Add centos-8 support

Centos-7 uses tasks/lxc_isntall_yum.yml so we can put all of the Centos-8 setup exclusively in tasks/lxc_install_dnf.yml which means there are few conditional setup tasks needed. Add cache prep and lxc host vars files for rhel-8 variants. This patch takes the systemd-networkd package from EPEL and installs it into the LXC image, so that the existing lxc_container_create role can set up the container networking in the same manner as the other supported operating systems. Depends-On: https://review.opendev.org/738913 Change-Id: If57de332945291d139d54e9aed5d782a69a71d97
2020-06-16 07:37:13 +01:00 · 2020-06-16 07:37:13 +01:00 · eaae389a4b
parent 94409e4d26
commit eaae389a4b
7 changed files with 151 additions and 50 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -250,8 +250,8 @@ lxc_centos_epel_key: "{{ centos_epel_key | default('http://download.fedoraprojec

 # LXC must be installed from a COPR repository on CentOS since the version
 # provided in EPEL is much too old (1.x).
-lxc_centos_package_baseurl: https://copr-be.cloud.fedoraproject.org/results/thm/lxc2.0/epel-7-x86_64/
-lxc_centos_package_key: https://copr-be.cloud.fedoraproject.org/results/thm/lxc2.0/pubkey.gpg
+lxc_centos_package_baseurl: "{{ _lxc_centos_package_baseurl }}"
+lxc_centos_package_key: "{{ _lxc_centos_package_key }}"


 ## Set default mirror for openSUSE repositories
--- a/tasks/lxc_install_dnf.yml
+++ b/tasks/lxc_install_dnf.yml
@ -18,46 +18,18 @@
    name: createrepo
    state: latest

- name: Deploy upstream COPR yum repo for LXC 2.0
+- name: Deploy upstream COPR yum repo for lxc 3
  yum_repository:
-    name: thm-lxc2.0
-    description: "COPR repository for LXC 2.0 packages on CentOS 7"
+    name: thm-lxc3.0
+    description: "Copr repo for lxc3.0 owned by thm"
    baseurl: "{{ lxc_centos_package_baseurl }}"
-    enabled: no
+    enabled: yes
    gpgcheck: yes
    gpgkey: "{{ lxc_centos_package_key }}"
    repo_gpgcheck: no
-    priority: 99
    state: present

- name: Deploy local COPR yum repo for LXC 2.0
-  yum_repository:
-    name: thm-lxc2.0-local
-    description: "Local repository for LXC 2.0 packages on CentOS 7"
-    baseurl: "file:///opt/thm-lxc2.0"
-    enabled: no
-    gpgcheck: yes
-    gpgkey: "{{ lxc_centos_package_key }}"
-    repo_gpgcheck: no
-    priority: 99
-    state: present
-  register: copr_repository_deploy

-# NOTE: Existing CentOS environments may not have the COPR repo priority set
-#       higher than the default. The following task ensures that existing
-#       deployments have their priority adjusted for the COPR repository.
-# NOTE: We need to remove priority settings in S cycle.
-# TODO(mhayden): The ini_file module is required here since the yum_repository
-#                module can only do add/remove operations, not edits.
-#                Ansible bug: https://github.com/ansible/ansible/issues/22362
- name: Ensure COPR repository priority is set
-  ini_file:
-    dest: /etc/yum.repos.d/thm-lxc2.0.repo
-    section: thm-lxc2.0
-    option: priority
-    value: 99
-  when:
-    - not copr_repository_deploy  is changed

 - name: Add GPG key for COPR LXC repo
  rpm_key:
@ -68,13 +40,6 @@
  retries: 5
  delay: 2

- name: Create and enable local LXC package repository
-  command: "{{ item }}"
-  with_items:
-    - "reposync --repoid=thm-lxc2.0 --download_path=/tmp/"
-    - "createrepo /tmp/thm-lxc2.0"
-    - "rsync -a --delete /tmp/thm-lxc2.0/ /opt/thm-lxc2.0/"
-    - "yum-config-manager --enable thm-lxc2.0-local"

 - name: Download EPEL gpg keys
  get_url:
@ -89,20 +54,16 @@
  rpm_key:
    key: "/etc/pki/rpm-gpg/{{ lxc_centos_epel_key.split('/')[-1] }}"
    state: present
-  register: _add_yum_keys
-  until: _add_yum_keys is success
-  retries: 5
-  delay: 2

- name: Install the EPEL repository
+- name: Install the EPEL repository - Centos-8
  yum_repository:
    name: epel-lxc_hosts
-    baseurl: "{{ (centos_epel_mirror | default ('http://download.fedoraproject.org/pub/epel')) ~ '/' ~ ansible_distribution_major_version ~ '/' ~ ansible_architecture }}"
-    description: 'Extra Packages for Enterprise Linux 7 - $basearch'
+    baseurl: "{{ lxc_centos_epel_mirror ~ '/' ~ ansible_distribution_major_version ~ '/Everything/' ~ ansible_architecture }}"
+    description: 'Extra Packages for Enterprise Linux {{ ansible_distribution_major_version }} - $basearch'
    gpgcheck: yes
    enabled: yes
    state: present
-    includepkgs: 'aria2 python2-lxc'
+    includepkgs: "aria2 systemd-networkd"
  register: install_epel_repo
  until: install_epel_repo is success
  retries: 5
--- a/tasks/lxc_net.yml
+++ b/tasks/lxc_net.yml
@ -79,7 +79,9 @@
    dest: "/etc/sysconfig/network-scripts/ifdown-post"
    line: ". /etc/sysconfig/network-scripts/ifdown-post-{{ lxc_net_bridge }}"
    insertbefore: "^exit\ 0$"
-  when: ansible_os_family | lower == "redhat"
+  when:
+    - ansible_os_family | lower == "redhat"
+    - ansible_distribution_major_version == "7"
  notify:
    - Restart bridge
  tags:
--- a/templates/prep-scripts/centos_8_prep.sh.j2
+++ b/templates/prep-scripts/centos_8_prep.sh.j2
@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+set -e -x
+
+{{ lxc_cache_prep_pre_commands }}
+
+{% include 'templates/prep-scripts/_container_sys_setup.sh.j2' %}
+
+if [[ -d "/etc/pki/rpm-gpg" ]]; then
+  rpm --import /etc/pki/rpm-gpg/* || true
+fi
+
+# The containers do not need the LXC repository (only hosts need it).
+rm -f /etc/yum.repos.d/thm-lxc3.0*
+
+# Create dnf transaction file and run it all at once
+echo "update" > /tmp/package-transaction.txt
+echo "install {{ lxc_cache_distro_packages | join(' ') }}" >> /tmp/package-transaction.txt
+echo "run" >> /tmp/package-transaction.txt
+dnf -y shell /tmp/package-transaction.txt
+rm -f /tmp/package-transaction.txt
+rm /etc/machine-id || true
+rm /var/lib/dbus/machine-id || true
+rm /etc/sysctl.d/* || true
+echo '' > /etc/sysctl.conf
+touch /etc/machine-id
+dnf clean all
+mkdir -p /var/backup
+chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
+
+# Set the IP of the lxcbr0 interface as the DNS server
+echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf
+systemctl enable systemd-networkd
+systemctl enable systemd-resolved
+
+{{ lxc_cache_prep_post_commands }}
--- a/vars/redhat-7-host.yml
+++ b/vars/redhat-7-host.yml
@ -16,6 +16,9 @@
 system_config_dir: "/etc/sysconfig"
 systemd_utils_prefix: "/lib/systemd"

+_lxc_centos_package_baseurl: https://copr-be.cloud.fedoraproject.org/results/thm/lxc2.0/epel-7-x86_64/
+_lxc_centos_package_key: https://copr-be.cloud.fedoraproject.org/results/thm/lxc2.0/pubkey.gpg
+
 # Required rpm packages.
 _lxc_hosts_distro_packages:
  - aria2
--- a/vars/redhat-8-host.yml
+++ b/vars/redhat-8-host.yml
@ -0,0 +1,49 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+system_config_dir: "/etc/sysconfig"
+systemd_utils_prefix: "/lib/systemd"
+
+_lxc_centos_package_baseurl: "https://download.copr.fedorainfracloud.org/results/thm/lxc3.0/epel-8-$basearch/"
+_lxc_centos_package_key: "https://download.copr.fedorainfracloud.org/results/thm/lxc3.0/pubkey.gpg"
+
+# Required rpm packages.
+_lxc_hosts_distro_packages:
+  - aria2
+  - dbus
+  - dnsmasq
+  - git
+  - iptables
+  - libseccomp
+  - lxc
+  - lxc-devel
+  - lxc-libs
+  - lxc-templates
+  - policycoreutils-python-utils
+  - procps
+  - python3-lxc
+  - systemd-container
+  - unzip
+  - xz
+
+lxc_xz_bin: xz
+
+lxc_cached_network_interfaces:
+  - src: "lxc-net-redhat-bridge.cfg.j2"
+    dest: "/etc/sysconfig/network-scripts/ifcfg-{{ lxc_net_bridge }}"
+  - src: "lxc-net-suseredhat-postdown.cfg.j2"
+    dest: "/etc/sysconfig/network-scripts/ifdown-post-{{ lxc_net_bridge }}"
+    mode: "0755"
+    interface: "${DEVICE}"
--- a/vars/redhat-8.yml
+++ b/vars/redhat-8.yml
@ -0,0 +1,51 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+_lxc_hosts_container_image_url: "https://cloud.centos.org/centos/8/x86_64/images/CentOS-8-Container-8.1.1911-20200113.3-layer.x86_64.tar.xz"
+
+_lxc_cache_map:
+  distro: centos
+  arch: "{{ lxc_architecture_mapping.get( ansible_architecture ) }}"
+  release: 8
+  copy_from_host:
+    - /etc/default/locale
+    - /etc/environment
+    - /etc/localtime
+    - /etc/locale.conf
+    - /etc/protocols
+    - /etc/pki/rpm-gpg/
+    - /etc/yum/pluginconf.d/fastestmirror.conf
+    - /etc/yum.repos.d/
+
+_lxc_cache_prep_template: "prep-scripts/centos_8_prep.sh.j2"
+
+_lxc_cache_distro_packages:
+  - ca-certificates
+  - cronie
+  - gcc
+  - iproute
+  - iputils
+  - openssh-server
+  - openssl
+  - policycoreutils
+  - rsync
+  - setup
+  - sudo
+  - systemd
+  - systemd-networkd
+  - systemd-sysv
+  - tar
+  - wget
+  - which