openstack/openstack-ansible-lxc_hosts
Code Issues Proposed changes

Fix lxc_net configuration for CentOS/SUSE

Browse Source 
For CentOS/Red Hat and SUSE the network post-up/post-down scripts are
configured after the bridge has been brought up, and the handlers have
been flushed.

We need to configure the post-up and post-down scripts before the
restart bridge handler is flushed, so that dnsmasq is configured and
running before we attempt to install packages into the container.

Change-Id: Ifdb52624ed792665c858b3cdd4eec4b6aa365b1e
This commit is contained in:
Andy McCrae 2017-09-12 13:14:50 -06:00
parent 34d182bddf
commit eee919ad21
7 changed files with 50 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
tasks/lxc_install_yum.yml
View File

@ -70,66 +70,6 @@
tags: tags:
- lxc-directories - lxc-directories
- name: Drop post up script
copy:
content: |
#!/usr/bin/env bash
if [ "${DEVICE}" == "{{ lxc_net_bridge }}" ];then
if [ "{{ lxc_net_nat }}" == "True" ];then
/usr/local/bin/lxc-system-manage iptables-create
/usr/local/bin/lxc-system-manage dnsmasq-start || true
fi
fi
dest: "/etc/sysconfig/network-scripts/ifup-post-{{ lxc_net_bridge }}"
owner: "root"
group: "root"
mode: "0755"
tags:
- lxc-post-up
- lxc_hosts-config
- name: Drop post down script
copy:
content: |
#!/usr/bin/env bash
if [ "${DEVICE}" == "{{ lxc_net_bridge }}" ];then
if [ "{{ lxc_net_nat }}" == "True" ];then
/usr/local/bin/lxc-system-manage dnsmasq-stop
/usr/local/bin/lxc-system-manage iptables-remove
fi
fi
dest: "/etc/sysconfig/network-scripts/ifdown-post-{{ lxc_net_bridge }}"
owner: "root"
group: "root"
mode: "0755"
tags:
- lxc-post-down
- lxc_hosts-config
- name: Create networking post-up data
lineinfile:
dest: "{{ item.dest }}"
line: "{{ item.line }}"
insertbefore: "^exit\ 0$"
with_items:
- dest: "/etc/sysconfig/network-scripts/ifup-post"
line: ". /etc/sysconfig/network-scripts/ifup-post-{{ lxc_net_bridge }}"
tags:
- lxc-post-up
- lxc_hosts-config
- name: Create networking post-down data
lineinfile:
dest: "{{ item.dest }}"
line: "{{ item.line }}"
insertbefore: "^exit\ 0$"
with_items:
- dest: "/etc/sysconfig/network-scripts/ifdown-post"
line: ". /etc/sysconfig/network-scripts/ifdown-post-{{ lxc_net_bridge }}"
tags:
- lxc-post-down
- lxc_hosts-config
- name: Enable lxc service - name: Enable lxc service
service: service:
name: lxc name: lxc

36
tasks/lxc_install_zypper.yml
View File

@ -69,42 +69,6 @@
- lxc-apparmor - lxc-apparmor
- lxc_hosts-config - lxc_hosts-config
- name: Drop post up script
copy:
content: |
#!/usr/bin/env bash
if [ "${1}" == "{{ lxc_net_bridge }}" ];then
if [ "{{ lxc_net_nat }}" == "True" ];then
/usr/local/bin/lxc-system-manage iptables-create
/usr/local/bin/lxc-system-manage dnsmasq-start || true
fi
fi
dest: "/etc/sysconfig/network/scripts/ifup-post-{{ lxc_net_bridge }}"
owner: "root"
group: "root"
mode: "0755"
tags:
- lxc-post-up
- lxc_hosts-config
- name: Drop post down script
copy:
content: |
#!/usr/bin/env bash
if [ "${1}" == "{{ lxc_net_bridge }}" ];then
if [ "{{ lxc_net_nat }}" == "True" ];then
/usr/local/bin/lxc-system-manage dnsmasq-stop
/usr/local/bin/lxc-system-manage iptables-remove
fi
fi
dest: "/etc/sysconfig/network/scripts/ifdown-post-{{ lxc_net_bridge }}"
owner: "root"
group: "root"
mode: "0755"
tags:
- lxc-post-down
- lxc_hosts-config
# NOTE(hwoarang) The newuidmap and newgidmap binaries do not have setuid bit # NOTE(hwoarang) The newuidmap and newgidmap binaries do not have setuid bit
# set and that causes lxc-2.X.X to fail. As such, make sure the files have # set and that causes lxc-2.X.X to fail. As such, make sure the files have
# the correct mode. # the correct mode.

38
tasks/lxc_net.yml
View File

@ -19,10 +19,10 @@
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
owner: "root" owner: "root"
group: "root" group: "root"
mode: "0644" mode: "{{ item.mode | default('0644') }}"
with_items: "{{ lxc_cached_network_interfaces }}" with_items: "{{ lxc_cached_network_interfaces }}"
notify: notify:
- Bring bridge up - Restart bridge
tags: tags:
- lxc-files - lxc-files
- lxc-net - lxc-net
@ -47,6 +47,24 @@
- lxc-bridge - lxc-bridge
- lxc-interfaces - lxc-interfaces
- name: Create networking post-up and post-down data for Red Hat
lineinfile:
dest: "{{ item.dest }}"
line: "{{ item.line }}"
insertbefore: "^exit\ 0$"
with_items:
- dest: "/etc/sysconfig/network-scripts/ifup-post"
line: ". /etc/sysconfig/network-scripts/ifup-post-{{ lxc_net_bridge }}"
- dest: "/etc/sysconfig/network-scripts/ifdown-post"
line: ". /etc/sysconfig/network-scripts/ifdown-post-{{ lxc_net_bridge }}"
when: ansible_os_family | lower == "redhat"
notify:
- Restart bridge
tags:
- lxc-post-up
- lxc-post-down
- lxc_hosts-config
# NOTE(mhayden): There are ifup hooks that handle the customized LXC container # NOTE(mhayden): There are ifup hooks that handle the customized LXC container
# networking. Starting lxc-net will trample over these hooks and cause # networking. Starting lxc-net will trample over these hooks and cause
# networking issues for containers. # networking issues for containers.
@ -80,22 +98,6 @@
- lxc-net - lxc-net
- lxc-interfaces - lxc-interfaces
- name: Drop lxc net bridge - Debian
template:
src: "lxc-net-bridge.cfg.j2"
dest: "/etc/network/interfaces.d/lxc-net-bridge.cfg"
owner: "root"
group: "root"
mode: "0644"
when:
- ansible_os_family == "Debian"
notify:
- Restart bridge
tags:
- lxc-files
- lxc-net
- lxc-bridge
# Check that the container bridge exists, if not bring it up # Check that the container bridge exists, if not bring it up
- name: Check Container Bridge exists - name: Check Container Bridge exists
file: file:

7
templates/lxc-net-suseredhat-postdown.cfg.j2 Normal file
View File

@ -0,0 +1,7 @@
#!/usr/bin/env bash
if [ "{{ item.interface }}" == "{{ lxc_net_bridge }}" ];then
if [ "{{ lxc_net_nat }}" == "True" ];then
/usr/local/bin/lxc-system-manage dnsmasq-stop
/usr/local/bin/lxc-system-manage iptables-remove
fi
fi

7
templates/lxc-net-suseredhat-postup.cfg.j2 Normal file
View File

@ -0,0 +1,7 @@
#!/usr/bin/env bash
if [ "{{ item.interface }}" == "{{ lxc_net_bridge }}" ];then
if [ "{{ lxc_net_nat }}" == "True" ];then
/usr/local/bin/lxc-system-manage iptables-create
/usr/local/bin/lxc-system-manage dnsmasq-start || true
fi
fi

8
vars/redhat-7.yml
View File

@ -98,6 +98,14 @@ lxc_cache_distro_packages:
lxc_cached_network_interfaces: lxc_cached_network_interfaces:
- src: "lxc-net-redhat-bridge.cfg.j2" - src: "lxc-net-redhat-bridge.cfg.j2"
dest: "/etc/sysconfig/network-scripts/ifcfg-{{ lxc_net_bridge }}" dest: "/etc/sysconfig/network-scripts/ifcfg-{{ lxc_net_bridge }}"
- src: "lxc-net-suseredhat-postup.cfg.j2"
dest: "/etc/sysconfig/network-scripts/ifup-post-{{ lxc_net_bridge }}"
mode: "0755"
interface: "${DEVICE}"
- src: "lxc-net-suseredhat-postdown.cfg.j2"
dest: "/etc/sysconfig/network-scripts/ifdown-post-{{ lxc_net_bridge }}"
mode: "0755"
interface: "${DEVICE}"
lxc_container_default_interfaces: | lxc_container_default_interfaces: |
DEVICE=eth0 DEVICE=eth0

8
vars/suse-42.yml
View File

@ -101,6 +101,14 @@ lxc_cache_distro_packages:
lxc_cached_network_interfaces: lxc_cached_network_interfaces:
- src: "lxc-net-suse-bridge.cfg.j2" - src: "lxc-net-suse-bridge.cfg.j2"
dest: "/etc/sysconfig/network/ifcfg-{{ lxc_net_bridge }}" dest: "/etc/sysconfig/network/ifcfg-{{ lxc_net_bridge }}"
- src: "lxc-net-suseredhat-postup.cfg.j2"
dest: "/etc/sysconfig/network/scripts/ifup-post-{{ lxc_net_bridge }}"
mode: "0755"
interface: "${1}"
- src: "lxc-net-suseredhat-postdown.cfg.j2"
dest: "/etc/sysconfig/network/scripts/ifdown-post-{{ lxc_net_bridge }}"
mode: "0755"
interface: "${1}"
lxc_container_default_interfaces: | lxc_container_default_interfaces: |
STARTMODE=auto STARTMODE=auto