From e90019f6bcc0e94cc9d66e4f9f32c8bdd2eb16ed Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Sat, 6 Apr 2019 19:32:44 -0400 Subject: [PATCH] debian: add support This patch adds support for this role to be able to deploy on Debian Stretch. Change-Id: I865df7f5ff2b7022ec0922773b2a945ec7aff7f4 Needed-By: I135ea73604890eae5e9e2a7cdcab81b2b39ad426 --- templates/prep-scripts/debian_prep.sh.j2 | 52 ++++++++++++++++++++++ vars/debian-host.yml | 54 +++++++++++++++++++++++ vars/debian.yml | 56 ++++++++++++++++++++++++ 3 files changed, 162 insertions(+) create mode 100644 templates/prep-scripts/debian_prep.sh.j2 create mode 100644 vars/debian-host.yml create mode 100644 vars/debian.yml diff --git a/templates/prep-scripts/debian_prep.sh.j2 b/templates/prep-scripts/debian_prep.sh.j2 new file mode 100644 index 00000000..a6a77f0c --- /dev/null +++ b/templates/prep-scripts/debian_prep.sh.j2 @@ -0,0 +1,52 @@ +#!/usr/bin/env bash + +set -e -x + +{{ lxc_cache_prep_pre_commands }} + +{% include 'templates/prep-scripts/_container_sys_setup.sh.j2' %} + +export DEBIAN_FRONTEND=noninteractive +apt-get remove -y --purge snap* lxc* lxd* resolvconf* || true + +# Update base distribution +apt-get update + +apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes eatmydata +export LD_PRELOAD=/usr/lib/{{ ansible_architecture }}-linux-gnu/libeatmydata.so + +apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes gnupg +apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes +apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes {{ lxc_cache_distro_packages | join(' ') }} +apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes +rm -f /usr/bin/python +rm /etc/machine-id || true +rm /var/lib/dbus/machine-id || true +touch /etc/machine-id +rm /etc/sysctl.d/* || true +echo '' > /etc/sysctl.conf +ln -s /usr/bin/python2.7 /usr/bin/python +mkdir -p /root/.ssh +chmod 700 /root/.ssh +userdel --force --remove ubuntu || true +apt-get clean +mkdir -p /var/backup +mkdir -p /etc/network/interfaces.d +chage -I -1 -d -1 -m 0 -M 99999 -E -1 root +for action in disable mask; do + systemctl ${action} resolvconf.service || true + systemctl ${action} systemd-networkd-resolvconf-update.path || true + systemctl ${action} systemd-networkd-resolvconf-update.service || true +done + +{% for locale in lxc_cache_locales %} +sed -i 's/^# *\({{ locale }}\)/\1/' /etc/locale.gen && locale-gen +{% if loop.first | bool %} +update-locale LANG={{ locale }} +{% endif %} +{% endfor %} + +# Set the IP of the lxcbr0 interface as the DNS server +echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf +systemctl enable systemd-networkd +{{ lxc_cache_prep_post_commands }} diff --git a/vars/debian-host.yml b/vars/debian-host.yml new file mode 100644 index 00000000..7101e6a9 --- /dev/null +++ b/vars/debian-host.yml @@ -0,0 +1,54 @@ +--- +# Copyright 2019, VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## APT Cache Options +cache_timeout: 600 + +# Required apt packages. +_lxc_hosts_distro_packages: + - apparmor + - apparmor-profiles + - apparmor-utils + - aria2 + - bridge-utils + - btrfs-tools + - dbus + - debootstrap + - dnsmasq-base + - git + - ifupdown + - iptables + - irqbalance + - liblxc1 + - lxc + - lxc-dev + - python-dev + - python-lxc + - python3-lxc + - systemd-container + - pxz + +# Package to remove from the host +lxc_hosts_remove_distro_packages: + - dnsmasq + +lxc_xz_bin: pxz + +system_config_dir: "/etc/default" +systemd_utils_prefix: "/lib/systemd" + +lxc_cached_network_interfaces: + - src: "lxc-net-bridge.cfg.j2" + dest: "/etc/network/interfaces.d/lxc-net-bridge.cfg" diff --git a/vars/debian.yml b/vars/debian.yml new file mode 100644 index 00000000..225f629b --- /dev/null +++ b/vars/debian.yml @@ -0,0 +1,56 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +_lxc_hosts_container_image_url: "https://github.com/debuerreotype/docker-debian-artifacts/raw/dist-{{ lxc_cache_map.arch }}/{{ ansible_distribution_release }}/rootfs.tar.xz" + +_lxc_cache_map: + distro: debian + arch: "{{ lxc_architecture_mapping.get( ansible_architecture ) }}" + release: "{{ ansible_distribution_major_version }}" + copy_from_host: + - /etc/apt/sources.list + - /etc/apt/apt.conf.d/ + - /etc/apt/trusted.gpg.d + - /etc/apt/preferences.d/ + - /etc/environment + - /etc/localtime + - /etc/protocols + +_lxc_cache_prep_template: "prep-scripts/debian_prep.sh.j2" + +_lxc_cache_distro_packages: + - apt-transport-https + - ca-certificates + - cron + - dbus + - debianutils + - gcc + - iproute2 + - iputils-ping + - libffi-dev + - libssl-dev + - locales + - netbase + - openssh-server + - openssl + - python2.7 + - python-dev + - python3-dev + - rsync + - sudo + - systemd + - systemd-sysv + - tar + - wget