From 2910c5ad600ddd5add1f559483b11615d5be95f5 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Evrard <jean-philippe@evrard.me>
Date: Tue, 8 May 2018 22:20:35 +0200
Subject: [PATCH] Add Bionic testing

Now that bionic testing is added into the tests repos, we can
start testing it in the repo.

cgmanager isn't in bionic, and therefore is removed

The service module isn't in bionic, and therefore it's been renamed to
"systemd".

The apparmor setup we were doing was breaking the apparmor profiles
required. While this worked in xenial it breaks bionic. To fix this
we're just disabling the apparmor profiles instead of trying to to
augment them through block file changes.

Depends-On: https://review.openstack.org/#/c/566959/
Change-Id: Ie4bca80d0dba7b0da0b5829b91cd6d815894aeaa
Co-Authored-By: Kevin Carter <kevin.carter@rackspace.com>
---
 defaults/main.yml                           |  2 +-
 handlers/main.yml                           | 18 +++----
 meta/main.yml                               |  1 +
 tasks/lxc_apparmor.yml                      | 36 ++++++++-----
 templates/prep-scripts/ubuntu_18_prep.sh.j2 | 53 +++++++++++++++++++
 vars/ubuntu-18.04-host.yml                  | 57 +++++++++++++++++++++
 vars/ubuntu-18.04.yml                       | 56 ++++++++++++++++++++
 zuul.d/project.yaml                         |  2 +
 8 files changed, 201 insertions(+), 24 deletions(-)
 create mode 100644 templates/prep-scripts/ubuntu_18_prep.sh.j2
 create mode 100644 vars/ubuntu-18.04-host.yml
 create mode 100644 vars/ubuntu-18.04.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index b9bcc1e1..89cc300d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -150,7 +150,7 @@ lxc_cache_prep_post_commands: '## post command skipped ##'
 # "{{ ansible_distribution }}-{{ ansible_distribution_version }}-container.yml"
 # or by providing the full path to a local file containing all of the variables
 # needed to prepare a container. built-in supported values are:
-#   [redhat-7.yml, suse-42.yml, ubuntu-16.04.yml]
+#   [redhat-7.yml, suse-42.yml, ubuntu-16.04.yml, ubuntu-18.04.yml]
 lxc_user_defined_container: null
 
 # Full path to the base image prep script. By default this will use the
diff --git a/handlers/main.yml b/handlers/main.yml
index 8eb5ee1e..382360c0 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -14,23 +14,23 @@
 # limitations under the License.
 
 - name: Start apparmor
-  service:
+  systemd:
     name: "apparmor"
     enabled: yes
     state: "started"
 
 - name: Reload apparmor
-  service:
+  systemd:
     name: "apparmor"
-    state: "reloaded"
+    state: "restarted"
 
 - name: Init reload
   command: "initctl reload-configuration"
 
 - name: Restart dbus
-  service:
+  systemd:
     name: "dbus"
-    state: "reloaded"
+    state: "restarted"
 
 - name: Restart machined
   systemd:
@@ -45,7 +45,7 @@
     state: "started"
 
 - name: Restart irqbalance
-  service:
+  systemd:
     name: "irqbalance"
     state: "restarted"
     enabled: "yes"
@@ -81,12 +81,12 @@
     state: "absent"
 
 - name: Restart dnsmasq
-  service:
+  systemd:
     name: "lxc-dnsmasq"
     state: "restarted"
     enabled: "yes"
     daemon_reload: yes
-  register: _lxc_dnsmasq_service
-  until: _lxc_dnsmasq_service | success
+  register: _lxc_dnsmasq_systemd
+  until: _lxc_dnsmasq_systemd | success
   retries: 5
   delay: 5
diff --git a/meta/main.yml b/meta/main.yml
index f9c31f0f..653ba14b 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -22,6 +22,7 @@ galaxy_info:
   platforms:
     - name: Ubuntu
       versions:
+        - bionic
         - xenial
     - name: EL
       versions:
diff --git a/tasks/lxc_apparmor.yml b/tasks/lxc_apparmor.yml
index 64dbf075..75fe36af 100644
--- a/tasks/lxc_apparmor.yml
+++ b/tasks/lxc_apparmor.yml
@@ -14,16 +14,18 @@
 
 # NOTE(hwoarang) default dnsmasq profile is too restrictive so we
 # need to adjust it for neutron.
-- name: Relax dnsmasq apparmor profile
-  blockinfile:
+- name: Check for apparmor profile
+  stat:
     path: "/etc/apparmor.d/local/usr.sbin.dnsmasq"
-    block: |-
-      /etc/neutron/** r,
-      /openstack/log/** rw,
-      /var/log/neutron/** rw,
-      /var/lib/neutron/** rw,
-      capability chown,
-    marker: "# {mark} ANSIBLE MANAGED BLOCK"
+  register: sbin_dnsmasq
+
+- name: Relax dnsmasq apparmor profile
+  file:
+    src: "/etc/apparmor.d/local/usr.sbin.dnsmasq"
+    dest: "/etc/apparmor.d/disable/usr.sbin.dnsmasq"
+    state: link
+  when:
+    - sbin_dnsmasq.stat.exists | bool
   notify:
     - Start apparmor
     - Reload apparmor
@@ -34,11 +36,18 @@
 
 # NOTE(hwoarang) add attach_disconnected to ping profile to allow it to
 # work on overlayfs
-- name: Relax ping apparmor profile
-  lineinfile:
-    line: /{usr/,}bin/ping flags=(attach_disconnected) {
+- name: Check for apparmor profile
+  stat:
     path: "/etc/apparmor.d/bin.ping"
-    regexp: '^/\{usr/,\}bin/ping.*\{'
+  register: bin_ping
+
+- name: Relax ping apparmor profile
+  file:
+    src: "/etc/apparmor.d/bin.ping"
+    dest: "/etc/apparmor.d/disable/usr.sbin.dnsmasq"
+    state: link
+  when:
+    - bin_ping.stat.exists | bool
   notify:
     - Start apparmor
     - Reload apparmor
@@ -61,4 +70,3 @@
     - lxc-files
     - lxc-apparmor
     - lxc_hosts-config
-
diff --git a/templates/prep-scripts/ubuntu_18_prep.sh.j2 b/templates/prep-scripts/ubuntu_18_prep.sh.j2
new file mode 100644
index 00000000..564d55b8
--- /dev/null
+++ b/templates/prep-scripts/ubuntu_18_prep.sh.j2
@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+# TODO(evrardjp): Make this script ubuntu version agnostic or
+# remove it if no change happens in bionic vs xenial
+set -e -x
+
+{{ lxc_cache_prep_pre_commands }}
+
+{% include 'templates/prep-scripts/_container_sys_setup.sh.j2' %}
+
+export DEBIAN_FRONTEND=noninteractive
+apt-get remove -y --purge snap* lxc* lxd* resolvconf* || true
+
+# Update base distribution
+apt-get update
+apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes gnupg
+
+apt-key add /root/repo.keys
+rm /root/repo.keys
+
+apt-get upgrade -y
+apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes {{ lxc_cache_distro_packages | join(' ') }}
+apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes
+rm -f /usr/bin/python
+rm /etc/machine-id || true
+rm /var/lib/dbus/machine-id || true
+touch /etc/machine-id
+rm /etc/sysctl.d/* || true
+echo '' > /etc/sysctl.conf
+ln -s /usr/bin/python2.7 /usr/bin/python
+mkdir -p /root/.ssh
+chmod 700 /root/.ssh
+userdel --force --remove ubuntu || true
+apt-get clean
+mkdir -p /var/backup
+mkdir -p /etc/network/interfaces.d
+chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
+for action in disable mask; do
+  systemctl ${action} resolvconf.service || true
+  systemctl ${action} systemd-networkd-resolvconf-update.path || true
+  systemctl ${action} systemd-networkd-resolvconf-update.service || true
+done
+
+{% for locale in lxc_cache_locales %}
+locale-gen {{ locale }}
+{% if loop.first | bool %}
+update-locale LANG={{ locale }}
+{% endif %}
+{% endfor %}
+
+# Set the IP of the lxcbr0 interface as the DNS server
+echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf
+systemctl enable systemd-networkd
+{{ lxc_cache_prep_post_commands }}
diff --git a/vars/ubuntu-18.04-host.yml b/vars/ubuntu-18.04-host.yml
new file mode 100644
index 00000000..64e030f3
--- /dev/null
+++ b/vars/ubuntu-18.04-host.yml
@@ -0,0 +1,57 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## APT Cache Options
+cache_timeout: 600
+
+# Required apt packages.
+lxc_hosts_distro_packages:
+  - apparmor
+  - apparmor-profiles
+  - apparmor-utils
+  - aria2
+  - bridge-utils
+  - btrfs-tools
+  - cgroup-lite
+  - dbus
+  - debootstrap
+  - dnsmasq-base
+  - git
+  - ifupdown
+  - iptables
+  - irqbalance
+  - language-pack-en
+  - liblxc1
+  - lxc
+  - lxc-dev
+  - lxc-templates
+  - python-dev
+  - python-lxc
+  - python3-lxc
+  - systemd-container
+  - pxz
+
+# Package to remove from the host
+lxc_hosts_remove_distro_packages:
+  - dnsmasq
+
+lxc_xz_bin: pxz
+
+system_config_dir: "/etc/default"
+systemd_utils_prefix: "/lib/systemd"
+
+lxc_cached_network_interfaces:
+  - src: "lxc-net-bridge.cfg.j2"
+    dest: "/etc/network/interfaces.d/lxc-net-bridge.cfg"
diff --git a/vars/ubuntu-18.04.yml b/vars/ubuntu-18.04.yml
new file mode 100644
index 00000000..1d82703e
--- /dev/null
+++ b/vars/ubuntu-18.04.yml
@@ -0,0 +1,56 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+_lxc_hosts_container_image_url: "http://cdimage.ubuntu.com/ubuntu-base/releases/18.04/release/ubuntu-base-18.04-base-{{ lxc_cache_map.arch }}.tar.gz"
+
+_lxc_cache_map:
+  distro: ubuntu
+  arch: "{{ lxc_architecture_mapping.get( ansible_architecture ) }}"
+  release: bionic
+  copy_from_host:
+    - /etc/apt/sources.list
+    - /etc/apt/apt.conf.d/
+    - /etc/apt/preferences.d/
+    - /etc/environment
+    - /etc/localtime
+    - /root/repo.keys
+    - /etc/protocols
+
+_lxc_cache_prep_template: "prep-scripts/ubuntu_18_prep.sh.j2"
+
+_lxc_cache_distro_packages:
+  - apt-transport-https
+  - ca-certificates
+  - cron # bionic doesn't have cronie
+  - dbus
+  - debianutils # for 'which' executable
+  - gcc
+  - iproute2
+  - iputils-ping
+  - libffi-dev
+  - libssl-dev
+  - locales
+  - netbase
+  - openssh-server
+  - openssl
+  - python2.7
+  - python-dev
+  - python3-dev
+  - rsync
+  - sudo
+  - systemd
+  - systemd-sysv
+  - tar
+  - wget
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index c5c49ff2..50454a6c 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -18,6 +18,7 @@
         - openstack-ansible-linters
         - openstack-ansible-functional-centos-7
         - openstack-ansible-functional-opensuse-423
+        - openstack-ansible-functional-ubuntu-bionic
         - openstack-ansible-functional-ubuntu-xenial
         - openstack-ansible-lxc-dir-centos-7
         - openstack-ansible-lxc-dir-opensuse-423
@@ -40,4 +41,5 @@
         - openstack-ansible-linters
         - openstack-ansible-functional-centos-7
         - openstack-ansible-functional-opensuse-423
+        - openstack-ansible-functional-ubuntu-bionic
         - openstack-ansible-functional-ubuntu-xenial