Merge "add gentoo support"

2019-02-23 04:35:29 +00:00 · 2019-02-23 04:35:29 +00:00 · 468cffb585
commit 468cffb585
parent 1fca76c8d3 32d0a30c35
14 changed files with 291 additions and 7 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -103,6 +103,7 @@ lxc_net_bridge: lxcbr0
 lxc_net_bridge_port: none
 lxc_net_address: 10.0.3.1
 lxc_net_netmask: 255.255.255.0
+lxc_net_cidr: 24
 lxc_net_gateway: null  ## if null, no gateway will be on the LXC bridge. lxc_net_nat must be "false" to use a gateway.
 #lxc_net_mtu: 1500 ##setting this variable will add mtu configuration for the lxc config and network bridge

@ -193,7 +194,7 @@ lxc_cache_distro_packages: "{{ _lxc_cache_distro_packages + lxc_cache_extra_dist
 # preparation process. This is necessary to mitigate the issue that can
 # arise where the cache prep hangs and never fails.
 # The value is specified in seconds, with the default being 20 minutes.
-lxc_cache_prep_timeout: 1200
+lxc_cache_prep_timeout: "{{ _lxc_cache_prep_timeout | default(1200) }}"

 # Set the server to download LXC images from.
 lxc_image_cache_server_mirrors:
@ -241,8 +242,7 @@ lxc_cache_download_template_options: >-
  {{ lxc_cache_download_template_extra_options }}

 # Locales to populate in the LXC base cache
-lxc_cache_locales:
-  - en_US.UTF-8
+lxc_cache_locales: "{{ _lxc_cache_locales | default(['en_US.UTF-8']) }}"

 # LXC must be installed from a COPR repository on CentOS 7 since the version
 # provided in EPEL is much too old (1.x).
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -27,6 +27,11 @@
 - name: Init reload
  command: "initctl reload-configuration"

+- name: Restart importd
+  systemd:
+    name: "systemd-importd.service"
+    state: "restarted"
+
 - name: Enable machines mount
  systemd:
    daemon_reload: yes
@ -59,10 +64,24 @@
  shell: "ifdown {{ lxc_net_bridge }} || true"
  notify:
    - Bring bridge up
+    - Reload networkd
    - Veth check

 - name: Bring bridge up
  command: "ifup {{ lxc_net_bridge }}"
+  when:
+    - "ansible_distribution | lower != 'gentoo'"
+
+- name: Reload networkd
+  systemd:
+    name: "systemd-networkd"
+    state: "restarted"
+    enabled: "yes"
+    daemon_reload: "yes"
+  retries: 5
+  delay: 5
+  when:
+    - "ansible_distribution | lower == 'gentoo'"

 - name: Veth check
  command: "/usr/local/bin/lxc-veth-check"
--- a/tasks/lxc_cache_preparation.yml
+++ b/tasks/lxc_cache_preparation.yml
@ -112,7 +112,7 @@
 - name: Prepare cached image setup commands
  shell: "chroot {{ lxc_image_cache_path }} /opt/cache-prep-commands.sh > /var/log/lxc-cache-prep-commands.log 2>&1"
  changed_when: false
-  async: "{{ lxc_cache_prep_timeout }}"
+  async: "{{ lxc_cache_prep_timeout | int }}"
  poll: 0
  register: _lxc_cache_prepare_commands

@ -135,7 +135,7 @@
  register: _lxc_cache_prepare_commands_result
  until: _lxc_cache_prepare_commands_result.finished
  delay: 10
-  retries: "{{ lxc_cache_prep_timeout // 10 }}"
+  retries: "{{ lxc_cache_prep_timeout | int // 10 }}"

 - name: Remove requiretty for sudo on centos
  template:
--- a/tasks/lxc_cache_preparation_systemd_new.yml
+++ b/tasks/lxc_cache_preparation_systemd_new.yml
@ -30,6 +30,15 @@
  until: job_result.finished
  retries: 60

+- name: Ensure systemd-importd is enabled
+  systemd:
+    name: "systemd-importd"
+    state: "started"
+    enabled: "yes"
+    daemon_reload: "yes"
+  notify:
+    - Restart importd
+
 - name: Retrieve base image
  command: >-
    machinectl
--- a/tasks/lxc_cache_prestage.yml
+++ b/tasks/lxc_cache_prestage.yml
@ -58,7 +58,7 @@
  args:
    warn: no
  register: prestage_image
-  async: "{{ lxc_cache_prep_timeout // 5 }}"
+  async: "{{ lxc_cache_prep_timeout | int // 5 }}"
  poll: 0
  tags:
    - skip_ansible_lint
--- a/tasks/lxc_install_portage.yml
+++ b/tasks/lxc_install_portage.yml
@ -0,0 +1,47 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Remove conflicting packages
+  portage:
+    package: "{{ lxc_hosts_remove_distro_packages }}"
+    state: absent
+  tags:
+    - lxc-ebuild-packages
+
+- name: Install gentoo packages
+  portage:
+    package: "{{ lxc_hosts_distro_packages }}"
+    state: "{{ lxc_hosts_package_state }}"
+    jobs: 4
+  register: install_packages
+  until: install_packages is success
+  retries: 5
+  delay: 2
+  tags:
+    - lxc-ebuild-packages
+
+- name: Drop irqbalance config
+  template:
+    src: "irqbalance.j2"
+    dest: "{{ system_config_dir }}/irqbalance"
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  notify:
+    - Restart irqbalance
+  tags:
+    - lxc-files
+    - lxc-irqbalance
+    - lxc_hosts-config
--- a/tasks/lxc_net.yml
+++ b/tasks/lxc_net.yml
@ -41,6 +41,7 @@
  with_items: "{{ lxc_cached_network_interfaces }}"
  notify:
    - Restart bridge
+    - Reload networkd
  tags:
    - lxc-files
    - lxc-net
@ -66,6 +67,7 @@
    - ansible_pkg_mgr == "zypper"
  notify:
    - Bring bridge up
+    - Reload networkd
  tags:
    - lxc-files
    - lxc-net
@ -88,11 +90,14 @@
 # NOTE(mhayden): There are ifup hooks that handle the customized LXC container
 # networking. Starting lxc-net will trample over these hooks and cause
 # networking issues for containers.
+# NOTE(prometheanfire): lxc-net is not installed on gentoo
 - name: Disable and stop lxc-net
  service:
    name: lxc-net
    enabled: no
    state: stopped
+  when:
+    - "ansible_distribution | lower != 'gentoo'"
  tags:
    - lxc-net

@ -101,6 +106,8 @@
    src: /dev/null
    path: /etc/systemd/system/lxc-net.service
    state: link
+  when:
+    - "ansible_distribution | lower != 'gentoo'"
  tags:
    - lxc-files
    - lxc-net
@ -141,6 +148,7 @@
  changed_when: bridge_check.state == 'absent'
  notify:
    - Bring bridge up
+    - Reload networkd
  tags:
    - lxc-bridge

--- a/tasks/lxc_pre_install.yml
+++ b/tasks/lxc_pre_install.yml
@ -32,3 +32,18 @@
    - "{{ lxc_container_cache_path }}"
  tags:
    - lxc-directories
+
+# NOTE(prometheanfire): only set the var on gentoo
+- name: fetch latest Gentoo systemd image metadata
+  uri:
+    url: "http://distfiles.gentoo.org/releases/amd64/autobuilds/latest-stage4-amd64-systemd.txt"
+    return_content: yes
+  register: _gentoo_latest_stage4_systemd_metadata
+  when:
+    - ansible_distribution | lower == 'gentoo'
+
+- name: set _lxc_hosts_container_image_url fact for gentoo
+  set_fact:
+    _lxc_hosts_container_image_url: "http://distfiles.gentoo.org/releases/amd64/autobuilds/{{ _gentoo_latest_stage4_systemd_metadata.content.split('\n')[-2].split()[0] }}"
+  when:
+    - ansible_distribution | lower == 'gentoo'
--- a/templates/lxc-networkd-bridge.netdev.j2
+++ b/templates/lxc-networkd-bridge.netdev.j2
@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+[NetDev]
+Name={{ lxc_net_bridge }}
+Kind=bridge
+
+[Bridge]
+ForwardDelaySec=0
+HelloTimeSec=2
+MaxAgeSec=12
+STP=off
--- a/templates/lxc-networkd-bridge.network.j2
+++ b/templates/lxc-networkd-bridge.network.j2
@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+[Match]
+Name={{ lxc_net_bridge }}
+
+[Network]
+Address={{ (lxc_net_address ~ '/' ~ lxc_net_netmask) | ipaddr('cidr') }}
+{% if lxc_net_gateway is not none %}
+Gateway={{ lxc_net_gateway }}
+{% endif %}
+ConfigureWithoutCarrier=yes
--- a/templates/prep-scripts/_container_sys_setup.sh.j2
+++ b/templates/prep-scripts/_container_sys_setup.sh.j2
@ -14,11 +14,14 @@ mkdir -p /root/.gnupg
 [ ! -e /dev/null ] && mknod -m 0666 /dev/null c 1 3
 [ ! -e /dev/random ] && mknod -m 0666 /dev/random c 1 8
 [ ! -e /dev/urandom ] && mknod -m 0666 /dev/urandom c 1 9
+ln -sf /proc/self/fd /dev/fd

 for i in {0..5}; do
  [ ! -e "/dev/pts/$i" ] && mknod -m 0666 "/dev/pts/$i" c 136 $i
 done
-[ ! -e /dev/pts/ptmx ] && mknod -m 0666 /dev/pts/ptmx c 5 2
+# file check does not seem to work at all times
+[ ! -e /dev/ptmx ] && mknod -m 0666 /dev/ptmx c 5 2 || true
+[ ! -e /dev/pts/ptmx ] && mknod -m 0000 /dev/pts/ptmx c 5 2

 # Create the directory where local facts will be stored
 mkdir -p /etc/ansible/facts.d
--- a/templates/prep-scripts/gentoo_systemd_prep.sh.j2
+++ b/templates/prep-scripts/gentoo_systemd_prep.sh.j2
@ -0,0 +1,67 @@
+#!/usr/bin/env bash
+set -e -x
+
+{{ lxc_cache_prep_pre_commands }}
+
+{% include 'templates/prep-scripts/_container_sys_setup.sh.j2' %}
+
+mount -t proc proc /proc
+mkdir /dev/shm
+mount -t tmpfs none /dev/shm
+chmod 1777 /dev/shm
+
+mkdir -p /etc/portage/repos.conf
+echo -n '[DEFAULT]
+main-repo = gentoo
+
+[gentoo]
+sync-type = webrsync
+sync-webrsync-verify-signature = true
+sync-openpgp-key-refresh-retry-count = 0
+sync-openpgp-key-path = /usr/share/openpgp-keys/gentoo-release.asc
+location = /usr/portage
+auto-sync = true' > /etc/portage/repos.conf/repos.conf
+emerge --sync
+emerge -C app-emulation/lxc app-emulation/lxc-templates sys-fs/lxcfs || true
+
+## Update base distribution
+# make world consistant
+USE="-build" emerge -q --complete-graph=y --jobs=4 --update --newuse --deep --with-bdeps=y @world
+# rebuild packages that might need it
+USE="-build" emerge -q --jobs=4 --usepkg=n @preserved-rebuild
+# remove unneeded packages
+USE="-build" emerge --verbose=n --ask=n --depclean
+# rebuild packages that might have somehow depended on the unneeded packages
+USE="-build" emerge -q --jobs=4 --usepkg=n @preserved-rebuild
+# update config files
+etc-update --automode -5
+
+emerge --jobs=4 {{ lxc_cache_distro_packages | join(' ') }}
+eselect python set python2.7
+rm /etc/machine-id || true
+rm /var/lib/dbus/machine-id || true
+touch /etc/machine-id
+rm /etc/sysctl.d/* || true
+echo '' > /etc/sysctl.conf
+mkdir -p /root/.ssh
+chmod 700 /root/.ssh
+eclean-dist
+mkdir -p /var/backup
+chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
+systemctl disable systemd-resolved.service || true
+#systemctl mask systemd-resolved.service || true
+
+{% for locale in lxc_cache_locales %}
+echo "{{ locale }}" >> /etc/locale.gen
+{% if loop.first | bool %}
+{% endif %}
+{% endfor %}
+locale-gen
+
+# Set the IP of the lxcbr0 interface as the DNS server
+echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf
+systemctl enable systemd-networkd
+umount -f /dev/shm
+rmdir /dev/shm
+umount -f /proc
+{{ lxc_cache_prep_post_commands }}
--- a/vars/gentoo-host.yml
+++ b/vars/gentoo-host.yml
@ -0,0 +1,49 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Required packages.
+lxc_hosts_distro_packages:
+  - net-misc/aria2
+  - net-misc/bridge-utils
+  - sys-fs/btrfs-progs
+  - app-admin/cgmanager
+  - sys-apps/dbus
+  - dev-util/debootstrap
+  - net-dns/dnsmasq
+  - dev-vcs/git
+  - sys-libs/libseccomp
+  - net-firewall/iptables
+  - sys-apps/irqbalance
+  - app-emulation/lxc
+  - app-emulation/lxc-templates
+  - dev-python/lxc-python2
+  - dev-python/python3-lxc
+  - app-arch/xz-utils
+  - sys-apps/ethtool
+
+# Package to remove from the host
+lxc_hosts_remove_distro_packages:
+  - dnsmasq
+
+lxc_xz_bin: xz
+
+system_config_dir: "/etc/conf.d"
+systemd_utils_prefix: "/lib/systemd"
+
+lxc_cached_network_interfaces:
+  - src: "lxc-networkd-bridge.network.j2"
+    dest: "/etc/systemd/network/{{ lxc_net_bridge }}.network"
+  - src: "lxc-networkd-bridge.netdev.j2"
+    dest: "/etc/systemd/network/{{ lxc_net_bridge }}.netdev"
--- a/vars/gentoo.yml
+++ b/vars/gentoo.yml
@ -0,0 +1,47 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+_lxc_cache_map:
+  distro: gentoo
+  arch: "{{ lxc_architecture_mapping.get( ansible_architecture ) }}"
+  release: 17.0-systemd
+  copy_from_host:
+    - /etc/portage/make.conf
+    - /etc/portage/package.keywords/*
+    - /etc/portage/package.use/*
+    - /etc/environment
+    - /etc/localtime
+    - /etc/protocols
+
+_lxc_cache_prep_template: "prep-scripts/gentoo_systemd_prep.sh.j2"
+
+_lxc_cache_prep_timeout: 1800
+_lxc_cache_locales:
+  - "en_US.UTF-8 UTF-8"
+
+_lxc_cache_distro_packages:
+  - app-portage/gentoolkit
+  - app-misc/ca-certificates
+  - sys-process/cronie
+  - sys-apps/dbus
+  - sys-apps/iproute2
+  - net-misc/iputils
+  - virtual/libffi
+  - dev-libs/openssl
+  - net-misc/openssh
+  - net-misc/rsync
+  - app-admin/sudo
+  - app-arch/tar
+  - net-misc/wget