Fix lxc_net configuration for CentOS/SUSE

For CentOS/Red Hat and SUSE the network post-up/post-down scripts are configured after the bridge has been brought up, and the handlers have been flushed. We need to configure the post-up and post-down scripts before the restart bridge handler is flushed, so that dnsmasq is configured and running before we attempt to install packages into the container. Change-Id: Ifdb52624ed792665c858b3cdd4eec4b6aa365b1e
2017-09-12 13:14:50 -06:00 · 2017-09-12 13:14:50 -06:00 · eee919ad21
commit eee919ad21
parent 34d182bddf
7 changed files with 50 additions and 114 deletions
--- a/tasks/lxc_install_yum.yml
+++ b/tasks/lxc_install_yum.yml
@ -70,66 +70,6 @@
  tags:
    - lxc-directories

- name: Drop post up script
-  copy:
-    content: |
-      #!/usr/bin/env bash
-      if [ "${DEVICE}" == "{{ lxc_net_bridge }}" ];then
-        if [ "{{ lxc_net_nat }}" == "True" ];then
-          /usr/local/bin/lxc-system-manage iptables-create
-          /usr/local/bin/lxc-system-manage dnsmasq-start || true
-        fi
-      fi
-    dest: "/etc/sysconfig/network-scripts/ifup-post-{{ lxc_net_bridge }}"
-    owner: "root"
-    group: "root"
-    mode: "0755"
-  tags:
-    - lxc-post-up
-    - lxc_hosts-config
-
- name: Drop post down script
-  copy:
-    content: |
-      #!/usr/bin/env bash
-      if [ "${DEVICE}" == "{{ lxc_net_bridge }}" ];then
-        if [ "{{ lxc_net_nat }}" == "True" ];then
-          /usr/local/bin/lxc-system-manage dnsmasq-stop
-          /usr/local/bin/lxc-system-manage iptables-remove
-        fi
-      fi
-    dest: "/etc/sysconfig/network-scripts/ifdown-post-{{ lxc_net_bridge }}"
-    owner: "root"
-    group: "root"
-    mode: "0755"
-  tags:
-    - lxc-post-down
-    - lxc_hosts-config
-
- name: Create networking post-up data
-  lineinfile:
-    dest: "{{ item.dest }}"
-    line: "{{ item.line }}"
-    insertbefore: "^exit\ 0$"
-  with_items:
-    - dest: "/etc/sysconfig/network-scripts/ifup-post"
-      line: ". /etc/sysconfig/network-scripts/ifup-post-{{ lxc_net_bridge }}"
-  tags:
-    - lxc-post-up
-    - lxc_hosts-config
-
- name: Create networking post-down data
-  lineinfile:
-    dest: "{{ item.dest }}"
-    line: "{{ item.line }}"
-    insertbefore: "^exit\ 0$"
-  with_items:
-    - dest: "/etc/sysconfig/network-scripts/ifdown-post"
-      line: ". /etc/sysconfig/network-scripts/ifdown-post-{{ lxc_net_bridge }}"
-  tags:
-    - lxc-post-down
-    - lxc_hosts-config
-
 - name: Enable lxc service
  service:
    name: lxc
--- a/tasks/lxc_install_zypper.yml
+++ b/tasks/lxc_install_zypper.yml
@ -69,42 +69,6 @@
    - lxc-apparmor
    - lxc_hosts-config

- name: Drop post up script
-  copy:
-    content: |
-      #!/usr/bin/env bash
-      if [ "${1}" == "{{ lxc_net_bridge }}" ];then
-        if [ "{{ lxc_net_nat }}" == "True" ];then
-          /usr/local/bin/lxc-system-manage iptables-create
-          /usr/local/bin/lxc-system-manage dnsmasq-start || true
-        fi
-      fi
-    dest: "/etc/sysconfig/network/scripts/ifup-post-{{ lxc_net_bridge }}"
-    owner: "root"
-    group: "root"
-    mode: "0755"
-  tags:
-    - lxc-post-up
-    - lxc_hosts-config
-
- name: Drop post down script
-  copy:
-    content: |
-      #!/usr/bin/env bash
-      if [ "${1}" == "{{ lxc_net_bridge }}" ];then
-        if [ "{{ lxc_net_nat }}" == "True" ];then
-          /usr/local/bin/lxc-system-manage dnsmasq-stop
-          /usr/local/bin/lxc-system-manage iptables-remove
-        fi
-      fi
-    dest: "/etc/sysconfig/network/scripts/ifdown-post-{{ lxc_net_bridge }}"
-    owner: "root"
-    group: "root"
-    mode: "0755"
-  tags:
-    - lxc-post-down
-    - lxc_hosts-config
-
 # NOTE(hwoarang) The newuidmap and newgidmap binaries do not have setuid bit
 # set and that causes lxc-2.X.X to fail. As such, make sure the files have
 # the correct mode.
--- a/tasks/lxc_net.yml
+++ b/tasks/lxc_net.yml
@ -19,10 +19,10 @@
    dest: "{{ item.dest }}"
    owner: "root"
    group: "root"
-    mode: "0644"
+    mode: "{{ item.mode | default('0644') }}"
  with_items: "{{ lxc_cached_network_interfaces }}"
  notify:
-    - Bring bridge up
+    - Restart bridge
  tags:
    - lxc-files
    - lxc-net
@ -47,6 +47,24 @@
    - lxc-bridge
    - lxc-interfaces

+- name: Create networking post-up and post-down data for Red Hat
+  lineinfile:
+    dest: "{{ item.dest }}"
+    line: "{{ item.line }}"
+    insertbefore: "^exit\ 0$"
+  with_items:
+    - dest: "/etc/sysconfig/network-scripts/ifup-post"
+      line: ". /etc/sysconfig/network-scripts/ifup-post-{{ lxc_net_bridge }}"
+    - dest: "/etc/sysconfig/network-scripts/ifdown-post"
+      line: ". /etc/sysconfig/network-scripts/ifdown-post-{{ lxc_net_bridge }}"
+  when: ansible_os_family | lower == "redhat"
+  notify:
+    - Restart bridge
+  tags:
+    - lxc-post-up
+    - lxc-post-down
+    - lxc_hosts-config
+
 # NOTE(mhayden): There are ifup hooks that handle the customized LXC container
 # networking. Starting lxc-net will trample over these hooks and cause
 # networking issues for containers.
@ -80,22 +98,6 @@
    - lxc-net
    - lxc-interfaces

- name: Drop lxc net bridge - Debian
-  template:
-    src: "lxc-net-bridge.cfg.j2"
-    dest: "/etc/network/interfaces.d/lxc-net-bridge.cfg"
-    owner: "root"
-    group: "root"
-    mode: "0644"
-  when:
-    - ansible_os_family == "Debian"
-  notify:
-    - Restart bridge
-  tags:
-    - lxc-files
-    - lxc-net
-    - lxc-bridge
-
 # Check that the container bridge exists, if not bring it up
 - name: Check Container Bridge exists
  file:
--- a/templates/lxc-net-suseredhat-postdown.cfg.j2
+++ b/templates/lxc-net-suseredhat-postdown.cfg.j2
@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+if [ "{{ item.interface }}" == "{{ lxc_net_bridge }}" ];then
+  if [ "{{ lxc_net_nat }}" == "True" ];then
+    /usr/local/bin/lxc-system-manage dnsmasq-stop
+    /usr/local/bin/lxc-system-manage iptables-remove
+  fi
+fi
--- a/templates/lxc-net-suseredhat-postup.cfg.j2
+++ b/templates/lxc-net-suseredhat-postup.cfg.j2
@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+if [ "{{ item.interface }}" == "{{ lxc_net_bridge }}" ];then
+  if [ "{{ lxc_net_nat }}" == "True" ];then
+    /usr/local/bin/lxc-system-manage iptables-create
+    /usr/local/bin/lxc-system-manage dnsmasq-start || true
+  fi
+fi
--- a/vars/redhat-7.yml
+++ b/vars/redhat-7.yml
@ -98,6 +98,14 @@ lxc_cache_distro_packages:
 lxc_cached_network_interfaces:
  - src: "lxc-net-redhat-bridge.cfg.j2"
    dest: "/etc/sysconfig/network-scripts/ifcfg-{{ lxc_net_bridge }}"
+  - src: "lxc-net-suseredhat-postup.cfg.j2"
+    dest: "/etc/sysconfig/network-scripts/ifup-post-{{ lxc_net_bridge }}"
+    mode: "0755"
+    interface: "${DEVICE}"
+  - src: "lxc-net-suseredhat-postdown.cfg.j2"
+    dest: "/etc/sysconfig/network-scripts/ifdown-post-{{ lxc_net_bridge }}"
+    mode: "0755"
+    interface: "${DEVICE}"

 lxc_container_default_interfaces: |
  DEVICE=eth0
--- a/vars/suse-42.yml
+++ b/vars/suse-42.yml
@ -101,6 +101,14 @@ lxc_cache_distro_packages:
 lxc_cached_network_interfaces:
  - src: "lxc-net-suse-bridge.cfg.j2"
    dest: "/etc/sysconfig/network/ifcfg-{{ lxc_net_bridge }}"
+  - src: "lxc-net-suseredhat-postup.cfg.j2"
+    dest: "/etc/sysconfig/network/scripts/ifup-post-{{ lxc_net_bridge }}"
+    mode: "0755"
+    interface: "${1}"
+  - src: "lxc-net-suseredhat-postdown.cfg.j2"
+    dest: "/etc/sysconfig/network/scripts/ifdown-post-{{ lxc_net_bridge }}"
+    mode: "0755"
+    interface: "${1}"

 lxc_container_default_interfaces: |
  STARTMODE=auto