Add centos-8 support
Centos-7 uses tasks/lxc_isntall_yum.yml so we can put all of the Centos-8 setup exclusively in tasks/lxc_install_dnf.yml which means there are few conditional setup tasks needed. Add cache prep and lxc host vars files for rhel-8 variants. This patch takes the systemd-networkd package from EPEL and installs it into the LXC image, so that the existing lxc_container_create role can set up the container networking in the same manner as the other supported operating systems. Depends-On: https://review.opendev.org/738913 Change-Id: If57de332945291d139d54e9aed5d782a69a71d97
This commit is contained in:
parent
94409e4d26
commit
eaae389a4b
|
@ -250,8 +250,8 @@ lxc_centos_epel_key: "{{ centos_epel_key | default('http://download.fedoraprojec
|
|||
|
||||
# LXC must be installed from a COPR repository on CentOS since the version
|
||||
# provided in EPEL is much too old (1.x).
|
||||
lxc_centos_package_baseurl: https://copr-be.cloud.fedoraproject.org/results/thm/lxc2.0/epel-7-x86_64/
|
||||
lxc_centos_package_key: https://copr-be.cloud.fedoraproject.org/results/thm/lxc2.0/pubkey.gpg
|
||||
lxc_centos_package_baseurl: "{{ _lxc_centos_package_baseurl }}"
|
||||
lxc_centos_package_key: "{{ _lxc_centos_package_key }}"
|
||||
|
||||
|
||||
## Set default mirror for openSUSE repositories
|
||||
|
|
|
@ -18,46 +18,18 @@
|
|||
name: createrepo
|
||||
state: latest
|
||||
|
||||
- name: Deploy upstream COPR yum repo for LXC 2.0
|
||||
- name: Deploy upstream COPR yum repo for lxc 3
|
||||
yum_repository:
|
||||
name: thm-lxc2.0
|
||||
description: "COPR repository for LXC 2.0 packages on CentOS 7"
|
||||
name: thm-lxc3.0
|
||||
description: "Copr repo for lxc3.0 owned by thm"
|
||||
baseurl: "{{ lxc_centos_package_baseurl }}"
|
||||
enabled: no
|
||||
enabled: yes
|
||||
gpgcheck: yes
|
||||
gpgkey: "{{ lxc_centos_package_key }}"
|
||||
repo_gpgcheck: no
|
||||
priority: 99
|
||||
state: present
|
||||
|
||||
- name: Deploy local COPR yum repo for LXC 2.0
|
||||
yum_repository:
|
||||
name: thm-lxc2.0-local
|
||||
description: "Local repository for LXC 2.0 packages on CentOS 7"
|
||||
baseurl: "file:///opt/thm-lxc2.0"
|
||||
enabled: no
|
||||
gpgcheck: yes
|
||||
gpgkey: "{{ lxc_centos_package_key }}"
|
||||
repo_gpgcheck: no
|
||||
priority: 99
|
||||
state: present
|
||||
register: copr_repository_deploy
|
||||
|
||||
# NOTE: Existing CentOS environments may not have the COPR repo priority set
|
||||
# higher than the default. The following task ensures that existing
|
||||
# deployments have their priority adjusted for the COPR repository.
|
||||
# NOTE: We need to remove priority settings in S cycle.
|
||||
# TODO(mhayden): The ini_file module is required here since the yum_repository
|
||||
# module can only do add/remove operations, not edits.
|
||||
# Ansible bug: https://github.com/ansible/ansible/issues/22362
|
||||
- name: Ensure COPR repository priority is set
|
||||
ini_file:
|
||||
dest: /etc/yum.repos.d/thm-lxc2.0.repo
|
||||
section: thm-lxc2.0
|
||||
option: priority
|
||||
value: 99
|
||||
when:
|
||||
- not copr_repository_deploy is changed
|
||||
|
||||
- name: Add GPG key for COPR LXC repo
|
||||
rpm_key:
|
||||
|
@ -68,13 +40,6 @@
|
|||
retries: 5
|
||||
delay: 2
|
||||
|
||||
- name: Create and enable local LXC package repository
|
||||
command: "{{ item }}"
|
||||
with_items:
|
||||
- "reposync --repoid=thm-lxc2.0 --download_path=/tmp/"
|
||||
- "createrepo /tmp/thm-lxc2.0"
|
||||
- "rsync -a --delete /tmp/thm-lxc2.0/ /opt/thm-lxc2.0/"
|
||||
- "yum-config-manager --enable thm-lxc2.0-local"
|
||||
|
||||
- name: Download EPEL gpg keys
|
||||
get_url:
|
||||
|
@ -89,20 +54,16 @@
|
|||
rpm_key:
|
||||
key: "/etc/pki/rpm-gpg/{{ lxc_centos_epel_key.split('/')[-1] }}"
|
||||
state: present
|
||||
register: _add_yum_keys
|
||||
until: _add_yum_keys is success
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
||||
- name: Install the EPEL repository
|
||||
- name: Install the EPEL repository - Centos-8
|
||||
yum_repository:
|
||||
name: epel-lxc_hosts
|
||||
baseurl: "{{ (centos_epel_mirror | default ('http://download.fedoraproject.org/pub/epel')) ~ '/' ~ ansible_distribution_major_version ~ '/' ~ ansible_architecture }}"
|
||||
description: 'Extra Packages for Enterprise Linux 7 - $basearch'
|
||||
baseurl: "{{ lxc_centos_epel_mirror ~ '/' ~ ansible_distribution_major_version ~ '/Everything/' ~ ansible_architecture }}"
|
||||
description: 'Extra Packages for Enterprise Linux {{ ansible_distribution_major_version }} - $basearch'
|
||||
gpgcheck: yes
|
||||
enabled: yes
|
||||
state: present
|
||||
includepkgs: 'aria2 python2-lxc'
|
||||
includepkgs: "aria2 systemd-networkd"
|
||||
register: install_epel_repo
|
||||
until: install_epel_repo is success
|
||||
retries: 5
|
||||
|
|
|
@ -79,7 +79,9 @@
|
|||
dest: "/etc/sysconfig/network-scripts/ifdown-post"
|
||||
line: ". /etc/sysconfig/network-scripts/ifdown-post-{{ lxc_net_bridge }}"
|
||||
insertbefore: "^exit\ 0$"
|
||||
when: ansible_os_family | lower == "redhat"
|
||||
when:
|
||||
- ansible_os_family | lower == "redhat"
|
||||
- ansible_distribution_major_version == "7"
|
||||
notify:
|
||||
- Restart bridge
|
||||
tags:
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
#!/usr/bin/env bash
|
||||
set -e -x
|
||||
|
||||
{{ lxc_cache_prep_pre_commands }}
|
||||
|
||||
{% include 'templates/prep-scripts/_container_sys_setup.sh.j2' %}
|
||||
|
||||
if [[ -d "/etc/pki/rpm-gpg" ]]; then
|
||||
rpm --import /etc/pki/rpm-gpg/* || true
|
||||
fi
|
||||
|
||||
# The containers do not need the LXC repository (only hosts need it).
|
||||
rm -f /etc/yum.repos.d/thm-lxc3.0*
|
||||
|
||||
# Create dnf transaction file and run it all at once
|
||||
echo "update" > /tmp/package-transaction.txt
|
||||
echo "install {{ lxc_cache_distro_packages | join(' ') }}" >> /tmp/package-transaction.txt
|
||||
echo "run" >> /tmp/package-transaction.txt
|
||||
dnf -y shell /tmp/package-transaction.txt
|
||||
rm -f /tmp/package-transaction.txt
|
||||
rm /etc/machine-id || true
|
||||
rm /var/lib/dbus/machine-id || true
|
||||
rm /etc/sysctl.d/* || true
|
||||
echo '' > /etc/sysctl.conf
|
||||
touch /etc/machine-id
|
||||
dnf clean all
|
||||
mkdir -p /var/backup
|
||||
chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
|
||||
|
||||
# Set the IP of the lxcbr0 interface as the DNS server
|
||||
echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf
|
||||
systemctl enable systemd-networkd
|
||||
systemctl enable systemd-resolved
|
||||
|
||||
{{ lxc_cache_prep_post_commands }}
|
|
@ -16,6 +16,9 @@
|
|||
system_config_dir: "/etc/sysconfig"
|
||||
systemd_utils_prefix: "/lib/systemd"
|
||||
|
||||
_lxc_centos_package_baseurl: https://copr-be.cloud.fedoraproject.org/results/thm/lxc2.0/epel-7-x86_64/
|
||||
_lxc_centos_package_key: https://copr-be.cloud.fedoraproject.org/results/thm/lxc2.0/pubkey.gpg
|
||||
|
||||
# Required rpm packages.
|
||||
_lxc_hosts_distro_packages:
|
||||
- aria2
|
||||
|
|
|
@ -0,0 +1,49 @@
|
|||
---
|
||||
# Copyright 2016, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
system_config_dir: "/etc/sysconfig"
|
||||
systemd_utils_prefix: "/lib/systemd"
|
||||
|
||||
_lxc_centos_package_baseurl: "https://download.copr.fedorainfracloud.org/results/thm/lxc3.0/epel-8-$basearch/"
|
||||
_lxc_centos_package_key: "https://download.copr.fedorainfracloud.org/results/thm/lxc3.0/pubkey.gpg"
|
||||
|
||||
# Required rpm packages.
|
||||
_lxc_hosts_distro_packages:
|
||||
- aria2
|
||||
- dbus
|
||||
- dnsmasq
|
||||
- git
|
||||
- iptables
|
||||
- libseccomp
|
||||
- lxc
|
||||
- lxc-devel
|
||||
- lxc-libs
|
||||
- lxc-templates
|
||||
- policycoreutils-python-utils
|
||||
- procps
|
||||
- python3-lxc
|
||||
- systemd-container
|
||||
- unzip
|
||||
- xz
|
||||
|
||||
lxc_xz_bin: xz
|
||||
|
||||
lxc_cached_network_interfaces:
|
||||
- src: "lxc-net-redhat-bridge.cfg.j2"
|
||||
dest: "/etc/sysconfig/network-scripts/ifcfg-{{ lxc_net_bridge }}"
|
||||
- src: "lxc-net-suseredhat-postdown.cfg.j2"
|
||||
dest: "/etc/sysconfig/network-scripts/ifdown-post-{{ lxc_net_bridge }}"
|
||||
mode: "0755"
|
||||
interface: "${DEVICE}"
|
|
@ -0,0 +1,51 @@
|
|||
---
|
||||
# Copyright 2016, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
_lxc_hosts_container_image_url: "https://cloud.centos.org/centos/8/x86_64/images/CentOS-8-Container-8.1.1911-20200113.3-layer.x86_64.tar.xz"
|
||||
|
||||
_lxc_cache_map:
|
||||
distro: centos
|
||||
arch: "{{ lxc_architecture_mapping.get( ansible_architecture ) }}"
|
||||
release: 8
|
||||
copy_from_host:
|
||||
- /etc/default/locale
|
||||
- /etc/environment
|
||||
- /etc/localtime
|
||||
- /etc/locale.conf
|
||||
- /etc/protocols
|
||||
- /etc/pki/rpm-gpg/
|
||||
- /etc/yum/pluginconf.d/fastestmirror.conf
|
||||
- /etc/yum.repos.d/
|
||||
|
||||
_lxc_cache_prep_template: "prep-scripts/centos_8_prep.sh.j2"
|
||||
|
||||
_lxc_cache_distro_packages:
|
||||
- ca-certificates
|
||||
- cronie
|
||||
- gcc
|
||||
- iproute
|
||||
- iputils
|
||||
- openssh-server
|
||||
- openssl
|
||||
- policycoreutils
|
||||
- rsync
|
||||
- setup
|
||||
- sudo
|
||||
- systemd
|
||||
- systemd-networkd
|
||||
- systemd-sysv
|
||||
- tar
|
||||
- wget
|
||||
- which
|
Loading…
Reference in New Issue