Split the container and host variable files

The host and container image variable files have been split. This split
now gives deployers the ability to change or customize the container
image used on a given host.

Change-Id: I839bbcfff3f33dde144e9fb8d078fa1d97f8c410
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
Kevin Carter 2018-03-19 18:37:28 -05:00 committed by Kevin Carter (cloudnull)
parent 7e98da3d0f
commit e44df830ef
12 changed files with 205 additions and 125 deletions

View File

@ -64,6 +64,16 @@ lxc_container_cache_path: "/var/cache/lxc/download"
# 'lvm'. # 'lvm'.
# lxc_container_backing_method: copy-on-write # lxc_container_backing_method: copy-on-write
# The cache map is used as a basic instruction set when prep'ing the base
# container image. If the cache map is overriden, the following fields are
# required:
# lxc_cache_map:
# distro: name of the distro
# arch: "CPU architecture"
# release: version of the release
# copy_from_host: [] # List of files to copy into the container
lxc_cache_map: "{{ _lxc_cache_map }}"
# When using a base container to snapshot from for the overlayfs or LVM # When using a base container to snapshot from for the overlayfs or LVM
# copy-on-write backing stored, the base container can be set. # copy-on-write backing stored, the base container can be set.
lxc_container_base_name: "{{ lxc_cache_map.distro }}-{{ lxc_cache_map.release }}-{{ lxc_cache_map.arch }}" lxc_container_base_name: "{{ lxc_cache_map.distro }}-{{ lxc_cache_map.release }}-{{ lxc_cache_map.arch }}"
@ -138,6 +148,15 @@ lxc_cache_prep_dns:
lxc_cache_prep_pre_commands: '## pre command skipped ##' lxc_cache_prep_pre_commands: '## pre command skipped ##'
lxc_cache_prep_post_commands: '## post command skipped ##' lxc_cache_prep_post_commands: '## post command skipped ##'
# User defined variable pointing to a specific variable file used when setting
# up the base container image. Deployers can use the provided container variable
# files by simply inputting the file name
# "{{ ansible_distribution }}-{{ ansible_distribution_version }}-container.yml"
# or by providing the full path to a local file containing all of the variables
# needed to prepare a container. built-in supported values are:
# [redhat-7.yml, suse-42.yml, ubuntu-16.04.yml]
lxc_user_defined_container: null
# Full path to the base image prep script. By default this will use the # Full path to the base image prep script. By default this will use the
# named script for a given OS within the "templates/prep-scripts" directory. # named script for a given OS within the "templates/prep-scripts" directory.
# If a deployer wishes to override this script with something else they can # If a deployer wishes to override this script with something else they can

View File

@ -0,0 +1,8 @@
---
features:
- The variable ``lxc_user_defined_container`` has been added to the lxc_hosts
role allowing deployers to define the variable file loaded when preparing a
base container image. This option defaults to using a base image most
closely associated with the underlying OS however should a deployer need,
this option can be used to customize the base container image for a given
host.

View File

@ -32,7 +32,7 @@
mode: "{{ item.mode|default('0644') }}" mode: "{{ item.mode|default('0644') }}"
with_items: with_items:
- { src: lxc-openstack.conf.j2, dest: "/etc/lxc/lxc-openstack.conf" } - { src: lxc-openstack.conf.j2, dest: "/etc/lxc/lxc-openstack.conf" }
- { src: lxc.default.j2, dest: "{{ system_config_dir}}/lxc-net", mode: "0644" } - { src: lxc.default.j2, dest: "{{ system_config_dir }}/lxc-net", mode: "0644" }
- { src: lxc-system-manage.j2, dest: "/usr/local/bin/lxc-system-manage", mode: "0755" } - { src: lxc-system-manage.j2, dest: "/usr/local/bin/lxc-system-manage", mode: "0755" }
tags: tags:
- lxc-files - lxc-files

View File

@ -34,6 +34,18 @@
- name: Gather variables for each operating system - name: Gather variables for each operating system
include_vars: "{{ item }}" include_vars: "{{ item }}"
with_first_found: with_first_found:
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}-host.yml"
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}-host.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}-host.yml"
- "{{ ansible_distribution | lower }}-host.yml"
- "{{ ansible_os_family | lower }}-host.yml"
tags:
- always
- name: Gather container variables
include_vars: "{{ item }}"
with_first_found:
- "{{ lxc_user_defined_container }}"
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml" - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml" - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"

View File

@ -7,8 +7,8 @@ set -e -x
# We have (tried to!) copied repo-oss and repo-update from the host so wipe everything else. # We have (tried to!) copied repo-oss and repo-update from the host so wipe everything else.
find /etc/zypp/repos.d/ -type f ! -name "repo-oss.repo" -a ! -name "repo-update.repo" -delete find /etc/zypp/repos.d/ -type f ! -name "repo-oss.repo" -a ! -name "repo-update.repo" -delete
zypper lr | grep -q 'repo-oss' || zypper --quiet ar {{ lxc_hosts_opensuse_mirror_url }}/distribution/leap/{{ ansible_distribution_version }}/repo/oss repo-oss zypper lr | grep -q 'repo-oss' || zypper --quiet ar {{ lxc_hosts_opensuse_mirror_url }}/distribution/leap/{{ lxc_cache_map.release }}/repo/oss repo-oss
zypper lr | grep -q 'repo-update' || zypper --quiet ar {{ lxc_hosts_opensuse_mirror_url }}/update/leap/{{ ansible_distribution_version }}/oss repo-update zypper lr | grep -q 'repo-update' || zypper --quiet ar {{ lxc_hosts_opensuse_mirror_url }}/update/leap/{{ lxc_cache_map.release }}/oss repo-update
# Disable recommended packages. Only update what's really needed # Disable recommended packages. Only update what's really needed
if ! fgrep -qx "solver.onlyRequires = true" /etc/zypp/zypp.conf; then if ! fgrep -qx "solver.onlyRequires = true" /etc/zypp/zypp.conf; then

View File

@ -13,8 +13,8 @@ apt-get remove -y --purge snap* lxc* lxd* resolvconf* || true
# Update base distribution # Update base distribution
apt-get update apt-get update
apt-get upgrade -y apt-get upgrade -y
apt-get install -y {{ lxc_cache_install_debconf }} {{ lxc_cache_distro_packages | join(' ') }} apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes {{ lxc_cache_distro_packages | join(' ') }}
apt-get upgrade -y {{ lxc_cache_install_debconf }} apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes
rm -f /usr/bin/python rm -f /usr/bin/python
rm /etc/machine-id || true rm /etc/machine-id || true
rm /var/lib/dbus/machine-id || true rm /var/lib/dbus/machine-id || true

54
vars/redhat-7-host.yml Normal file
View File

@ -0,0 +1,54 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
system_config_dir: "/etc/sysconfig"
systemd_utils_prefix: "/lib/systemd"
# Required rpm packages.
lxc_hosts_distro_packages:
- aria2
- bridge-utils
- btrfs-progs
- dbus
- debootstrap
- dnsmasq
- git
- libseccomp
- lxc
- lxc-devel
- lxc-libs
- lxc-templates
- unzip
- xz
# NOTE(mhayden): This packages are required for building the SELinux policy
# for LXC on CentOS 7. They're separate from the main package list because
# they take a signficant of time to install and they can be installed while
# other tasks run.
lxc_hosts_distro_selinux_packages:
- libselinux
- libselinux-devel
- policycoreutils-python
- selinux-policy-devel
lxc_xz_bin: xz
lxc_cached_network_interfaces:
- src: "lxc-net-redhat-bridge.cfg.j2"
dest: "/etc/sysconfig/network-scripts/ifcfg-{{ lxc_net_bridge }}"
- src: "lxc-net-suseredhat-postdown.cfg.j2"
dest: "/etc/sysconfig/network-scripts/ifdown-post-{{ lxc_net_bridge }}"
mode: "0755"
interface: "${DEVICE}"

View File

@ -13,41 +13,9 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
system_config_dir: "/etc/sysconfig"
systemd_utils_prefix: "/lib/systemd"
_lxc_hosts_container_image_url: "https://github.com/CentOS/sig-cloud-instance-images/raw/CentOS-7/docker/centos-7-docker.tar.xz" _lxc_hosts_container_image_url: "https://github.com/CentOS/sig-cloud-instance-images/raw/CentOS-7/docker/centos-7-docker.tar.xz"
# Required rpm packages. _lxc_cache_map:
lxc_hosts_distro_packages:
- aria2
- bridge-utils
- btrfs-progs
- dbus
- debootstrap
- dnsmasq
- git
- libseccomp
- lxc
- lxc-devel
- lxc-libs
- lxc-templates
- unzip
- xz
# NOTE(mhayden): This packages are required for building the SELinux policy
# for LXC on CentOS 7. They're separate from the main package list because
# they take a signficant of time to install and they can be installed while
# other tasks run.
lxc_hosts_distro_selinux_packages:
- libselinux
- libselinux-devel
- policycoreutils-python
- selinux-policy-devel
lxc_xz_bin: xz
lxc_cache_map:
distro: centos distro: centos
arch: "{{ lxc_architecture_mapping.get( ansible_architecture ) }}" arch: "{{ lxc_architecture_mapping.get( ansible_architecture ) }}"
release: 7 release: 7
@ -84,11 +52,3 @@ _lxc_cache_distro_packages:
- yum-plugin-priorities - yum-plugin-priorities
- yum-plugin-rpm-warm-cache - yum-plugin-rpm-warm-cache
- yum-utils - yum-utils
lxc_cached_network_interfaces:
- src: "lxc-net-redhat-bridge.cfg.j2"
dest: "/etc/sysconfig/network-scripts/ifcfg-{{ lxc_net_bridge }}"
- src: "lxc-net-suseredhat-postdown.cfg.j2"
dest: "/etc/sysconfig/network-scripts/ifdown-post-{{ lxc_net_bridge }}"
mode: "0755"
interface: "${DEVICE}"

48
vars/suse-42-host.yml Normal file
View File

@ -0,0 +1,48 @@
---
# Copyright 2016, Rackspace US, Inc.
# Copyright 2017, SUSE LINUX GmbH.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
lxc_hosts_external_repo:
- name: "OBS:Virtualization:containers"
uri: "{{ lxc_hosts_opensuse_mirror_obs_url }}/repositories/Virtualization:/containers/openSUSE_Leap_{{ ansible_distribution_version }}/"
system_config_dir: "/etc/sysconfig"
systemd_utils_prefix: "/usr/lib/systemd"
# Required rpm packages.
lxc_hosts_distro_packages:
- apparmor-parser
- apparmor-profiles
- apparmor-utils
- aria2
- bridge-utils
- btrfsprogs
- dbus-1
- dnsmasq
- git-core
- libseccomp2
- lxc
- liblxc-devel
- xz
lxc_xz_bin: xz
lxc_cached_network_interfaces:
- src: "lxc-net-suse-bridge.cfg.j2"
dest: "/etc/sysconfig/network/ifcfg-{{ lxc_net_bridge }}"
- src: "lxc-net-suseredhat-postdown.cfg.j2"
dest: "/etc/sysconfig/network/scripts/ifdown-post-{{ lxc_net_bridge }}"
mode: "0755"
interface: "${1}"

View File

@ -14,34 +14,10 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
lxc_hosts_external_repo:
- name: "OBS:Virtualization:containers"
uri: "{{ lxc_hosts_opensuse_mirror_obs_url }}/repositories/Virtualization:/containers/openSUSE_Leap_{{ ansible_distribution_version }}/"
_lxc_hosts_container_image_url: "https://github.com/openSUSE/docker-containers-build/raw/openSUSE-Leap-42.3/{{ ansible_architecture }}/openSUSE-Leap-42.3.base.{{ ansible_architecture }}.tar.xz" _lxc_hosts_container_image_url: "https://github.com/openSUSE/docker-containers-build/raw/openSUSE-Leap-42.3/{{ ansible_architecture }}/openSUSE-Leap-42.3.base.{{ ansible_architecture }}.tar.xz"
system_config_dir: "/etc/sysconfig" _lxc_cache_map:
systemd_utils_prefix: "/usr/lib/systemd"
# Required rpm packages.
lxc_hosts_distro_packages:
- apparmor-parser
- apparmor-profiles
- apparmor-utils
- aria2
- bridge-utils
- btrfsprogs
- dbus-1
- dnsmasq
- git-core
- libseccomp2
- lxc
- liblxc-devel
- xz
lxc_xz_bin: xz
lxc_cache_map:
distro: opensuse distro: opensuse
arch: "{{ lxc_architecture_mapping.get( ansible_architecture ) }}" arch: "{{ lxc_architecture_mapping.get( ansible_architecture ) }}"
release: "42.3" release: "42.3"
@ -74,11 +50,3 @@ _lxc_cache_distro_packages:
- tar - tar
- wget - wget
- which - which
lxc_cached_network_interfaces:
- src: "lxc-net-suse-bridge.cfg.j2"
dest: "/etc/sysconfig/network/ifcfg-{{ lxc_net_bridge }}"
- src: "lxc-net-suseredhat-postdown.cfg.j2"
dest: "/etc/sysconfig/network/scripts/ifdown-post-{{ lxc_net_bridge }}"
mode: "0755"
interface: "${1}"

View File

@ -0,0 +1,56 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## APT Cache Options
cache_timeout: 600
# Required apt packages.
lxc_hosts_distro_packages:
- apparmor
- apparmor-profiles
- apparmor-utils
- aria2
- bridge-utils
- btrfs-tools
- cgmanager
- cgroup-lite
- dbus
- debootstrap
- dnsmasq-base
- git
- iptables
- irqbalance
- language-pack-en
- liblxc1
- lxc
- lxc-dev
- lxc-templates
- python-dev
- python3-lxc
- systemd-container
- pxz
# Package to remove from the host
lxc_hosts_remove_distro_packages:
- dnsmasq
lxc_xz_bin: pxz
system_config_dir: "/etc/default"
systemd_utils_prefix: "/lib/systemd"
lxc_cached_network_interfaces:
- src: "lxc-net-bridge.cfg.j2"
dest: "/etc/network/interfaces.d/lxc-net-bridge.cfg"

View File

@ -13,46 +13,9 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
## APT Cache Options
cache_timeout: 600
_lxc_hosts_container_image_url: "http://cdimage.ubuntu.com/ubuntu-base/releases/16.04/release/ubuntu-base-16.04.4-base-{{ lxc_cache_map.arch }}.tar.gz" _lxc_hosts_container_image_url: "http://cdimage.ubuntu.com/ubuntu-base/releases/16.04/release/ubuntu-base-16.04.4-base-{{ lxc_cache_map.arch }}.tar.gz"
# Required apt packages. _lxc_cache_map:
lxc_hosts_distro_packages:
- apparmor
- apparmor-profiles
- apparmor-utils
- aria2
- bridge-utils
- btrfs-tools
- cgmanager
- cgroup-lite
- dbus
- debootstrap
- dnsmasq-base
- git
- iptables
- irqbalance
- language-pack-en
- liblxc1
- lxc
- lxc-dev
- lxc-templates
- python-dev
- python3-lxc
- systemd-container
- pxz
# Package to remove from the host
lxc_hosts_remove_distro_packages:
- dnsmasq
lxc_xz_bin: pxz
system_config_dir: "/etc/default"
systemd_utils_prefix: "/lib/systemd"
lxc_cache_map:
distro: ubuntu distro: ubuntu
arch: "{{ lxc_architecture_mapping.get( ansible_architecture ) }}" arch: "{{ lxc_architecture_mapping.get( ansible_architecture ) }}"
release: xenial release: xenial
@ -64,10 +27,6 @@ lxc_cache_map:
- /etc/localtime - /etc/localtime
- /root/repo.keys - /root/repo.keys
# This forces any modified configurations to remain, and any unmodified configs to be replaced
# ref: http://serverfault.com/questions/259226/automatically-keep-current-version-of-config-files-when-apt-get-install
lxc_cache_install_debconf: '-o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes'
_lxc_cache_prep_template: "prep-scripts/ubuntu_16_prep.sh.j2" _lxc_cache_prep_template: "prep-scripts/ubuntu_16_prep.sh.j2"
_lxc_cache_distro_packages: _lxc_cache_distro_packages:
@ -92,7 +51,3 @@ _lxc_cache_distro_packages:
- tar - tar
- wget - wget
- debianutils # for 'which' executable - debianutils # for 'which' executable
lxc_cached_network_interfaces:
- src: "lxc-net-bridge.cfg.j2"
dest: "/etc/network/interfaces.d/lxc-net-bridge.cfg"