Remove machinectl from LXC cache prep

machinectl is only used to store the image during
initial cache preparation and is unrelated to the
backing store used by LXC.

This patch removes the use of machinectl and btrfs
which makes the lxc_hosts role portable to centos-8
which does not have btrfs

Change-Id: Ib03ea09fa5b4d4b6b3d5ca38a0a6c5cf67eb1df4
This commit is contained in:
Jonathan Rosser 2020-06-16 07:22:58 +01:00
parent 295c3c0a93
commit da4f62b006
14 changed files with 117 additions and 523 deletions

View File

@ -12,8 +12,8 @@ ConditionPathExists=/var/lib/machines.raw
[Mount] [Mount]
What=/var/lib/machines.raw What=/var/lib/machines.raw
Where=/var/lib/machines Where=/var/lib/machines
Type=btrfs Type=ext4
Options=loop,defaults,noatime,nodiratime,compress=lzo,commit=120,{{ (ansible_kernel is version('4.5', '>=')) | ternary('space_cache=v2', 'space_cache') }} Options=loop,defaults,noatime,nodiratime
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View File

@ -0,0 +1,8 @@
---
deprecations:
- |
To provide compatibility with Centos-8 the LXC cache preparation has
been greatly simplified to remove the requirement for machinectl and
btrfs, which is a combination not available on Centos-8. This has
the side effect of machinectl no longer being a supported backing
store for LXC.

View File

@ -13,14 +13,6 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- name: Check cached image status
command: "machinectl image-status {{ lxc_container_base_name }}"
register: cache_check
changed_when: false
failed_when: false
tags:
- always
- name: Retrieve the expiry object - name: Retrieve the expiry object
slurp: slurp:
src: "{{ cache_path_fact }}/expiry" src: "{{ cache_path_fact }}/expiry"
@ -34,8 +26,7 @@
- name: Set cache refresh fact - name: Set cache refresh fact
set_fact: set_fact:
lxc_image_cache_refresh: true lxc_image_cache_refresh: true
when: > when:
(cache_check.rc != 0) or
cache_time >= (expiry.content|default('MQo=') | b64decode) cache_time >= (expiry.content|default('MQo=') | b64decode)
tags: tags:
- always - always

View File

@ -27,23 +27,17 @@
file: file:
path: "{{ cache_path_fact }}/rootfs.tar.xz" path: "{{ cache_path_fact }}/rootfs.tar.xz"
state: "absent" state: "absent"
when:
- container_backing_store != 'machinectl'
# This is using a shell command because the ansible archive module does not # This is using a shell command because the ansible archive module does not
# provide for the options needed to properly create an LXC image archive. # provide for the options needed to properly create an LXC image archive.
# Ansible will print a warning since this task calls 'tar' directly and we # Ansible will print a warning since this task calls 'tar' directly and we
# suppress this warning with 'warn: no'. This task is not run when the backend # suppress this warning with 'warn: no'.
# is set to "machinectl" because the "machinectl" backend directly clones the
# base image instead of unpacking a container tarball.
- name: Create lxc image - name: Create lxc image
shell: | shell: |
tar -Opc -C {{ lxc_image_cache_path }} . | {{ lxc_xz_bin }} -T 0 -{{ lxc_image_compression_ratio }} -c - > rootfs.tar.xz tar -Opc -C {{ lxc_image_cache_path }} . | {{ lxc_xz_bin }} -T 0 -{{ lxc_image_compression_ratio }} -c - > rootfs.tar.xz
args: args:
chdir: "{{ cache_path_fact }}/" chdir: "{{ cache_path_fact }}/"
warn: no warn: no
when:
- container_backing_store != 'machinectl'
tags: tags:
- skip_ansible_lint - skip_ansible_lint
@ -77,8 +71,6 @@
copy: copy:
content: "{{ cache_time }}" content: "{{ cache_time }}"
dest: "{{ cache_path_fact }}/build_id" dest: "{{ cache_path_fact }}/build_id"
when:
- container_backing_store != 'machinectl'
- include_tasks: "{{ item }}" - include_tasks: "{{ item }}"
with_first_found: with_first_found:

View File

@ -13,61 +13,9 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- name: Pull systemd version
command: "systemctl --version"
changed_when: false
register: systemd_version
tags:
# Avoid ANSIBLE0006 lint issue: systemctl used in place of systemd module
- skip_ansible_lint
- always
- block:
- name: Create machined proxy override unit directories
file:
path: "/etc/systemd/system/{{ item }}"
owner: root
group: root
mode: '0755'
state: directory
with_items:
- systemd-machined.service.d
- systemd-importd.service.d
- name: Drop the machined proxy override units
template:
src: systemd-proxy-unit.conf.j2
dest: /etc/systemd/system/{{ item }}/proxy.conf
owner: root
group: root
mode: '0644'
with_items:
- systemd-machined.service.d
- systemd-importd.service.d
when:
- (deployment_environment_variables | default({})).keys() | length > 0
- include_tasks: lxc_volume.yml - include_tasks: lxc_volume.yml
- include_tasks: "lxc_cache_preparation_systemd_{{ (systemd_version.stdout_lines[0].split()[1] | int > 219) | ternary('new', 'old') }}.yml" - include_tasks: lxc_cache_preparation_simple.yml
- name: Set the qgroup limits
block:
- name: Set the qgroup size|compression limits on machines
command: "btrfs qgroup limit {{ item }} {{ lxc_image_cache_path }}"
changed_when: false
with_items:
- "-e {{ lxc_host_machine_qgroup_space_limit }}"
- "-c {{ lxc_host_machine_qgroup_compression_limit }}"
when:
- not lxc_host_machine_quota_disabled
rescue:
- name: Notice regarding quota system
debug:
msg: >-
There was an error processing the setup of qgroups. Check the system
to ensure they're available otherwise disable the quota system by
setting `lxc_host_machine_quota_disabled` to true.
# NOTE(cloudnull): We're using rsync and an if block because we've no means # NOTE(cloudnull): We're using rsync and an if block because we've no means
# to loop over a block. Re-evaluate this task when/if this is # to loop over a block. Re-evaluate this task when/if this is

View File

@ -0,0 +1,71 @@
---
# Copyright 2020, BBC R&D
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create sparse machines file
command: "truncate -s 11G /var/lib/machines.raw"
args:
creates: /var/lib/machines.raw
register: machines_create
- name: Format the machines file
filesystem:
fstype: ext4
dev: /var/lib/machines.raw
when:
- machines_create is changed
- name: Create machines mount point
file:
path: "/var/lib/machines"
state: "directory"
recurse: true
- name: Move machines mount into place
copy:
src: var-lib-machines.mount
dest: /lib/systemd/system/var-lib-machines.mount
register: mount_unit
- name: Reload the System daemon
systemd:
daemon_reload: yes
when: mount_unit is changed
- name: Mount all
shell: "mount | grep '/var/lib/machines' || (systemctl start var-lib-machines.mount && exit 3)"
register: mount_machines
changed_when: mount_machines.rc == 3
failed_when: mount_machines.rc not in [0, 3]
tags:
- skip_ansible_lint
- name: Remove the old image cache
file:
path: "/var/lib/machines/{{ lxc_container_base_name }}"
state: absent
when:
- lxc_image_cache_refresh | bool
- name: Create new image cache directory
file:
path: "/var/lib/machines/{{ lxc_container_base_name }}"
state: directory
register: create_new_dir
- name: Unpack base image
unarchive:
src: "/tmp/{{ cache_basename }}"
dest: "/var/lib/machines/{{ lxc_container_base_name }}"
when: create_new_dir is changed

View File

@ -1,58 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# NOTE(cloudnull): When modern SystemD is running everywhere this can be
# collapsed back into the base preparation task file.
- name: Remove old image cache
command: "machinectl remove {{ lxc_container_base_name }}"
register: cache_refresh
changed_when: cache_refresh.rc == 0
failed_when: cache_refresh.rc not in [0, 1]
when:
- lxc_image_cache_refresh | bool
- name: Ensure image has been pre-staged
async_status:
jid: "{{ prestage_image.ansible_job_id }}"
register: job_result
until: job_result.finished
retries: 60
- name: Ensure systemd-importd is enabled
systemd:
name: "systemd-importd"
state: "started"
enabled: "yes"
daemon_reload: "yes"
notify:
- Restart importd
- name: Retrieve base image
command: >-
machinectl
--verify=no
{{ lxc_image_cache_pull_mode }}
/tmp/{{ cache_basename }}
{{ lxc_container_base_name }}
register: pull_image
until: pull_image is success
retries: 3
delay: 1
changed_when: pull_image.rc == 0
failed_when:
- pull_image.rc != 0
- "'failed' in pull_image.stderr | lower"
notify:
- Remove rootfs archive

View File

@ -1,48 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Because of this post and it's related bug(s) this is adding the container
# volumes the old way. The new way would simply be calling `machinectl`.
# * https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg28255.html
- name: Remove old image cache
command: "btrfs subvolume delete /var/lib/machines/{{ lxc_container_base_name }}"
register: cache_refresh_del
changed_when: cache_refresh_del.rc == 0
failed_when: cache_refresh_del.rc not in [0, 1]
when:
- lxc_image_cache_refresh | bool
- name: Add image cache
command: "btrfs subvolume create /var/lib/machines/{{ lxc_container_base_name }}"
register: cache_refresh_add
changed_when: cache_refresh_add.rc == 0
failed_when: cache_refresh_add.rc not in [0, 1]
when:
- lxc_image_cache_refresh | bool
- name: Ensure image has been pre-staged
async_status:
jid: "{{ prestage_image.ansible_job_id }}"
register: job_result
until: job_result.finished
retries: 60
- name: Place container rootfs
unarchive:
src: "/tmp/{{ cache_basename }}"
dest: "/var/lib/machines/{{ lxc_container_base_name }}"
remote_src: True
notify:
- Remove rootfs archive

View File

@ -50,14 +50,6 @@
set_fact: set_fact:
lxc_major_version: "{{ lxc_version.stdout.split('.')[0] }}" lxc_major_version: "{{ lxc_version.stdout.split('.')[0] }}"
- name: Create machinectl base template
template:
src: "lxc-machinectl.j2"
dest: "/usr/share/lxc/templates/lxc-machinectl"
owner: "root"
group: "root"
mode: "0755"
- name: Drop lxc veth check script - name: Drop lxc veth check script
copy: copy:
src: "lxc-veth-check.sh" src: "lxc-veth-check.sh"

View File

@ -13,80 +13,40 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- name: Check machinectl mount point - name: Create sparse machines file
command: mountpoint /var/lib/machines command: "truncate -s 11G /var/lib/machines.raw"
failed_when: false
changed_when: false
register: machinectl_mount
# NOTE(odyssey4me):
# The size is forced to be set in Gigabytes to maintain compatibility
# with the initial implementation done in Pike-Rocky. Do not change
# this without implementing some way of converting any pre-existing
# value properly during a major upgrade.
- name: Set volume size
shell: |
machinectl set-limit {{ lxc_host_machine_volume_size | regex_replace("\D*$", "") }}G
truncate -s '>{{ lxc_host_machine_volume_size | regex_replace("\D*$", "") }}G' /var/lib/machines.raw
changed_when: false
register: machines_create
args: args:
executable: /bin/bash creates: /var/lib/machines.raw
tags: register: machines_create
- skip_ansible_lint
- name: Systemd machinectl mount - name: Format the machines file
block:
- name: Format the machines sparse file
filesystem: filesystem:
fstype: btrfs fstype: ext4
dev: /var/lib/machines.raw dev: /var/lib/machines.raw
when:
- machines_create is changed
- name: Create machines mount point - name: Create machines mount point
file: file:
path: "/var/lib/machines" path: "/var/lib/machines"
state: "directory" state: "directory"
recurse: true
- name: Move machines mount into place - name: Move machines mount into place
template: copy:
src: var-lib-machines.mount src: var-lib-machines.mount
dest: /etc/systemd/system/var-lib-machines.mount dest: /lib/systemd/system/var-lib-machines.mount
register: mount_unit register: mount_unit
notify:
- Reload systemd units
- Start machines mount
when:
- machinectl_mount.rc != 0
- meta: flush_handlers - name: Reload the System daemon
systemd:
daemon_reload: yes
when: mount_unit is changed
- name: Update quota system and group limits - name: Mount all
block: shell: "mount | grep '/var/lib/machines' || (systemctl start var-lib-machines.mount && exit 3)"
- name: Disable|Enable the machinectl quota system register: mount_machines
command: "btrfs quota {{ lxc_host_machine_quota_disabled | bool | ternary('disable', 'enable') }} /var/lib/machines" changed_when: mount_machines.rc == 3
changed_when: false failed_when: mount_machines.rc not in [0, 3]
tags:
- name: Set the qgroup size|compression limits on machines - skip_ansible_lint
command: "btrfs qgroup limit {{ item }} /var/lib/machines"
changed_when: false
with_items:
- "-e {{ lxc_host_machine_qgroup_space_limit }}"
- "-c {{ lxc_host_machine_qgroup_compression_limit }}"
when:
- not lxc_host_machine_quota_disabled | bool
rescue:
- name: Notice regarding quota system
debug:
msg: >-
The machinectl quota system could not be setup. Check the system for
quota system availability otherwise disable it by setting
`lxc_host_machine_quota_disabled` to true.
# NOTE(cloudnull): Because the machines mount may be a manually created sparse
# file we run an online resize to ensure the machines mount is
# the size we expect.
- name: Ensure the machines fs is sized correctly
command: "btrfs filesystem resize max /var/lib/machines"
failed_when: false
when:
- machines_create is changed

View File

@ -1,215 +0,0 @@
#!/usr/bin/env bash
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -eu
## Vars ----------------------------------------------------------------------
LXC_CACHE_BASE="/var/cache/lxc/"
LXC_CACHE_PATH="${LXC_CACHE_PATH:-$LXC_CACHE_BASE}"
LXC_HOOK_DIR="/usr/share/lxc/hooks"
LXC_TEMPLATE_CONFIG="/usr/share/lxc/config"
# Default variables
DOWNLOAD_VARIANT=
DOWNLOAD_DIST=
DOWNLOAD_RELEASE=
DOWNLOAD_ARCH=
# NOTE(cloudnull): These variables are created magically through the
# `lxc-create` command and must exist at the top of the file.
LXC_NAME=
LXC_PATH=
LXC_ROOTFS=
## Functions ------------------------------------------------------------------
usage() {
# Return usage information
cat <<EOF
LXC container image in machinectl
Special arguments:
[ -h | --help ]: Print this help message and exit.
Required arguments:
[ --name <name> ]: The container name
[ -d | --dist <distribution> ]: The name of the distribution
[ -r | --release <release> ]: Release name/version
[ -a | --arch <architecture> ]: Architecture of the container
Optional arguments:
[ --variant <variant> ]: Variant of the image (default: "default")
[ -b | --base <base-image> ]: Set the image base name to ANY existing machine image
EOF
}
# Trap all exit signals
trap EXIT HUP INT TERM
## Exports --------------------------------------------------------------------
# Make sure the usual locations are in PATH
export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin
## Main -----------------------------------------------------------------------
if ! options=$(getopt -o d:r:a:hl -l dist:,release:,arch:,help,list,variant:,name:,path:,rootfs: -- "$@"); then
usage
exit 1
fi
eval set -- "$options"
while :; do
case "$1" in
-h|--help) usage && exit 1;;
-l|--list) DOWNLOAD_LIST_IMAGES="true"; shift 1;;
-d|--dist) DOWNLOAD_DIST="$2"; shift 2;;
-r|--release) DOWNLOAD_RELEASE="$2"; shift 2;;
-a|--arch) DOWNLOAD_ARCH="$2"; shift 2;;
--variant) DOWNLOAD_VARIANT="$2"; shift 2;;
--name) LXC_NAME="$2"; shift 2;;
--path) LXC_PATH="$2"; shift 2;;
--rootfs) LXC_ROOTFS="$2"; shift 2;;
*) break;;
esac
done
# Setup the basic information used for machine images
if [ -z "${LXC_MACHINE_IMAGE:-}" ]; then
export LXC_MACHINE_IMAGE="${DOWNLOAD_DIST}-${DOWNLOAD_RELEASE}-${DOWNLOAD_ARCH}"
fi
# NOTE(cloudnull): If a variant name has not been defined, set it as "default".
# If a variant is set, amend the machine image name
if [ -z "${DOWNLOAD_VARIANT:-}" ]; then
export DOWNLOAD_VARIANT="default"
fi
# Setup the basic pathing pointing at the known LXC cache
LXC_CACHE_PATH="${LXC_CACHE_PATH}/download/${DOWNLOAD_DIST}"
LXC_CACHE_PATH="${LXC_CACHE_PATH}/${DOWNLOAD_RELEASE}/${DOWNLOAD_ARCH}/"
export LXC_CACHE_PATH="${LXC_CACHE_PATH}/${DOWNLOAD_VARIANT}"
# Check for required binaries
for bin in machinectl; do
if ! command -V "${bin}" >/dev/null 2>&1; then
echo "ERROR: Missing required tool: ${bin}" 1>&2
exit 1
fi
done
# Check for the lxc base image
if ! btrfs subvolume show "/var/lib/machines/${LXC_MACHINE_IMAGE}" 2>&1 > /dev/null; then
echo "[FAILURE] Base image does not exist."
exit 99
fi
if btrfs subvolume show "/var/lib/machines/${LXC_NAME}" 2>&1 > /dev/null; then
echo "[NOTICE] Contianer volume already exists"
else
btrfs subvolume snapshot \
"/var/lib/machines/${LXC_MACHINE_IMAGE}" \
"/var/lib/machines/${LXC_NAME}"
echo "[NOTICE] New machine volume created"
fi
# Set the LXC_ROOTFS to the machines path
export LXC_ROOTFS="/var/lib/machines/${LXC_NAME}"
# Ensuing the container path exists
mkdir -p "${LXC_ROOTFS}/${LXC_NAME}/dev/pts/"
mkdir -p "${LXC_PATH}/rootfs"
cat <<EOF
=== CONTAINER DETAILS ===
machine image: ${LXC_MACHINE_IMAGE}
lxc cache path: ${LXC_CACHE_PATH}
container path: ${LXC_PATH}
rootfs path: ${LXC_ROOTFS}
container name: ${LXC_NAME}
=== CONTAINER DETAILS ===
EOF
if [ ! -e "${LXC_CACHE_PATH}/config" ]; then
echo "ERROR: meta tarball is missing the configuration file" 1>&2
exit 1
fi
# Build container specific configurations
echo -e "\n# Distribution configuration" >> "${LXC_PATH}/config"
cat "${LXC_CACHE_PATH}/config" >> "${LXC_PATH}/config"
echo -e "\n# Container specific configuration" >> "${LXC_PATH}/config"
# If an older fstab file exists in the template, extend the lxc config.
if [ -e "${LXC_CACHE_PATH}/fstab" ]; then
echo "{{ lxc_template_config_key_mapping[lxc_major_version|int]['fstab'] }} = ${LXC_PATH}/fstab" >> "${LXC_PATH}/config"
fi
# Set the uts name
echo "{{ lxc_template_config_key_mapping[lxc_major_version|int]['uts_name'] }} = ${LXC_NAME}" >> "${LXC_PATH}/config"
# Look for extra templates
TEMPLATE_FILES="${LXC_PATH}/config"
if [ -e "${LXC_CACHE_PATH}/templates" ]; then
while read -r line; do
fullpath="${LXC_ROOTFS}/${line}"
[ ! -e "${fullpath}" ] && continue
TEMPLATE_FILES="${TEMPLATE_FILES};${fullpath}"
done < "${LXC_CACHE_PATH}/templates"
fi
# Replace variables in all templates
OLD_IFS=${IFS}
IFS=";"
for file in ${TEMPLATE_FILES}; do
[ ! -f "${file}" ] && continue
sed -i "s#LXC_NAME#${LXC_NAME}#g" "${file}"
sed -i "s#LXC_PATH#${LXC_PATH}#g" "${file}"
sed -i "s#LXC_ROOTFS#${LXC_ROOTFS}#g" "${file}"
sed -i "s#LXC_TEMPLATE_CONFIG#${LXC_TEMPLATE_CONFIG}#g" "${file}"
sed -i "s#LXC_HOOK_DIR#${LXC_HOOK_DIR}#g" "${file}"
done
IFS=${OLD_IFS}
# Add the machinectl backend store for the new container
if grep -q '^{{ lxc_template_config_key_mapping[lxc_major_version|int]['rootfs'] }} =' "${LXC_PATH}/config"; then
sed -i "s|^{{ lxc_template_config_key_mapping[lxc_major_version|int]['rootfs'] }} =.*|{{ lxc_template_config_key_mapping[lxc_major_version|int]['rootfs'] }} = ${LXC_ROOTFS}|" "${LXC_PATH}/config"
else
echo "{{ lxc_template_config_key_mapping[lxc_major_version|int]['rootfs'] }} = ${LXC_ROOTFS}" >> "${LXC_PATH}/config"
fi
{% if (lxc_major_version | int) < 3 %}
if grep -q '^{{ lxc_template_config_key_mapping[lxc_major_version|int]['rootfs_backend'] }} =' "${LXC_PATH}/config"; then
sed -i "s|^{{ lxc_template_config_key_mapping[lxc_major_version|int]['rootfs_backend'] }} =.*|{{ lxc_template_config_key_mapping[lxc_major_version|int]['rootfs_backend'] }} = btrfs|" "${LXC_PATH}/config"
else
echo "{{ lxc_template_config_key_mapping[lxc_major_version|int]['rootfs_backend'] }} = btrfs" >> "${LXC_PATH}/config"
fi
{% endif %}
# Prevent mingetty from calling vhangup(2)
if [ -f "${LXC_ROOTFS}/etc/init/tty.conf" ]; then
sed -i 's|mingetty|mingetty --nohangup|' "${LXC_ROOTFS}/etc/init/tty.conf"
fi
# Display exit message
if [ -e "${LXC_CACHE_PATH}/create-message" ]; then
echo -e "\n---"
cat "${LXC_CACHE_PATH}/create-message"
fi
exit 0

View File

@ -1,23 +0,0 @@
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
[Unit]
Description=Virtual Machine and Container Registration Service
Documentation=man:systemd-machined.service(8)
Documentation=http://www.freedesktop.org/wiki/Software/systemd/machined
Wants=machine.slice
After=machine.slice
[Service]
ExecStart={{ systemd_utils_prefix }}/systemd-machined
BusName=org.freedesktop.machine1
CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID
WatchdogSec=3min
# Note that machined cannot be placed in a mount namespace, since it
# needs access to the host's mount namespace in order to implement the
# "machinectl bind" operation.

View File

@ -54,27 +54,6 @@
vars: vars:
tox_env: btrfs tox_env: btrfs
- job:
name: openstack-ansible-lxc-machinectl-ubuntu-bionic
parent: openstack-ansible-lxc-container-create
nodeset: ubuntu-bionic
vars:
tox_env: mnctl
- job:
name: openstack-ansible-lxc-machinectl-ubuntu-focal
parent: openstack-ansible-lxc-container-create
nodeset: ubuntu-focal
vars:
tox_env: mnctl
- job:
name: openstack-ansible-lxc-machinectl-centos-7
parent: openstack-ansible-lxc-container-create
nodeset: centos-7
vars:
tox_env: mnctl
- job: - job:
name: openstack-ansible-lxc-overlayfs-ubuntu-bionic name: openstack-ansible-lxc-overlayfs-ubuntu-bionic
parent: openstack-ansible-lxc-container-create parent: openstack-ansible-lxc-container-create

View File

@ -26,9 +26,6 @@
- openstack-ansible-lxc-dir-ubuntu-focal - openstack-ansible-lxc-dir-ubuntu-focal
- openstack-ansible-lxc-btrfs-ubuntu-bionic - openstack-ansible-lxc-btrfs-ubuntu-bionic
- openstack-ansible-lxc-btrfs-ubuntu-focal - openstack-ansible-lxc-btrfs-ubuntu-focal
- openstack-ansible-lxc-machinectl-ubuntu-bionic
- openstack-ansible-lxc-machinectl-ubuntu-focal
- openstack-ansible-lxc-machinectl-centos-7
- openstack-ansible-lxc-overlayfs-ubuntu-bionic - openstack-ansible-lxc-overlayfs-ubuntu-bionic
- openstack-ansible-lxc-overlayfs-ubuntu-focal - openstack-ansible-lxc-overlayfs-ubuntu-focal
- openstack-ansible-lxc-zfs-ubuntu-bionic - openstack-ansible-lxc-zfs-ubuntu-bionic