        - openstack-ansible-functional-centos-7
        - openstack-ansible-functional-opensuse-423
+        - openstack-ansible-functional-ubuntu-bionic
        - openstack-ansible-functional-ubuntu-xenial