Remove machinectl from LXC cache prep
machinectl is only used to store the image during initial cache preparation and is unrelated to the backing store used by LXC. This patch removes the use of machinectl and btrfs which makes the lxc_hosts role portable to centos-8 which does not have btrfs Change-Id: Ib03ea09fa5b4d4b6b3d5ca38a0a6c5cf67eb1df4
This commit is contained in:
parent
295c3c0a93
commit
da4f62b006
@ -12,8 +12,8 @@ ConditionPathExists=/var/lib/machines.raw
|
|||||||
[Mount]
|
[Mount]
|
||||||
What=/var/lib/machines.raw
|
What=/var/lib/machines.raw
|
||||||
Where=/var/lib/machines
|
Where=/var/lib/machines
|
||||||
Type=btrfs
|
Type=ext4
|
||||||
Options=loop,defaults,noatime,nodiratime,compress=lzo,commit=120,{{ (ansible_kernel is version('4.5', '>=')) | ternary('space_cache=v2', 'space_cache') }}
|
Options=loop,defaults,noatime,nodiratime
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
8
releasenotes/notes/drop-machinectl-5053dc9833535cd9.yaml
Normal file
8
releasenotes/notes/drop-machinectl-5053dc9833535cd9.yaml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
To provide compatibility with Centos-8 the LXC cache preparation has
|
||||||
|
been greatly simplified to remove the requirement for machinectl and
|
||||||
|
btrfs, which is a combination not available on Centos-8. This has
|
||||||
|
the side effect of machinectl no longer being a supported backing
|
||||||
|
store for LXC.
|
@ -13,14 +13,6 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
- name: Check cached image status
|
|
||||||
command: "machinectl image-status {{ lxc_container_base_name }}"
|
|
||||||
register: cache_check
|
|
||||||
changed_when: false
|
|
||||||
failed_when: false
|
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
- name: Retrieve the expiry object
|
- name: Retrieve the expiry object
|
||||||
slurp:
|
slurp:
|
||||||
src: "{{ cache_path_fact }}/expiry"
|
src: "{{ cache_path_fact }}/expiry"
|
||||||
@ -34,8 +26,7 @@
|
|||||||
- name: Set cache refresh fact
|
- name: Set cache refresh fact
|
||||||
set_fact:
|
set_fact:
|
||||||
lxc_image_cache_refresh: true
|
lxc_image_cache_refresh: true
|
||||||
when: >
|
when:
|
||||||
(cache_check.rc != 0) or
|
|
||||||
cache_time >= (expiry.content|default('MQo=') | b64decode)
|
cache_time >= (expiry.content|default('MQo=') | b64decode)
|
||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
@ -27,23 +27,17 @@
|
|||||||
file:
|
file:
|
||||||
path: "{{ cache_path_fact }}/rootfs.tar.xz"
|
path: "{{ cache_path_fact }}/rootfs.tar.xz"
|
||||||
state: "absent"
|
state: "absent"
|
||||||
when:
|
|
||||||
- container_backing_store != 'machinectl'
|
|
||||||
|
|
||||||
# This is using a shell command because the ansible archive module does not
|
# This is using a shell command because the ansible archive module does not
|
||||||
# provide for the options needed to properly create an LXC image archive.
|
# provide for the options needed to properly create an LXC image archive.
|
||||||
# Ansible will print a warning since this task calls 'tar' directly and we
|
# Ansible will print a warning since this task calls 'tar' directly and we
|
||||||
# suppress this warning with 'warn: no'. This task is not run when the backend
|
# suppress this warning with 'warn: no'.
|
||||||
# is set to "machinectl" because the "machinectl" backend directly clones the
|
|
||||||
# base image instead of unpacking a container tarball.
|
|
||||||
- name: Create lxc image
|
- name: Create lxc image
|
||||||
shell: |
|
shell: |
|
||||||
tar -Opc -C {{ lxc_image_cache_path }} . | {{ lxc_xz_bin }} -T 0 -{{ lxc_image_compression_ratio }} -c - > rootfs.tar.xz
|
tar -Opc -C {{ lxc_image_cache_path }} . | {{ lxc_xz_bin }} -T 0 -{{ lxc_image_compression_ratio }} -c - > rootfs.tar.xz
|
||||||
args:
|
args:
|
||||||
chdir: "{{ cache_path_fact }}/"
|
chdir: "{{ cache_path_fact }}/"
|
||||||
warn: no
|
warn: no
|
||||||
when:
|
|
||||||
- container_backing_store != 'machinectl'
|
|
||||||
tags:
|
tags:
|
||||||
- skip_ansible_lint
|
- skip_ansible_lint
|
||||||
|
|
||||||
@ -77,8 +71,6 @@
|
|||||||
copy:
|
copy:
|
||||||
content: "{{ cache_time }}"
|
content: "{{ cache_time }}"
|
||||||
dest: "{{ cache_path_fact }}/build_id"
|
dest: "{{ cache_path_fact }}/build_id"
|
||||||
when:
|
|
||||||
- container_backing_store != 'machinectl'
|
|
||||||
|
|
||||||
- include_tasks: "{{ item }}"
|
- include_tasks: "{{ item }}"
|
||||||
with_first_found:
|
with_first_found:
|
||||||
|
@ -13,61 +13,9 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
- name: Pull systemd version
|
|
||||||
command: "systemctl --version"
|
|
||||||
changed_when: false
|
|
||||||
register: systemd_version
|
|
||||||
tags:
|
|
||||||
# Avoid ANSIBLE0006 lint issue: systemctl used in place of systemd module
|
|
||||||
- skip_ansible_lint
|
|
||||||
- always
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: Create machined proxy override unit directories
|
|
||||||
file:
|
|
||||||
path: "/etc/systemd/system/{{ item }}"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0755'
|
|
||||||
state: directory
|
|
||||||
with_items:
|
|
||||||
- systemd-machined.service.d
|
|
||||||
- systemd-importd.service.d
|
|
||||||
|
|
||||||
- name: Drop the machined proxy override units
|
|
||||||
template:
|
|
||||||
src: systemd-proxy-unit.conf.j2
|
|
||||||
dest: /etc/systemd/system/{{ item }}/proxy.conf
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0644'
|
|
||||||
with_items:
|
|
||||||
- systemd-machined.service.d
|
|
||||||
- systemd-importd.service.d
|
|
||||||
when:
|
|
||||||
- (deployment_environment_variables | default({})).keys() | length > 0
|
|
||||||
|
|
||||||
- include_tasks: lxc_volume.yml
|
- include_tasks: lxc_volume.yml
|
||||||
|
|
||||||
- include_tasks: "lxc_cache_preparation_systemd_{{ (systemd_version.stdout_lines[0].split()[1] | int > 219) | ternary('new', 'old') }}.yml"
|
- include_tasks: lxc_cache_preparation_simple.yml
|
||||||
|
|
||||||
- name: Set the qgroup limits
|
|
||||||
block:
|
|
||||||
- name: Set the qgroup size|compression limits on machines
|
|
||||||
command: "btrfs qgroup limit {{ item }} {{ lxc_image_cache_path }}"
|
|
||||||
changed_when: false
|
|
||||||
with_items:
|
|
||||||
- "-e {{ lxc_host_machine_qgroup_space_limit }}"
|
|
||||||
- "-c {{ lxc_host_machine_qgroup_compression_limit }}"
|
|
||||||
when:
|
|
||||||
- not lxc_host_machine_quota_disabled
|
|
||||||
rescue:
|
|
||||||
- name: Notice regarding quota system
|
|
||||||
debug:
|
|
||||||
msg: >-
|
|
||||||
There was an error processing the setup of qgroups. Check the system
|
|
||||||
to ensure they're available otherwise disable the quota system by
|
|
||||||
setting `lxc_host_machine_quota_disabled` to true.
|
|
||||||
|
|
||||||
# NOTE(cloudnull): We're using rsync and an if block because we've no means
|
# NOTE(cloudnull): We're using rsync and an if block because we've no means
|
||||||
# to loop over a block. Re-evaluate this task when/if this is
|
# to loop over a block. Re-evaluate this task when/if this is
|
||||||
|
71
tasks/lxc_cache_preparation_simple.yml
Normal file
71
tasks/lxc_cache_preparation_simple.yml
Normal file
@ -0,0 +1,71 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2020, BBC R&D
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Create sparse machines file
|
||||||
|
command: "truncate -s 11G /var/lib/machines.raw"
|
||||||
|
args:
|
||||||
|
creates: /var/lib/machines.raw
|
||||||
|
register: machines_create
|
||||||
|
|
||||||
|
- name: Format the machines file
|
||||||
|
filesystem:
|
||||||
|
fstype: ext4
|
||||||
|
dev: /var/lib/machines.raw
|
||||||
|
when:
|
||||||
|
- machines_create is changed
|
||||||
|
|
||||||
|
- name: Create machines mount point
|
||||||
|
file:
|
||||||
|
path: "/var/lib/machines"
|
||||||
|
state: "directory"
|
||||||
|
recurse: true
|
||||||
|
|
||||||
|
- name: Move machines mount into place
|
||||||
|
copy:
|
||||||
|
src: var-lib-machines.mount
|
||||||
|
dest: /lib/systemd/system/var-lib-machines.mount
|
||||||
|
register: mount_unit
|
||||||
|
|
||||||
|
- name: Reload the System daemon
|
||||||
|
systemd:
|
||||||
|
daemon_reload: yes
|
||||||
|
when: mount_unit is changed
|
||||||
|
|
||||||
|
- name: Mount all
|
||||||
|
shell: "mount | grep '/var/lib/machines' || (systemctl start var-lib-machines.mount && exit 3)"
|
||||||
|
register: mount_machines
|
||||||
|
changed_when: mount_machines.rc == 3
|
||||||
|
failed_when: mount_machines.rc not in [0, 3]
|
||||||
|
tags:
|
||||||
|
- skip_ansible_lint
|
||||||
|
|
||||||
|
- name: Remove the old image cache
|
||||||
|
file:
|
||||||
|
path: "/var/lib/machines/{{ lxc_container_base_name }}"
|
||||||
|
state: absent
|
||||||
|
when:
|
||||||
|
- lxc_image_cache_refresh | bool
|
||||||
|
|
||||||
|
- name: Create new image cache directory
|
||||||
|
file:
|
||||||
|
path: "/var/lib/machines/{{ lxc_container_base_name }}"
|
||||||
|
state: directory
|
||||||
|
register: create_new_dir
|
||||||
|
|
||||||
|
- name: Unpack base image
|
||||||
|
unarchive:
|
||||||
|
src: "/tmp/{{ cache_basename }}"
|
||||||
|
dest: "/var/lib/machines/{{ lxc_container_base_name }}"
|
||||||
|
when: create_new_dir is changed
|
@ -1,58 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright 2015, Rackspace US, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
# NOTE(cloudnull): When modern SystemD is running everywhere this can be
|
|
||||||
# collapsed back into the base preparation task file.
|
|
||||||
- name: Remove old image cache
|
|
||||||
command: "machinectl remove {{ lxc_container_base_name }}"
|
|
||||||
register: cache_refresh
|
|
||||||
changed_when: cache_refresh.rc == 0
|
|
||||||
failed_when: cache_refresh.rc not in [0, 1]
|
|
||||||
when:
|
|
||||||
- lxc_image_cache_refresh | bool
|
|
||||||
|
|
||||||
- name: Ensure image has been pre-staged
|
|
||||||
async_status:
|
|
||||||
jid: "{{ prestage_image.ansible_job_id }}"
|
|
||||||
register: job_result
|
|
||||||
until: job_result.finished
|
|
||||||
retries: 60
|
|
||||||
|
|
||||||
- name: Ensure systemd-importd is enabled
|
|
||||||
systemd:
|
|
||||||
name: "systemd-importd"
|
|
||||||
state: "started"
|
|
||||||
enabled: "yes"
|
|
||||||
daemon_reload: "yes"
|
|
||||||
notify:
|
|
||||||
- Restart importd
|
|
||||||
|
|
||||||
- name: Retrieve base image
|
|
||||||
command: >-
|
|
||||||
machinectl
|
|
||||||
--verify=no
|
|
||||||
{{ lxc_image_cache_pull_mode }}
|
|
||||||
/tmp/{{ cache_basename }}
|
|
||||||
{{ lxc_container_base_name }}
|
|
||||||
register: pull_image
|
|
||||||
until: pull_image is success
|
|
||||||
retries: 3
|
|
||||||
delay: 1
|
|
||||||
changed_when: pull_image.rc == 0
|
|
||||||
failed_when:
|
|
||||||
- pull_image.rc != 0
|
|
||||||
- "'failed' in pull_image.stderr | lower"
|
|
||||||
notify:
|
|
||||||
- Remove rootfs archive
|
|
@ -1,48 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright 2015, Rackspace US, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
# Because of this post and it's related bug(s) this is adding the container
|
|
||||||
# volumes the old way. The new way would simply be calling `machinectl`.
|
|
||||||
# * https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg28255.html
|
|
||||||
- name: Remove old image cache
|
|
||||||
command: "btrfs subvolume delete /var/lib/machines/{{ lxc_container_base_name }}"
|
|
||||||
register: cache_refresh_del
|
|
||||||
changed_when: cache_refresh_del.rc == 0
|
|
||||||
failed_when: cache_refresh_del.rc not in [0, 1]
|
|
||||||
when:
|
|
||||||
- lxc_image_cache_refresh | bool
|
|
||||||
|
|
||||||
- name: Add image cache
|
|
||||||
command: "btrfs subvolume create /var/lib/machines/{{ lxc_container_base_name }}"
|
|
||||||
register: cache_refresh_add
|
|
||||||
changed_when: cache_refresh_add.rc == 0
|
|
||||||
failed_when: cache_refresh_add.rc not in [0, 1]
|
|
||||||
when:
|
|
||||||
- lxc_image_cache_refresh | bool
|
|
||||||
|
|
||||||
- name: Ensure image has been pre-staged
|
|
||||||
async_status:
|
|
||||||
jid: "{{ prestage_image.ansible_job_id }}"
|
|
||||||
register: job_result
|
|
||||||
until: job_result.finished
|
|
||||||
retries: 60
|
|
||||||
|
|
||||||
- name: Place container rootfs
|
|
||||||
unarchive:
|
|
||||||
src: "/tmp/{{ cache_basename }}"
|
|
||||||
dest: "/var/lib/machines/{{ lxc_container_base_name }}"
|
|
||||||
remote_src: True
|
|
||||||
notify:
|
|
||||||
- Remove rootfs archive
|
|
@ -50,14 +50,6 @@
|
|||||||
set_fact:
|
set_fact:
|
||||||
lxc_major_version: "{{ lxc_version.stdout.split('.')[0] }}"
|
lxc_major_version: "{{ lxc_version.stdout.split('.')[0] }}"
|
||||||
|
|
||||||
- name: Create machinectl base template
|
|
||||||
template:
|
|
||||||
src: "lxc-machinectl.j2"
|
|
||||||
dest: "/usr/share/lxc/templates/lxc-machinectl"
|
|
||||||
owner: "root"
|
|
||||||
group: "root"
|
|
||||||
mode: "0755"
|
|
||||||
|
|
||||||
- name: Drop lxc veth check script
|
- name: Drop lxc veth check script
|
||||||
copy:
|
copy:
|
||||||
src: "lxc-veth-check.sh"
|
src: "lxc-veth-check.sh"
|
||||||
|
@ -13,80 +13,40 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
- name: Check machinectl mount point
|
- name: Create sparse machines file
|
||||||
command: mountpoint /var/lib/machines
|
command: "truncate -s 11G /var/lib/machines.raw"
|
||||||
failed_when: false
|
|
||||||
changed_when: false
|
|
||||||
register: machinectl_mount
|
|
||||||
|
|
||||||
# NOTE(odyssey4me):
|
|
||||||
# The size is forced to be set in Gigabytes to maintain compatibility
|
|
||||||
# with the initial implementation done in Pike-Rocky. Do not change
|
|
||||||
# this without implementing some way of converting any pre-existing
|
|
||||||
# value properly during a major upgrade.
|
|
||||||
- name: Set volume size
|
|
||||||
shell: |
|
|
||||||
machinectl set-limit {{ lxc_host_machine_volume_size | regex_replace("\D*$", "") }}G
|
|
||||||
truncate -s '>{{ lxc_host_machine_volume_size | regex_replace("\D*$", "") }}G' /var/lib/machines.raw
|
|
||||||
changed_when: false
|
|
||||||
register: machines_create
|
|
||||||
args:
|
args:
|
||||||
executable: /bin/bash
|
creates: /var/lib/machines.raw
|
||||||
tags:
|
register: machines_create
|
||||||
- skip_ansible_lint
|
|
||||||
|
|
||||||
- name: Systemd machinectl mount
|
- name: Format the machines file
|
||||||
block:
|
|
||||||
- name: Format the machines sparse file
|
|
||||||
filesystem:
|
filesystem:
|
||||||
fstype: btrfs
|
fstype: ext4
|
||||||
dev: /var/lib/machines.raw
|
dev: /var/lib/machines.raw
|
||||||
|
when:
|
||||||
|
- machines_create is changed
|
||||||
|
|
||||||
- name: Create machines mount point
|
- name: Create machines mount point
|
||||||
file:
|
file:
|
||||||
path: "/var/lib/machines"
|
path: "/var/lib/machines"
|
||||||
state: "directory"
|
state: "directory"
|
||||||
|
recurse: true
|
||||||
|
|
||||||
- name: Move machines mount into place
|
- name: Move machines mount into place
|
||||||
template:
|
copy:
|
||||||
src: var-lib-machines.mount
|
src: var-lib-machines.mount
|
||||||
dest: /etc/systemd/system/var-lib-machines.mount
|
dest: /lib/systemd/system/var-lib-machines.mount
|
||||||
register: mount_unit
|
register: mount_unit
|
||||||
notify:
|
|
||||||
- Reload systemd units
|
|
||||||
- Start machines mount
|
|
||||||
when:
|
|
||||||
- machinectl_mount.rc != 0
|
|
||||||
|
|
||||||
- meta: flush_handlers
|
- name: Reload the System daemon
|
||||||
|
systemd:
|
||||||
|
daemon_reload: yes
|
||||||
|
when: mount_unit is changed
|
||||||
|
|
||||||
- name: Update quota system and group limits
|
- name: Mount all
|
||||||
block:
|
shell: "mount | grep '/var/lib/machines' || (systemctl start var-lib-machines.mount && exit 3)"
|
||||||
- name: Disable|Enable the machinectl quota system
|
register: mount_machines
|
||||||
command: "btrfs quota {{ lxc_host_machine_quota_disabled | bool | ternary('disable', 'enable') }} /var/lib/machines"
|
changed_when: mount_machines.rc == 3
|
||||||
changed_when: false
|
failed_when: mount_machines.rc not in [0, 3]
|
||||||
|
tags:
|
||||||
- name: Set the qgroup size|compression limits on machines
|
- skip_ansible_lint
|
||||||
command: "btrfs qgroup limit {{ item }} /var/lib/machines"
|
|
||||||
changed_when: false
|
|
||||||
with_items:
|
|
||||||
- "-e {{ lxc_host_machine_qgroup_space_limit }}"
|
|
||||||
- "-c {{ lxc_host_machine_qgroup_compression_limit }}"
|
|
||||||
when:
|
|
||||||
- not lxc_host_machine_quota_disabled | bool
|
|
||||||
rescue:
|
|
||||||
- name: Notice regarding quota system
|
|
||||||
debug:
|
|
||||||
msg: >-
|
|
||||||
The machinectl quota system could not be setup. Check the system for
|
|
||||||
quota system availability otherwise disable it by setting
|
|
||||||
`lxc_host_machine_quota_disabled` to true.
|
|
||||||
|
|
||||||
# NOTE(cloudnull): Because the machines mount may be a manually created sparse
|
|
||||||
# file we run an online resize to ensure the machines mount is
|
|
||||||
# the size we expect.
|
|
||||||
- name: Ensure the machines fs is sized correctly
|
|
||||||
command: "btrfs filesystem resize max /var/lib/machines"
|
|
||||||
failed_when: false
|
|
||||||
when:
|
|
||||||
- machines_create is changed
|
|
||||||
|
@ -1,215 +0,0 @@
|
|||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
# Copyright 2017, Rackspace US, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
|
|
||||||
## Vars ----------------------------------------------------------------------
|
|
||||||
LXC_CACHE_BASE="/var/cache/lxc/"
|
|
||||||
LXC_CACHE_PATH="${LXC_CACHE_PATH:-$LXC_CACHE_BASE}"
|
|
||||||
LXC_HOOK_DIR="/usr/share/lxc/hooks"
|
|
||||||
LXC_TEMPLATE_CONFIG="/usr/share/lxc/config"
|
|
||||||
|
|
||||||
# Default variables
|
|
||||||
DOWNLOAD_VARIANT=
|
|
||||||
DOWNLOAD_DIST=
|
|
||||||
DOWNLOAD_RELEASE=
|
|
||||||
DOWNLOAD_ARCH=
|
|
||||||
|
|
||||||
# NOTE(cloudnull): These variables are created magically through the
|
|
||||||
# `lxc-create` command and must exist at the top of the file.
|
|
||||||
LXC_NAME=
|
|
||||||
LXC_PATH=
|
|
||||||
LXC_ROOTFS=
|
|
||||||
|
|
||||||
## Functions ------------------------------------------------------------------
|
|
||||||
usage() {
|
|
||||||
# Return usage information
|
|
||||||
cat <<EOF
|
|
||||||
LXC container image in machinectl
|
|
||||||
|
|
||||||
Special arguments:
|
|
||||||
[ -h | --help ]: Print this help message and exit.
|
|
||||||
|
|
||||||
Required arguments:
|
|
||||||
[ --name <name> ]: The container name
|
|
||||||
[ -d | --dist <distribution> ]: The name of the distribution
|
|
||||||
[ -r | --release <release> ]: Release name/version
|
|
||||||
[ -a | --arch <architecture> ]: Architecture of the container
|
|
||||||
|
|
||||||
Optional arguments:
|
|
||||||
[ --variant <variant> ]: Variant of the image (default: "default")
|
|
||||||
[ -b | --base <base-image> ]: Set the image base name to ANY existing machine image
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
# Trap all exit signals
|
|
||||||
trap EXIT HUP INT TERM
|
|
||||||
|
|
||||||
## Exports --------------------------------------------------------------------
|
|
||||||
# Make sure the usual locations are in PATH
|
|
||||||
export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin
|
|
||||||
|
|
||||||
|
|
||||||
## Main -----------------------------------------------------------------------
|
|
||||||
if ! options=$(getopt -o d:r:a:hl -l dist:,release:,arch:,help,list,variant:,name:,path:,rootfs: -- "$@"); then
|
|
||||||
usage
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
eval set -- "$options"
|
|
||||||
|
|
||||||
while :; do
|
|
||||||
case "$1" in
|
|
||||||
-h|--help) usage && exit 1;;
|
|
||||||
-l|--list) DOWNLOAD_LIST_IMAGES="true"; shift 1;;
|
|
||||||
-d|--dist) DOWNLOAD_DIST="$2"; shift 2;;
|
|
||||||
-r|--release) DOWNLOAD_RELEASE="$2"; shift 2;;
|
|
||||||
-a|--arch) DOWNLOAD_ARCH="$2"; shift 2;;
|
|
||||||
--variant) DOWNLOAD_VARIANT="$2"; shift 2;;
|
|
||||||
--name) LXC_NAME="$2"; shift 2;;
|
|
||||||
--path) LXC_PATH="$2"; shift 2;;
|
|
||||||
--rootfs) LXC_ROOTFS="$2"; shift 2;;
|
|
||||||
*) break;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
# Setup the basic information used for machine images
|
|
||||||
if [ -z "${LXC_MACHINE_IMAGE:-}" ]; then
|
|
||||||
export LXC_MACHINE_IMAGE="${DOWNLOAD_DIST}-${DOWNLOAD_RELEASE}-${DOWNLOAD_ARCH}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# NOTE(cloudnull): If a variant name has not been defined, set it as "default".
|
|
||||||
# If a variant is set, amend the machine image name
|
|
||||||
if [ -z "${DOWNLOAD_VARIANT:-}" ]; then
|
|
||||||
export DOWNLOAD_VARIANT="default"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Setup the basic pathing pointing at the known LXC cache
|
|
||||||
LXC_CACHE_PATH="${LXC_CACHE_PATH}/download/${DOWNLOAD_DIST}"
|
|
||||||
LXC_CACHE_PATH="${LXC_CACHE_PATH}/${DOWNLOAD_RELEASE}/${DOWNLOAD_ARCH}/"
|
|
||||||
export LXC_CACHE_PATH="${LXC_CACHE_PATH}/${DOWNLOAD_VARIANT}"
|
|
||||||
|
|
||||||
# Check for required binaries
|
|
||||||
for bin in machinectl; do
|
|
||||||
if ! command -V "${bin}" >/dev/null 2>&1; then
|
|
||||||
echo "ERROR: Missing required tool: ${bin}" 1>&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
# Check for the lxc base image
|
|
||||||
if ! btrfs subvolume show "/var/lib/machines/${LXC_MACHINE_IMAGE}" 2>&1 > /dev/null; then
|
|
||||||
echo "[FAILURE] Base image does not exist."
|
|
||||||
exit 99
|
|
||||||
fi
|
|
||||||
|
|
||||||
if btrfs subvolume show "/var/lib/machines/${LXC_NAME}" 2>&1 > /dev/null; then
|
|
||||||
echo "[NOTICE] Contianer volume already exists"
|
|
||||||
else
|
|
||||||
btrfs subvolume snapshot \
|
|
||||||
"/var/lib/machines/${LXC_MACHINE_IMAGE}" \
|
|
||||||
"/var/lib/machines/${LXC_NAME}"
|
|
||||||
echo "[NOTICE] New machine volume created"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Set the LXC_ROOTFS to the machines path
|
|
||||||
export LXC_ROOTFS="/var/lib/machines/${LXC_NAME}"
|
|
||||||
|
|
||||||
# Ensuing the container path exists
|
|
||||||
mkdir -p "${LXC_ROOTFS}/${LXC_NAME}/dev/pts/"
|
|
||||||
mkdir -p "${LXC_PATH}/rootfs"
|
|
||||||
|
|
||||||
cat <<EOF
|
|
||||||
=== CONTAINER DETAILS ===
|
|
||||||
machine image: ${LXC_MACHINE_IMAGE}
|
|
||||||
lxc cache path: ${LXC_CACHE_PATH}
|
|
||||||
container path: ${LXC_PATH}
|
|
||||||
rootfs path: ${LXC_ROOTFS}
|
|
||||||
container name: ${LXC_NAME}
|
|
||||||
=== CONTAINER DETAILS ===
|
|
||||||
EOF
|
|
||||||
|
|
||||||
if [ ! -e "${LXC_CACHE_PATH}/config" ]; then
|
|
||||||
echo "ERROR: meta tarball is missing the configuration file" 1>&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Build container specific configurations
|
|
||||||
echo -e "\n# Distribution configuration" >> "${LXC_PATH}/config"
|
|
||||||
cat "${LXC_CACHE_PATH}/config" >> "${LXC_PATH}/config"
|
|
||||||
|
|
||||||
echo -e "\n# Container specific configuration" >> "${LXC_PATH}/config"
|
|
||||||
|
|
||||||
# If an older fstab file exists in the template, extend the lxc config.
|
|
||||||
if [ -e "${LXC_CACHE_PATH}/fstab" ]; then
|
|
||||||
echo "{{ lxc_template_config_key_mapping[lxc_major_version|int]['fstab'] }} = ${LXC_PATH}/fstab" >> "${LXC_PATH}/config"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Set the uts name
|
|
||||||
echo "{{ lxc_template_config_key_mapping[lxc_major_version|int]['uts_name'] }} = ${LXC_NAME}" >> "${LXC_PATH}/config"
|
|
||||||
|
|
||||||
# Look for extra templates
|
|
||||||
TEMPLATE_FILES="${LXC_PATH}/config"
|
|
||||||
if [ -e "${LXC_CACHE_PATH}/templates" ]; then
|
|
||||||
while read -r line; do
|
|
||||||
fullpath="${LXC_ROOTFS}/${line}"
|
|
||||||
[ ! -e "${fullpath}" ] && continue
|
|
||||||
TEMPLATE_FILES="${TEMPLATE_FILES};${fullpath}"
|
|
||||||
done < "${LXC_CACHE_PATH}/templates"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Replace variables in all templates
|
|
||||||
OLD_IFS=${IFS}
|
|
||||||
IFS=";"
|
|
||||||
for file in ${TEMPLATE_FILES}; do
|
|
||||||
[ ! -f "${file}" ] && continue
|
|
||||||
sed -i "s#LXC_NAME#${LXC_NAME}#g" "${file}"
|
|
||||||
sed -i "s#LXC_PATH#${LXC_PATH}#g" "${file}"
|
|
||||||
sed -i "s#LXC_ROOTFS#${LXC_ROOTFS}#g" "${file}"
|
|
||||||
sed -i "s#LXC_TEMPLATE_CONFIG#${LXC_TEMPLATE_CONFIG}#g" "${file}"
|
|
||||||
sed -i "s#LXC_HOOK_DIR#${LXC_HOOK_DIR}#g" "${file}"
|
|
||||||
done
|
|
||||||
IFS=${OLD_IFS}
|
|
||||||
|
|
||||||
# Add the machinectl backend store for the new container
|
|
||||||
if grep -q '^{{ lxc_template_config_key_mapping[lxc_major_version|int]['rootfs'] }} =' "${LXC_PATH}/config"; then
|
|
||||||
sed -i "s|^{{ lxc_template_config_key_mapping[lxc_major_version|int]['rootfs'] }} =.*|{{ lxc_template_config_key_mapping[lxc_major_version|int]['rootfs'] }} = ${LXC_ROOTFS}|" "${LXC_PATH}/config"
|
|
||||||
else
|
|
||||||
echo "{{ lxc_template_config_key_mapping[lxc_major_version|int]['rootfs'] }} = ${LXC_ROOTFS}" >> "${LXC_PATH}/config"
|
|
||||||
fi
|
|
||||||
|
|
||||||
{% if (lxc_major_version | int) < 3 %}
|
|
||||||
if grep -q '^{{ lxc_template_config_key_mapping[lxc_major_version|int]['rootfs_backend'] }} =' "${LXC_PATH}/config"; then
|
|
||||||
sed -i "s|^{{ lxc_template_config_key_mapping[lxc_major_version|int]['rootfs_backend'] }} =.*|{{ lxc_template_config_key_mapping[lxc_major_version|int]['rootfs_backend'] }} = btrfs|" "${LXC_PATH}/config"
|
|
||||||
else
|
|
||||||
echo "{{ lxc_template_config_key_mapping[lxc_major_version|int]['rootfs_backend'] }} = btrfs" >> "${LXC_PATH}/config"
|
|
||||||
fi
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
# Prevent mingetty from calling vhangup(2)
|
|
||||||
if [ -f "${LXC_ROOTFS}/etc/init/tty.conf" ]; then
|
|
||||||
sed -i 's|mingetty|mingetty --nohangup|' "${LXC_ROOTFS}/etc/init/tty.conf"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Display exit message
|
|
||||||
if [ -e "${LXC_CACHE_PATH}/create-message" ]; then
|
|
||||||
echo -e "\n---"
|
|
||||||
cat "${LXC_CACHE_PATH}/create-message"
|
|
||||||
fi
|
|
||||||
|
|
||||||
exit 0
|
|
@ -1,23 +0,0 @@
|
|||||||
# This file is part of systemd.
|
|
||||||
#
|
|
||||||
# systemd is free software; you can redistribute it and/or modify it
|
|
||||||
# under the terms of the GNU Lesser General Public License as published by
|
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
|
|
||||||
[Unit]
|
|
||||||
Description=Virtual Machine and Container Registration Service
|
|
||||||
Documentation=man:systemd-machined.service(8)
|
|
||||||
Documentation=http://www.freedesktop.org/wiki/Software/systemd/machined
|
|
||||||
Wants=machine.slice
|
|
||||||
After=machine.slice
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
ExecStart={{ systemd_utils_prefix }}/systemd-machined
|
|
||||||
BusName=org.freedesktop.machine1
|
|
||||||
CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID
|
|
||||||
WatchdogSec=3min
|
|
||||||
|
|
||||||
# Note that machined cannot be placed in a mount namespace, since it
|
|
||||||
# needs access to the host's mount namespace in order to implement the
|
|
||||||
# "machinectl bind" operation.
|
|
@ -54,27 +54,6 @@
|
|||||||
vars:
|
vars:
|
||||||
tox_env: btrfs
|
tox_env: btrfs
|
||||||
|
|
||||||
- job:
|
|
||||||
name: openstack-ansible-lxc-machinectl-ubuntu-bionic
|
|
||||||
parent: openstack-ansible-lxc-container-create
|
|
||||||
nodeset: ubuntu-bionic
|
|
||||||
vars:
|
|
||||||
tox_env: mnctl
|
|
||||||
|
|
||||||
- job:
|
|
||||||
name: openstack-ansible-lxc-machinectl-ubuntu-focal
|
|
||||||
parent: openstack-ansible-lxc-container-create
|
|
||||||
nodeset: ubuntu-focal
|
|
||||||
vars:
|
|
||||||
tox_env: mnctl
|
|
||||||
|
|
||||||
- job:
|
|
||||||
name: openstack-ansible-lxc-machinectl-centos-7
|
|
||||||
parent: openstack-ansible-lxc-container-create
|
|
||||||
nodeset: centos-7
|
|
||||||
vars:
|
|
||||||
tox_env: mnctl
|
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
name: openstack-ansible-lxc-overlayfs-ubuntu-bionic
|
name: openstack-ansible-lxc-overlayfs-ubuntu-bionic
|
||||||
parent: openstack-ansible-lxc-container-create
|
parent: openstack-ansible-lxc-container-create
|
||||||
|
@ -26,9 +26,6 @@
|
|||||||
- openstack-ansible-lxc-dir-ubuntu-focal
|
- openstack-ansible-lxc-dir-ubuntu-focal
|
||||||
- openstack-ansible-lxc-btrfs-ubuntu-bionic
|
- openstack-ansible-lxc-btrfs-ubuntu-bionic
|
||||||
- openstack-ansible-lxc-btrfs-ubuntu-focal
|
- openstack-ansible-lxc-btrfs-ubuntu-focal
|
||||||
- openstack-ansible-lxc-machinectl-ubuntu-bionic
|
|
||||||
- openstack-ansible-lxc-machinectl-ubuntu-focal
|
|
||||||
- openstack-ansible-lxc-machinectl-centos-7
|
|
||||||
- openstack-ansible-lxc-overlayfs-ubuntu-bionic
|
- openstack-ansible-lxc-overlayfs-ubuntu-bionic
|
||||||
- openstack-ansible-lxc-overlayfs-ubuntu-focal
|
- openstack-ansible-lxc-overlayfs-ubuntu-focal
|
||||||
- openstack-ansible-lxc-zfs-ubuntu-bionic
|
- openstack-ansible-lxc-zfs-ubuntu-bionic
|
||||||
|
Loading…
Reference in New Issue
Block a user