diff --git a/templates/prep-scripts/_container_sys_setup.sh.j2 b/templates/prep-scripts/_container_sys_setup.sh.j2 index e1c14603..899855f6 100644 --- a/templates/prep-scripts/_container_sys_setup.sh.j2 +++ b/templates/prep-scripts/_container_sys_setup.sh.j2 @@ -11,17 +11,23 @@ mkdir -p /root/.gnupg # In order for the package manager to function /dev/null, /dev/random and # /dev/urandom must exist. This is is being run here because some images do not # create /dev/null by default. -[ ! -e /dev/null ] && mknod -m 0666 /dev/null c 1 3 -[ ! -e /dev/random ] && mknod -m 0666 /dev/random c 1 8 -[ ! -e /dev/urandom ] && mknod -m 0666 /dev/urandom c 1 9 +[ ! -e /dev/null ] && mknod /dev/null c 1 3 +chown 0666 /dev/null +[ ! -e /dev/random ] && mknod /dev/random c 1 8 +chown 0666 /dev/random +[ ! -e /dev/urandom ] && mknod /dev/urandom c 1 9 +chown 0666 /dev/urandom ln -sf /proc/self/fd /dev/fd for i in {0..5}; do - [ ! -e "/dev/pts/$i" ] && mknod -m 0666 "/dev/pts/$i" c 136 $i + [ ! -e "/dev/pts/$i" ] && mknod "/dev/pts/$i" c 136 $i + chown 0666 "/dev/pts/$i" done # file check does not seem to work at all times -[ ! -e /dev/ptmx ] && mknod -m 0666 /dev/ptmx c 5 2 || true -[ ! -e /dev/pts/ptmx ] && mknod -m 0000 /dev/pts/ptmx c 5 2 +[ ! -e /dev/ptmx ] && mknod /dev/ptmx c 5 2 || true +chown 0666 /dev/ptmx +[ ! -e /dev/pts/ptmx ] && mknod /dev/pts/ptmx c 5 2 +chown 0000 /dev/pts/ptmx # Create the directory where local facts will be stored mkdir -p /etc/ansible/facts.d diff --git a/templates/prep-scripts/debian_prep.sh.j2 b/templates/prep-scripts/debian_prep.sh.j2 index 8affc0bc..24eb0d12 100644 --- a/templates/prep-scripts/debian_prep.sh.j2 +++ b/templates/prep-scripts/debian_prep.sh.j2 @@ -1,5 +1,4 @@ #!/usr/bin/env bash - set -e -x {{ lxc_cache_prep_pre_commands }} @@ -13,7 +12,7 @@ export DEBIAN_FRONTEND=noninteractive apt-get remove -y --purge snap* lxc* lxd* resolvconf* || true # Update base distribution -apt-get update --allow-releaseinfo-change +apt-get update apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes eatmydata export LD_PRELOAD=/usr/lib/{{ ansible_facts['architecture'] }}-linux-gnu/libeatmydata.so @@ -22,8 +21,6 @@ apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--fo apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes {{ lxc_cache_distro_packages | join(' ') }} apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes -apt-get remove -y --purge mariadb* || true - rm /etc/machine-id || true rm /var/lib/dbus/machine-id || true touch /etc/machine-id diff --git a/templates/prep-scripts/ubuntu_20_prep.sh.j2 b/templates/prep-scripts/ubuntu_20_prep.sh.j2 deleted file mode 100644 index 6ab5ee02..00000000 --- a/templates/prep-scripts/ubuntu_20_prep.sh.j2 +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/env bash -# TODO(evrardjp): Make this script ubuntu version agnostic or -# remove it if no change happens in bionic vs xenial -set -e -x - -{{ lxc_cache_prep_pre_commands }} - -{% include 'templates/prep-scripts/_container_sys_setup.sh.j2' %} - -export DEBIAN_FRONTEND=noninteractive -apt-get remove -y --purge snap* lxc* lxd* resolvconf* || true - -# Update base distribution -apt-get update - -apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes eatmydata -export LD_PRELOAD=/usr/lib/{{ ansible_facts['architecture'] }}-linux-gnu/libeatmydata.so - -apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes gnupg -apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes -apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes {{ lxc_cache_distro_packages | join(' ') }} -apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes -rm /etc/machine-id || true -rm /var/lib/dbus/machine-id || true -touch /etc/machine-id -rm /etc/sysctl.d/* || true -echo '' > /etc/sysctl.conf -mkdir -p /root/.ssh -chmod 700 /root/.ssh -userdel --force --remove ubuntu || true -apt-get clean -mkdir -p /var/backup -mkdir -p /etc/network/interfaces.d -chage -I -1 -d -1 -m 0 -M 99999 -E -1 root -for action in disable mask; do - systemctl ${action} resolvconf.service || true - systemctl ${action} systemd-networkd-resolvconf-update.path || true - systemctl ${action} systemd-networkd-resolvconf-update.service || true -done - -{% for locale in lxc_cache_locales %} -locale-gen {{ locale }} -{% if loop.first | bool %} -update-locale LANG={{ locale }} -{% endif %} -{% endfor %} - -# Set the IP of the lxcbr0 interface as the DNS server -echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf -systemctl enable systemd-networkd -{{ lxc_cache_prep_post_commands }} diff --git a/vars/debian-host.yml b/vars/debian-host.yml index 0c890e35..5d1e07b7 100644 --- a/vars/debian-host.yml +++ b/vars/debian-host.yml @@ -28,6 +28,7 @@ _lxc_hosts_distro_packages: - debootstrap - dnsmasq-base - git + - gzip - ifupdown - iptables - irqbalance @@ -36,8 +37,8 @@ _lxc_hosts_distro_packages: - lxc-dev - lxc-templates - procps - - python3-dev - python3-lxc + - python3-dev - systemd-container - xz-utils diff --git a/vars/debian.yml b/vars/debian.yml index 37259af9..963e72e1 100644 --- a/vars/debian.yml +++ b/vars/debian.yml @@ -16,13 +16,13 @@ _lxc_hosts_container_build_command: "debootstrap --variant minbase {{ ansible_facts['distribution_release'] }} /var/lib/machines/{{ lxc_container_base_name }} " _lxc_cache_map: - distro: debian + distro: "{{ ansible_facts['distribution'] | lower }}" arch: "{{ lxc_architecture_mapping.get( ansible_facts['architecture'] ) }}" release: "{{ ansible_facts['distribution_major_version'] }}" copy_from_host: - /etc/apt/sources.list - /etc/apt/apt.conf.d/ - - /etc/apt/trusted.gpg.d + - /etc/apt/trusted.gpg.d/ - /etc/apt/trusted.gpg - /etc/apt/preferences.d/ - /etc/environment @@ -31,18 +31,23 @@ _lxc_cache_map: _lxc_cache_prep_template: "prep-scripts/debian_prep.sh.j2" +_lxc_cache_distro_libpython: + buster: libpython3.7 + bullseye: libpython3.9 + focal: libpython3.8 + jammy: libpython3.10 + # This list should contain a minimum set of packages. Add extra packages via roles that require them. _lxc_cache_distro_packages: - ca-certificates - dbus - - iproute2 - iputils-ping + - iproute2 - locales - netbase - openssh-server - - procps # provides sysctl which is a requirement - python3 - - libpython3.9 + - "{{ _lxc_cache_distro_libpython[ansible_facts['distribution_release'] | lower] }}" - rsync # os_keystone runs serial=1 and uses rsync before the distro packages have been installed on all keystone targets - sudo - systemd diff --git a/vars/ubuntu-20.04-host.yml b/vars/ubuntu-20.04-host.yml deleted file mode 100644 index 12576a45..00000000 --- a/vars/ubuntu-20.04-host.yml +++ /dev/null @@ -1,58 +0,0 @@ ---- -# Copyright 2016, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -## APT Cache Options -cache_timeout: 600 - -# Required apt packages. -_lxc_hosts_distro_packages: - - apparmor - - apparmor-profiles - - apparmor-utils - - aria2 - - bridge-utils - - btrfs-progs - - cgroup-lite - - dbus - - debootstrap - - dnsmasq-base - - git - - gzip - - ifupdown - - iptables - - irqbalance - - language-pack-en - - liblxc1 - - lxc - - lxc-dev - - lxc-templates - - procps - - python3-lxc - - python3-dev - - systemd-container - - xz-utils - -# Package to remove from the host -lxc_hosts_remove_distro_packages: - - dnsmasq - -lxc_xz_bin: xz - -system_config_dir: "/etc/default" -systemd_utils_prefix: "/lib/systemd" - -lxc_cached_network_interfaces: - - src: "lxc-net-bridge.cfg.j2" - dest: "/etc/network/interfaces.d/lxc-net-bridge.cfg" diff --git a/vars/ubuntu-20.04.yml b/vars/ubuntu-20.04.yml deleted file mode 100644 index 88f9026b..00000000 --- a/vars/ubuntu-20.04.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -# Copyright 2016, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -_lxc_hosts_container_build_command: "debootstrap --variant minbase {{ ansible_facts['distribution_release'] }} /var/lib/machines/{{ lxc_container_base_name }} " - -_lxc_cache_map: - distro: ubuntu - arch: "{{ lxc_architecture_mapping.get( ansible_facts['architecture'] ) }}" - release: focal - copy_from_host: - - /etc/apt/sources.list - - /etc/apt/apt.conf.d/ - - /etc/apt/trusted.gpg.d/ - - /etc/apt/trusted.gpg - - /etc/apt/preferences.d/ - - /etc/environment - - /etc/localtime - - /etc/protocols - -_lxc_cache_prep_template: "prep-scripts/ubuntu_20_prep.sh.j2" - -# This list should contain a minimum set of packages. Add extra packages via roles that require them. -_lxc_cache_distro_packages: - - ca-certificates - - dbus - - iputils-ping - - iproute2 - - locales - - netbase - - openssh-server - - python3 - - libpython3.8 - - rsync # os_keystone runs serial=1 and uses rsync before the distro packages have been installed on all keystone targets - - sudo - - systemd - - systemd-sysv - - tzdata