Changed for lxc-host setup/build for multi-distro
This change updates the lxc-host setup role to build the lxc cache using the download template based on default images found here:[0]. These images are upsteam builds from the greater LXC/D community. This update adds support for Ubuntu 14.04, 16.04 and RHEL/CentOS 7 container types and the cache will be generated from the host Operating system. [0] - https://images.linuxcontainers.org/ Change-Id: Ie13be2322d28178760481c59805101d6aeef4f36 Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk> Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
parent
ac3e8d95ce
commit
f5542103b3
@ -15,7 +15,7 @@
|
|||||||
|
|
||||||
# lxc container rootfs directory and cache path
|
# lxc container rootfs directory and cache path
|
||||||
lxc_container_directory: "/var/lib/lxc"
|
lxc_container_directory: "/var/lib/lxc"
|
||||||
lxc_container_cache_path: "/var/cache/lxc"
|
lxc_container_cache_path: "/var/cache/lxc/download"
|
||||||
|
|
||||||
# lxc container net network
|
# lxc container net network
|
||||||
lxc_net_bridge: lxcbr0
|
lxc_net_bridge: lxcbr0
|
||||||
@ -44,16 +44,6 @@ lxc_container_net_name: eth0 ## name of the interface inside the container.
|
|||||||
lxc_kernel_options:
|
lxc_kernel_options:
|
||||||
- { key: 'fs.inotify.max_user_instances', value: 1024 }
|
- { key: 'fs.inotify.max_user_instances', value: 1024 }
|
||||||
|
|
||||||
# Default image to build from
|
|
||||||
lxc_container_user_password: "{{ lookup('pipe', 'date --rfc-3339=ns | sha512sum | base64 | head -c 32') }}"
|
|
||||||
lxc_container_template_options: >
|
|
||||||
--release {{ lxc_container_release }}
|
|
||||||
--user {{ lxc_container_user_name }}
|
|
||||||
--password {{ lxc_container_user_password }}
|
|
||||||
|
|
||||||
# Set this boolean value to remove any previously prepared base image
|
|
||||||
lxc_container_base_delete: no
|
|
||||||
|
|
||||||
lxc_pip_packages:
|
lxc_pip_packages:
|
||||||
- lxc-python2
|
- lxc-python2
|
||||||
|
|
||||||
@ -68,16 +58,8 @@ lxc_cache_sshd_configuration:
|
|||||||
- { regexp: "^X11Forwarding", line: "X11Forwarding no" }
|
- { regexp: "^X11Forwarding", line: "X11Forwarding no" }
|
||||||
- { regexp: "^PasswordAuthentication", line: "PasswordAuthentication no" }
|
- { regexp: "^PasswordAuthentication", line: "PasswordAuthentication no" }
|
||||||
|
|
||||||
# Validate Certificates when downloading lxc_container_caches.
|
# The compression ratio used when creating the container cache rootfs archive
|
||||||
# May be set to "no" when proxy server is intercepting the certificates.
|
lxc_image_compression_ratio: 0
|
||||||
lxc_cache_validate_certs: "yes"
|
|
||||||
|
|
||||||
# Prebuilt images to deploy onto hosts for use in containers.
|
|
||||||
# lxc_container_caches:
|
|
||||||
# - url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz"
|
|
||||||
# name: "trusty.tgz"
|
|
||||||
# sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c"
|
|
||||||
# chroot_path: trusty/rootfs-amd64
|
|
||||||
|
|
||||||
# A list of files may be copied into the container image cache during its preparation.
|
# A list of files may be copied into the container image cache during its preparation.
|
||||||
# Example:
|
# Example:
|
||||||
@ -85,3 +67,22 @@ lxc_cache_validate_certs: "yes"
|
|||||||
# - src: "/etc/openstack_deploy/files/etc/issue"
|
# - src: "/etc/openstack_deploy/files/etc/issue"
|
||||||
# dest: "/etc/issue"
|
# dest: "/etc/issue"
|
||||||
lxc_container_cache_files: []
|
lxc_container_cache_files: []
|
||||||
|
|
||||||
|
lxc_image_cache_server: images.linuxcontainers.org
|
||||||
|
|
||||||
|
## Default download template options
|
||||||
|
## This can be customized to use a local build server and options.
|
||||||
|
## By default these options will be fulfilled by the distro specific
|
||||||
|
## variable files found in vars/
|
||||||
|
# lxc_cache_download_template_options: >
|
||||||
|
# --dist NAME_OF_DISTRO
|
||||||
|
# --release DISTRO_RELEASE
|
||||||
|
# --arch CONTAINER_ARCH
|
||||||
|
# --force-cache
|
||||||
|
# --server SERVER_TO_GET_IMAGES_FROM
|
||||||
|
lxc_cache_download_template_options: >
|
||||||
|
--dist {{ lxc_cache_map.distro }}
|
||||||
|
--release {{ lxc_cache_map.release }}
|
||||||
|
--arch {{ lxc_cache_map.arch }}
|
||||||
|
--force-cache
|
||||||
|
--server {{ lxc_image_cache_server }}
|
||||||
|
44
files/lxc-veth-check.sh
Normal file
44
files/lxc-veth-check.sh
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
# This is a very simple script to search a host for containers that have veth pairs that are not
|
||||||
|
# plugged into a given bridge. This can happen for a number of reasons however the most common
|
||||||
|
# one is due to a physical network interface being bounced which severs the containers connection
|
||||||
|
# to that interface. This script will identify container veth pairs. If any of the container veth
|
||||||
|
# devices are missing a master the script will attempt to locate the containers network information
|
||||||
|
# and connect the broken network link.
|
||||||
|
|
||||||
|
# Do a simple lxc command check, if the client errors assume its not installed or ready and return 0
|
||||||
|
lxc-ls --version || exit 0
|
||||||
|
|
||||||
|
# Set the default script exit status
|
||||||
|
exit_status=0
|
||||||
|
# List all containers
|
||||||
|
for container in $(lxc-ls); do
|
||||||
|
# List Links for the containers
|
||||||
|
for net_info in $(lxc-info -n "${container}" | awk '/Link/ {print $2}'); do
|
||||||
|
# If the link information is a veth and does not have a "master" continue
|
||||||
|
if ! ip -o -d link show "${net_info}" | grep veth | grep -q master; then
|
||||||
|
# Search for the interface file that contains the veth
|
||||||
|
lxc_interface_file=$(grep -l "${net_info}" /var/lib/lxc/${container}/{config,*.ini} | head -n 1)
|
||||||
|
# If an interface file is found continue
|
||||||
|
if [ ! -z "${lxc_interface_file}" ];then
|
||||||
|
# Get the first network link line from the lxc configuration file
|
||||||
|
veth_bridge_line=$(grep -hA10 ${net_info} "${lxc_interface_file}" | grep lxc.network.link | head -n 1)
|
||||||
|
# If a network interface file has a link entry continue
|
||||||
|
if [ ! -z "${veth_bridge_line}" ];then
|
||||||
|
# get the link name
|
||||||
|
veth_bridge=$(echo "${veth_bridge_line}" | awk -F'=' '{print $2}' | sed 's/\s//g')
|
||||||
|
# Plug the veth into the link
|
||||||
|
ip link set "${net_info}" master "${veth_bridge}"
|
||||||
|
echo "container ${container} had a broken veth ${net_info} not being plugged into "${veth_bridge}": this issue is now resolved"
|
||||||
|
else
|
||||||
|
# Notify the user that the issues can not be automatically fixed for a given container and veth
|
||||||
|
echo "container ${container} has a broken veth ${net_info} and an automated fix can not be found"
|
||||||
|
# Because of the inability to resolve the issue automatically set the exit_status to failure
|
||||||
|
exit_status=99
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
done
|
||||||
|
exit "$exit_status"
|
@ -31,5 +31,23 @@
|
|||||||
pattern: "irqbalance"
|
pattern: "irqbalance"
|
||||||
enabled: "yes"
|
enabled: "yes"
|
||||||
|
|
||||||
|
- name: Restart bridge
|
||||||
|
shell: "ifdown {{ lxc_net_bridge }} || true"
|
||||||
|
notify:
|
||||||
|
- Bring bridge up
|
||||||
|
- Veth check
|
||||||
|
|
||||||
- name: Bring bridge up
|
- name: Bring bridge up
|
||||||
command: "ifup {{ lxc_net_bridge }}"
|
command: "ifup {{ lxc_net_bridge }}"
|
||||||
|
|
||||||
|
- name: Veth check
|
||||||
|
command: "/usr/local/bin/lxc-veth-check"
|
||||||
|
|
||||||
|
- name: Destroy base container
|
||||||
|
lxc_container:
|
||||||
|
name: "cache-{{ lxc_cache_map.distro }}"
|
||||||
|
state: absent
|
||||||
|
register: cache_destroy
|
||||||
|
retries: 3
|
||||||
|
delay: 10
|
||||||
|
until: cache_destroy|success
|
||||||
|
22
manual-test.rc
Normal file
22
manual-test.rc
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
export VIRTUAL_ENV=$(pwd)
|
||||||
|
export ANSIBLE_HOST_KEY_CHECKING=False
|
||||||
|
export ANSIBLE_SSH_CONTROL_PATH=/tmp/%%h-%%r
|
||||||
|
|
||||||
|
# TODO (odyssey4me) These are only here as they are non-standard folder
|
||||||
|
# names for Ansible 1.9.x. We are using the standard folder names for
|
||||||
|
# Ansible v2.x. We can remove this when we move to Ansible 2.x.
|
||||||
|
export ANSIBLE_ACTION_PLUGINS=${HOME}/.ansible/plugins/action
|
||||||
|
export ANSIBLE_CALLBACK_PLUGINS=${HOME}/.ansible/plugins/callback
|
||||||
|
export ANSIBLE_FILTER_PLUGINS=${HOME}/.ansible/plugins/filter
|
||||||
|
export ANSIBLE_LOOKUP_PLUGINS=${HOME}/.ansible/plugins/lookup
|
||||||
|
|
||||||
|
# This is required as the default is the current path or a path specified
|
||||||
|
# in ansible.cfg
|
||||||
|
export ANSIBLE_LIBRARY=${HOME}/.ansible/plugins/library
|
||||||
|
|
||||||
|
# This is required as the default is '/etc/ansible/roles' or a path
|
||||||
|
# specified in ansible.cfg
|
||||||
|
export ANSIBLE_ROLES_PATH=${HOME}/.ansible/roles:$(pwd)/..
|
||||||
|
|
||||||
|
echo "Run manual functional tests by executing the following:"
|
||||||
|
echo "# ./.tox/functional/bin/ansible-playbook -i tests/inventory tests/test.yml -e \"rolename=$(pwd)\""
|
@ -18,11 +18,15 @@ galaxy_info:
|
|||||||
description: Deployment of LXC hosts for use in Rackspace Private Cloud
|
description: Deployment of LXC hosts for use in Rackspace Private Cloud
|
||||||
company: Rackspace
|
company: Rackspace
|
||||||
license: Apache2
|
license: Apache2
|
||||||
min_ansible_version: 1.6.6
|
min_ansible_version: 1.9.4
|
||||||
platforms:
|
platforms:
|
||||||
- name: Ubuntu
|
- name: Ubuntu
|
||||||
versions:
|
versions:
|
||||||
- trusty
|
- trusty
|
||||||
|
- xenial
|
||||||
|
- name: EL
|
||||||
|
versions:
|
||||||
|
- 7
|
||||||
categories:
|
categories:
|
||||||
- cloud
|
- cloud
|
||||||
- lxc
|
- lxc
|
||||||
|
@ -14,7 +14,13 @@
|
|||||||
# TODO(odyssey4me) remove this once https://review.openstack.org/288634 has merged
|
# TODO(odyssey4me) remove this once https://review.openstack.org/288634 has merged
|
||||||
# and the disk images are rebuilt and redeployed.
|
# and the disk images are rebuilt and redeployed.
|
||||||
curl
|
curl
|
||||||
|
wget
|
||||||
|
|
||||||
# Requirements for Paramiko 2.0
|
# Requirements for Paramiko 2.0
|
||||||
libssl-dev
|
libssl-dev [platform:dpkg]
|
||||||
libffi-dev
|
libffi-dev [platform:dpkg]
|
||||||
|
libffi-devel [platform:rpm]
|
||||||
|
openssl-devel [platform:rpm]
|
||||||
|
|
||||||
|
# For selinux
|
||||||
|
libselinux-python [platform:rpm]
|
||||||
|
@ -0,0 +1,29 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- The ``lxc_host`` cache prep has been updated to use the LXC download
|
||||||
|
template. This removes the last remaining dependency the project has on
|
||||||
|
the `rpc-trusty-container.tgz image <http://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz>`_.
|
||||||
|
- The ``lxc_host`` role will build lxc cache using the download
|
||||||
|
template built from `images found here <https://images.linuxcontainers.org>`_.
|
||||||
|
These images are upstream builds from the greater LXC/D community.
|
||||||
|
- The ``lxc_host`` role introduces support for CentOS 7 and Ubuntu 16.04
|
||||||
|
container types.
|
||||||
|
upgrade:
|
||||||
|
- The ``lxc_host`` role no longer uses the distro specific lxc container
|
||||||
|
create template.
|
||||||
|
- |
|
||||||
|
The following variable changes have been made in the ``lxc_host`` role:
|
||||||
|
|
||||||
|
* **lxc_container_user_password**: Removed because the default lxc
|
||||||
|
container user is no longer created by the lxc container template.
|
||||||
|
* **lxc_container_template_options**: This option was renamed to
|
||||||
|
*lxc_cache_download_template_options*. The deprecation filter was not
|
||||||
|
used because the values provided from this option have been
|
||||||
|
fundamentally changed and potentially old overrides will cause
|
||||||
|
problems.
|
||||||
|
* **lxc_container_base_delete**: Removed because the cache will be
|
||||||
|
refreshed upon role execution.
|
||||||
|
* **lxc_cache_validate_certs**: Removed because the Ansible ``get_url``
|
||||||
|
module is no longer used.
|
||||||
|
* **lxc_container_caches**: Removed because the container create process
|
||||||
|
will build a cached image based on the host OS.
|
10
run_tests.sh
10
run_tests.sh
@ -19,7 +19,11 @@ FUNCTIONAL_TEST=${FUNCTIONAL_TEST:-true}
|
|||||||
|
|
||||||
# prep the host
|
# prep the host
|
||||||
if [ "$(which apt-get)" ]; then
|
if [ "$(which apt-get)" ]; then
|
||||||
apt-get install -y build-essential python2.7 python-dev git-core libssl-dev libffi-dev
|
apt-get update && apt-get install -y build-essential python2.7 python-dev git-core libffi-dev libssl-dev
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$(which yum)" ]; then
|
||||||
|
yum install -y '@Development Tools' python-devel git libffi-devel openssl-devel
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# get pip, if necessary
|
# get pip, if necessary
|
||||||
@ -33,9 +37,9 @@ pip install tox
|
|||||||
|
|
||||||
# run through each tox env and execute the test
|
# run through each tox env and execute the test
|
||||||
for tox_env in $(awk -F= '/envlist/ {print $2}' tox.ini | sed 's/,/ /g'); do
|
for tox_env in $(awk -F= '/envlist/ {print $2}' tox.ini | sed 's/,/ /g'); do
|
||||||
if [ "${tox_env}" != "ansible-functional" ]; then
|
if [ "${tox_env}" != "functional" ]; then
|
||||||
tox -e ${tox_env}
|
tox -e ${tox_env}
|
||||||
elif [ "${tox_env}" == "ansible-functional" ]; then
|
elif [ "${tox_env}" == "functional" ]; then
|
||||||
if ${FUNCTIONAL_TEST}; then
|
if ${FUNCTIONAL_TEST}; then
|
||||||
tox -e ${tox_env}
|
tox -e ${tox_env}
|
||||||
fi
|
fi
|
||||||
|
@ -13,57 +13,20 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
# TODO(odyssey4me)
|
- name: Create container
|
||||||
# Ansible 1.9x only actually checks whether there's a local file - it never
|
lxc_container:
|
||||||
# checks whether the local file matches the given sha256sum. Ansible 2.x
|
name: "cache-{{ lxc_cache_map.distro }}"
|
||||||
# fixes this, so once we move to Ansible 2.x we can pass this a sha256sum
|
template: "download"
|
||||||
# which will:
|
state: stopped
|
||||||
# a) allow us to remove force: yes
|
backing_store: "dir"
|
||||||
# b) allow the module to calculate the checksum of dest file which would
|
template_options: "{{ lxc_cache_download_template_options }}"
|
||||||
# result in file being downloaded only if provided and dest sha256sum
|
|
||||||
# checksums differ
|
|
||||||
# Currently 'force:yes' will always download the file, then do a sha256sum
|
|
||||||
# comparison between the downloaded file and the existing file, then replace
|
|
||||||
# the existing file if it doesn't match.
|
|
||||||
|
|
||||||
- name: Download lxc cache(s)
|
|
||||||
get_url:
|
|
||||||
url: "{{ item.url }}"
|
|
||||||
dest: "/var/cache/lxc_{{ item.name }}"
|
|
||||||
mode: "0644"
|
|
||||||
force: yes
|
|
||||||
sha256sum: "{{ item.sha256sum }}"
|
|
||||||
validate_certs: "{{ lxc_cache_validate_certs }}"
|
|
||||||
register: cache_download
|
register: cache_download
|
||||||
retries: 3
|
retries: 3
|
||||||
delay: 10
|
delay: 10
|
||||||
until: cache_download | success
|
until: cache_download|success
|
||||||
with_items: lxc_container_caches
|
|
||||||
tags:
|
tags:
|
||||||
- lxc-cache
|
- lxc-cache
|
||||||
- lxc-cache-download
|
- lxc-cache-download
|
||||||
|
|
||||||
- name: Remove existing lxc cached images
|
- include: lxc_cache_preparation.yml
|
||||||
file:
|
- include: lxc_cache_create.yml
|
||||||
path: "{{ lxc_container_cache_path }}/{{ item.chroot_path }}"
|
|
||||||
state: absent
|
|
||||||
with_items: lxc_container_caches
|
|
||||||
when: >
|
|
||||||
cache_download | changed or
|
|
||||||
lxc_container_base_delete | bool
|
|
||||||
tags:
|
|
||||||
- lxc-cache
|
|
||||||
- lxc-cache-existing-remove
|
|
||||||
|
|
||||||
- name: Move lxc cached image into place
|
|
||||||
unarchive:
|
|
||||||
src: "/var/cache/lxc_{{ item.name }}"
|
|
||||||
dest: "{{ lxc_container_cache_path }}/"
|
|
||||||
copy: "no"
|
|
||||||
with_items: lxc_container_caches
|
|
||||||
when: >
|
|
||||||
cache_download | changed or
|
|
||||||
lxc_container_base_delete | bool
|
|
||||||
tags:
|
|
||||||
- lxc-cache
|
|
||||||
- lxc-cache-unarchive
|
|
||||||
|
36
tasks/lxc_cache_create.yml
Normal file
36
tasks/lxc_cache_create.yml
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Create lxc image
|
||||||
|
shell: |
|
||||||
|
rm {{ lxc_container_cache_path }}/{{ lxc_cache_map.distro }}/{{ lxc_cache_map.release }}/{{ lxc_cache_map.arch }}/default/rootfs.tar.xz
|
||||||
|
tar -Opc -C /var/lib/lxc/cache-{{ lxc_cache_map.distro }}/rootfs . | xz -{{ lxc_image_compression_ratio }} -c - > rootfs.tar.xz
|
||||||
|
args:
|
||||||
|
chdir: "{{ lxc_container_cache_path }}/{{ lxc_cache_map.distro }}/{{ lxc_cache_map.release }}/{{ lxc_cache_map.arch }}/default/"
|
||||||
|
notify: Destroy base container
|
||||||
|
tags:
|
||||||
|
- lxc-cache
|
||||||
|
- lxc-image-cache-create
|
||||||
|
|
||||||
|
# TODO(cloudnull) This should be removed just as soon as the lxc-container create
|
||||||
|
# play supports using the download template instead of the distro specific one.
|
||||||
|
- name: Create LEGACY LXC container cache
|
||||||
|
shell: |
|
||||||
|
mkdir -p /var/cache/lxc/{{ lxc_cache_map.release }}
|
||||||
|
cp -R /var/lib/lxc/cache-{{ lxc_cache_map.distro }}/rootfs /var/cache/lxc/{{ lxc_cache_map.release }}/rootfs-amd64
|
||||||
|
notify: Destroy base container
|
||||||
|
tags:
|
||||||
|
- lxc-cache
|
||||||
|
- lxc-legacy-image-cache-create
|
@ -15,89 +15,93 @@
|
|||||||
|
|
||||||
- name: Copy files from deployment host to the container cache
|
- name: Copy files from deployment host to the container cache
|
||||||
copy:
|
copy:
|
||||||
src: "{{ item[1].src }}"
|
src: "{{ item.src }}"
|
||||||
dest: "{{ lxc_container_cache_path }}/{{ item[0].chroot_path }}/{{ item[1].dest }}"
|
dest: "/var/lib/lxc/cache-{{ lxc_cache_map.distro }}/rootfs{{ item.dest }}"
|
||||||
owner: "{{ item[1].owner | default('root') }}"
|
owner: "{{ item.owner | default('root') }}"
|
||||||
group: "{{ item[1].group | default('root') }}"
|
group: "{{ item.group | default('root') }}"
|
||||||
mode: "{{ item[1].mode | default('644') }}"
|
mode: "{{ item.mode | default('644') }}"
|
||||||
with_nested:
|
with_items: lxc_container_cache_files
|
||||||
- lxc_container_caches
|
|
||||||
- lxc_container_cache_files
|
|
||||||
tags:
|
tags:
|
||||||
- lxc-cache
|
- lxc-cache
|
||||||
- lxc-cache-copy-files
|
- lxc-cache-copy-files
|
||||||
|
|
||||||
- name: Create apt repos in the cached container
|
- name: Cached image preparation script
|
||||||
template:
|
|
||||||
src: sources.list.j2
|
|
||||||
dest: "{{ lxc_container_cache_path }}/{{ item.chroot_path }}/etc/apt/sources.list"
|
|
||||||
with_items: lxc_container_caches
|
|
||||||
tags:
|
|
||||||
- lxc-cache
|
|
||||||
- lxc-cache-update
|
|
||||||
|
|
||||||
- name: Update container resolvers
|
|
||||||
template:
|
|
||||||
src: lxc-resolve-base.j2
|
|
||||||
dest: "{{ lxc_container_cache_path }}/{{ item.chroot_path }}/run/resolvconf/resolv.conf"
|
|
||||||
with_items: lxc_container_caches
|
|
||||||
tags:
|
|
||||||
- lxc-cache
|
|
||||||
- lxc-cache-update
|
|
||||||
|
|
||||||
- name: Update container resolvconf base
|
|
||||||
template:
|
|
||||||
src: lxc-resolve-base.j2
|
|
||||||
dest: "{{ lxc_container_cache_path }}/{{ item.chroot_path }}/etc/resolvconf/resolv.conf.d/base"
|
|
||||||
with_items: lxc_container_caches
|
|
||||||
tags:
|
|
||||||
- lxc-cache
|
|
||||||
- lxc-cache-update
|
|
||||||
|
|
||||||
- name: Update container resolvconf tail
|
|
||||||
copy:
|
copy:
|
||||||
content: "# Null Tail"
|
content: |
|
||||||
dest: "{{ lxc_container_cache_path }}/{{ item.chroot_path }}/etc/resolvconf/resolv.conf.d/tail"
|
#!/usr/bin/env bash
|
||||||
with_items: lxc_container_caches
|
set -x
|
||||||
tags:
|
{{ lxc_cache_map.cache_base_commands }}
|
||||||
- lxc-cache
|
dest: "/var/lib/lxc/cache-{{ lxc_cache_map.distro }}/rootfs/usr/local/bin/cache-prep-commands.sh"
|
||||||
- lxc-cache-update
|
mode: "0755"
|
||||||
|
|
||||||
- name: Update container resolvconf original
|
|
||||||
copy:
|
|
||||||
content: "# Null original"
|
|
||||||
dest: "{{ lxc_container_cache_path }}/{{ item.chroot_path }}/etc/resolvconf/resolv.conf.d/original"
|
|
||||||
with_items: lxc_container_caches
|
|
||||||
tags:
|
tags:
|
||||||
- lxc-cache
|
- lxc-cache
|
||||||
- lxc-cache-update
|
- lxc-cache-update
|
||||||
|
|
||||||
# This task runs several commands against the cached image to speed up the
|
# This task runs several commands against the cached image to speed up the
|
||||||
# lxc_container_create playbook.
|
# lxc_container_create playbook.
|
||||||
- name: Prepare cached image
|
- name: Prepare cached image setup commands
|
||||||
command: "chroot {{ lxc_container_cache_path }}/{{ item[0].chroot_path }} {{ item[1] }}"
|
command: "chroot /var/lib/lxc/cache-{{ lxc_cache_map.distro }}/rootfs /usr/local/bin/cache-prep-commands.sh"
|
||||||
with_nested:
|
tags:
|
||||||
- lxc_container_caches
|
- lxc-cache
|
||||||
- lxc_cache_commands
|
- lxc-cache-update
|
||||||
when: cache_download|changed
|
|
||||||
|
- name: Create repos in the cached container
|
||||||
|
copy:
|
||||||
|
content: "{{ item.value }}"
|
||||||
|
dest: "/var/lib/lxc/cache-{{ lxc_cache_map.distro }}/rootfs{{ item.key }}"
|
||||||
|
with_dict: lxc_cache_map.repos
|
||||||
|
tags:
|
||||||
|
- lxc-cache
|
||||||
|
- lxc-cache-update
|
||||||
|
|
||||||
|
- name: Copy cached image preparation package script into the target
|
||||||
|
copy:
|
||||||
|
content: |
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
set -x
|
||||||
|
{{ lxc_cache_install_command }} {{ lxc_cache_map.cache_packages | join(' ') }}
|
||||||
|
dest: "/var/lib/lxc/cache-{{ lxc_cache_map.distro }}/rootfs/usr/local/bin/cache-package-prep-commands.sh"
|
||||||
|
mode: "0755"
|
||||||
|
tags:
|
||||||
|
- lxc-cache
|
||||||
|
- lxc-cache-update
|
||||||
|
|
||||||
|
- name: Prepare cached image with packages
|
||||||
|
command: "chroot /var/lib/lxc/cache-{{ lxc_cache_map.distro }}/rootfs /usr/local/bin/cache-package-prep-commands.sh"
|
||||||
|
tags:
|
||||||
|
- lxc-cache
|
||||||
|
- lxc-cache-update
|
||||||
|
|
||||||
|
- name: Cached image post-preparation package script
|
||||||
|
copy:
|
||||||
|
content: |
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
set -x
|
||||||
|
{{ lxc_cache_map.cache_post_commands }}
|
||||||
|
dest: "/var/lib/lxc/cache-{{ lxc_cache_map.distro }}/rootfs/usr/local/bin/cache-post-prep-commands.sh"
|
||||||
|
mode: "0755"
|
||||||
|
tags:
|
||||||
|
- lxc-cache
|
||||||
|
- lxc-cache-update
|
||||||
|
|
||||||
|
- name: Post-prepare cached image setup commands
|
||||||
|
command: "chroot /var/lib/lxc/cache-{{ lxc_cache_map.distro }}/rootfs /usr/local/bin/cache-post-prep-commands.sh"
|
||||||
tags:
|
tags:
|
||||||
- lxc-cache
|
- lxc-cache
|
||||||
- lxc-cache-update
|
- lxc-cache-update
|
||||||
|
|
||||||
- name: Adjust sshd configuration in container
|
- name: Adjust sshd configuration in container
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: "{{ lxc_container_cache_path }}/{{ item[0].chroot_path }}/etc/ssh/sshd_config"
|
dest: "/var/lib/lxc/cache-{{ lxc_cache_map.distro }}/rootfs/etc/ssh/sshd_config"
|
||||||
regexp: "{{ item[1].regexp }}"
|
regexp: "{{ item.regexp }}"
|
||||||
line: "{{ item[1].line }}"
|
line: "{{ item.line }}"
|
||||||
state: present
|
state: present
|
||||||
with_nested:
|
with_items: lxc_cache_sshd_configuration
|
||||||
- lxc_container_caches
|
|
||||||
- lxc_cache_sshd_configuration
|
|
||||||
tags:
|
tags:
|
||||||
- lxc-cache
|
- lxc-cache
|
||||||
- lxc-cache-update
|
- lxc-cache-update
|
||||||
|
|
||||||
- name: Obtain the system's ssh public key
|
- name: Obtain the deploy system's ssh public key
|
||||||
set_fact:
|
set_fact:
|
||||||
lxc_container_ssh_key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
|
lxc_container_ssh_key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
|
||||||
when: lxc_container_ssh_key is not defined
|
when: lxc_container_ssh_key is not defined
|
||||||
@ -107,9 +111,9 @@
|
|||||||
|
|
||||||
- name: Deploy ssh public key into the cached image
|
- name: Deploy ssh public key into the cached image
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: "{{ lxc_container_cache_path }}/{{ item.chroot_path }}/root/.ssh/authorized_keys"
|
dest: "/var/lib/lxc/cache-{{ lxc_cache_map.distro }}/rootfs/root/.ssh/authorized_keys"
|
||||||
line: "{{ lxc_container_ssh_key }}"
|
line: "{{ lxc_container_ssh_key }}"
|
||||||
with_items: lxc_container_caches
|
create: true
|
||||||
tags:
|
tags:
|
||||||
- lxc-cache
|
- lxc-cache
|
||||||
- lxc-cache-update
|
- lxc-cache-update
|
||||||
|
@ -19,6 +19,12 @@
|
|||||||
tags:
|
tags:
|
||||||
- install-apt
|
- install-apt
|
||||||
|
|
||||||
|
- include: lxc_install_yum.yml
|
||||||
|
when:
|
||||||
|
- ansible_pkg_mgr == 'yum'
|
||||||
|
tags:
|
||||||
|
- install-yum
|
||||||
|
|
||||||
- name: Install pip packages
|
- name: Install pip packages
|
||||||
pip:
|
pip:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
|
@ -38,19 +38,33 @@
|
|||||||
until: install_packages|success
|
until: install_packages|success
|
||||||
retries: 5
|
retries: 5
|
||||||
delay: 2
|
delay: 2
|
||||||
with_items: lxc_apt_packages
|
with_items: lxc_packages
|
||||||
tags:
|
tags:
|
||||||
- lxc-apt-packages
|
- lxc-apt-packages
|
||||||
|
|
||||||
# The functionality with changing the container cache has been added into the
|
- name: Drop irqbalance config
|
||||||
# upstream LXC templates with patch [ https://github.com/lxc/lxc/pull/558 ]
|
template:
|
||||||
# TODO: remove the below patch and pass lxc_container_cache_path to lxc
|
src: "irqbalance.j2"
|
||||||
# templates as appropriate once the lxc update goes mainstream
|
dest: "/etc/default/irqbalance"
|
||||||
- name: Patch lxc-ubuntu cache path
|
owner: "root"
|
||||||
replace:
|
group: "root"
|
||||||
dest: /usr/share/lxc/templates/lxc-ubuntu
|
mode: "0644"
|
||||||
regexp: '\$LOCALSTATEDIR/cache/lxc'
|
notify:
|
||||||
replace: "{{ lxc_container_cache_path }}"
|
- Restart irqbalance
|
||||||
backup: yes
|
|
||||||
tags:
|
tags:
|
||||||
- lxc-cache-path
|
- lxc-files
|
||||||
|
- lxc-irqbalance
|
||||||
|
|
||||||
|
- name: Drop lxc-openstack app armor profile
|
||||||
|
template:
|
||||||
|
src: "lxc-openstack.apparmor.j2"
|
||||||
|
dest: "/etc/apparmor.d/lxc/lxc-openstack"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
mode: "0644"
|
||||||
|
notify:
|
||||||
|
- Load lxc-openstack apparmor profile
|
||||||
|
- Restart apparmor
|
||||||
|
tags:
|
||||||
|
- lxc-files
|
||||||
|
- lxc-apparmor
|
||||||
|
213
tasks/lxc_install_yum.yml
Normal file
213
tasks/lxc_install_yum.yml
Normal file
@ -0,0 +1,213 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Install yum packages
|
||||||
|
yum:
|
||||||
|
pkg: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
register: install_packages
|
||||||
|
until: install_packages|success
|
||||||
|
retries: 5
|
||||||
|
delay: 2
|
||||||
|
with_items: lxc_packages
|
||||||
|
tags:
|
||||||
|
- lxc-packages
|
||||||
|
|
||||||
|
- name: Create base directories
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: "directory"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
with_items:
|
||||||
|
- /opt/lxc_embedded
|
||||||
|
tags:
|
||||||
|
- lxc-directories
|
||||||
|
|
||||||
|
- name: download file with sha256 check
|
||||||
|
get_url:
|
||||||
|
url: "{{ lxc_download_url }}"
|
||||||
|
dest: "/opt/lxc_embedded/{{ lxc_download_url | basename }}"
|
||||||
|
register: source_download
|
||||||
|
tags:
|
||||||
|
- lxc-source
|
||||||
|
- lxc-source-download
|
||||||
|
|
||||||
|
- name: Move lxc cached image into place
|
||||||
|
unarchive:
|
||||||
|
src: "/opt/lxc_embedded/{{ lxc_download_url | basename }}"
|
||||||
|
dest: "/opt/lxc_embedded/"
|
||||||
|
copy: "no"
|
||||||
|
when: source_download|changed
|
||||||
|
tags:
|
||||||
|
- lxc-source
|
||||||
|
- lxc-source-unarchive
|
||||||
|
|
||||||
|
- name: Create new linked lib location
|
||||||
|
copy:
|
||||||
|
content: "/opt/lxc_embedded/x86_64-linux-gnu"
|
||||||
|
dest: "/etc/ld.so.conf.d/lxc-x86_64.conf"
|
||||||
|
mode: "0644"
|
||||||
|
tags:
|
||||||
|
- lxc-source
|
||||||
|
- lxc-ldconfig
|
||||||
|
|
||||||
|
- name: Create python3 link
|
||||||
|
file:
|
||||||
|
src: /usr/bin/python3.4
|
||||||
|
dest: /usr/bin/python3
|
||||||
|
state: link
|
||||||
|
tags:
|
||||||
|
- lxc-source
|
||||||
|
|
||||||
|
- name: Build and install LXC
|
||||||
|
shell: '{{ item }}'
|
||||||
|
args:
|
||||||
|
creates: /opt/lxc_embedded/bin/lxc-ls
|
||||||
|
chdir: "/opt/lxc_embedded/{{ lxc_download_url | basename | replace('.tar.gz', '') }}"
|
||||||
|
environment:
|
||||||
|
PYTHONDEV_CFLAGS: "-I/usr/include/python3.4m"
|
||||||
|
PYTHONDEV_LIBS: "-lpython3.4m"
|
||||||
|
with_items:
|
||||||
|
- ./autogen.sh
|
||||||
|
- ./configure --prefix=/opt/lxc_embedded
|
||||||
|
--libdir=/opt/lxc_embedded/x86_64-linux-gnu
|
||||||
|
--libexecdir=/opt/lxc_embedded/x86_64-linux-gnu
|
||||||
|
--with-rootfs-path=/opt/lxc_embedded/x86_64-linux-gnu/lxc
|
||||||
|
--sysconfdir=/etc
|
||||||
|
--localstatedir=/var
|
||||||
|
--with-config-path=/var/lib/lxc
|
||||||
|
--with-distro={{ ansible_distribution | lower }}
|
||||||
|
--enable-seccomp
|
||||||
|
--enable-python
|
||||||
|
--enable-doc
|
||||||
|
--enable-rpath
|
||||||
|
--enable-selinux
|
||||||
|
--enable-capabilities
|
||||||
|
--enable-configpath-log
|
||||||
|
--disable-tests
|
||||||
|
--disable-lua
|
||||||
|
- make
|
||||||
|
- make install
|
||||||
|
tags:
|
||||||
|
- lxc-source
|
||||||
|
- lxc-source-compile
|
||||||
|
|
||||||
|
- name: Ensure embedded LXC is within the PATH
|
||||||
|
lineinfile:
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
line: "{{ item.line }}"
|
||||||
|
create: "true"
|
||||||
|
with_items:
|
||||||
|
- { dest: "/etc/profile.d/lxc-path.sh", line: "pathmunge /opt/lxc_embedded/bin" }
|
||||||
|
tags:
|
||||||
|
- lxc-source
|
||||||
|
- lxc-path
|
||||||
|
|
||||||
|
- name: Remove sub system lock if found
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: "absent"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
with_items:
|
||||||
|
- /var/lock/subsys/lxc
|
||||||
|
tags:
|
||||||
|
- lxc-directories
|
||||||
|
|
||||||
|
- name: Drop post up script
|
||||||
|
copy:
|
||||||
|
content: |
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
if [ "${DEVICE}" == "{{ lxc_net_bridge }}" ];then
|
||||||
|
if [ "{{ lxc_net_nat }}" == "True" ];then
|
||||||
|
/usr/local/bin/lxc-system-manage iptables-create
|
||||||
|
/usr/local/bin/lxc-system-manage dnsmasq-start || true
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
dest: "/etc/sysconfig/network-scripts/ifup-post-{{ lxc_net_bridge }}"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
mode: "0755"
|
||||||
|
tags:
|
||||||
|
- lxc-post-up
|
||||||
|
|
||||||
|
- name: Drop post down script
|
||||||
|
copy:
|
||||||
|
content: |
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
if [ "${DEVICE}" == "{{ lxc_net_bridge }}" ];then
|
||||||
|
if [ "{{ lxc_net_nat }}" == "True" ];then
|
||||||
|
/usr/local/bin/lxc-system-manage dnsmasq-stop
|
||||||
|
/usr/local/bin/lxc-system-manage iptables-remove
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
dest: "/etc/sysconfig/network-scripts/ifdown-post-{{ lxc_net_bridge }}"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
mode: "0755"
|
||||||
|
tags:
|
||||||
|
- lxc-post-down
|
||||||
|
|
||||||
|
- name: Create networking post-up data
|
||||||
|
lineinfile:
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
line: "{{ item.line }}"
|
||||||
|
insertbefore: "^exit\ 0$"
|
||||||
|
with_items:
|
||||||
|
- dest: "/etc/sysconfig/network-scripts/ifup-post"
|
||||||
|
line: ". /etc/sysconfig/network-scripts/ifup-post-{{ lxc_net_bridge }}"
|
||||||
|
tags:
|
||||||
|
- lxc-post-up
|
||||||
|
|
||||||
|
- name: Create networking post-down data
|
||||||
|
lineinfile:
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
line: "{{ item.line }}"
|
||||||
|
insertbefore: "^exit\ 0$"
|
||||||
|
with_items:
|
||||||
|
- dest: "/etc/sysconfig/network-scripts/ifdown-post"
|
||||||
|
line: ". /etc/sysconfig/network-scripts/ifdown-post-{{ lxc_net_bridge }}"
|
||||||
|
tags:
|
||||||
|
- lxc-post-down
|
||||||
|
|
||||||
|
- name: Link embedded lxc to python3
|
||||||
|
shell: >
|
||||||
|
find /opt/lxc_embedded/lib64/python3.4/site-packages/* -maxdepth 0 | xargs -n1 ln -sf
|
||||||
|
args:
|
||||||
|
chdir: /usr/lib64/python3.4
|
||||||
|
tags:
|
||||||
|
- lxc-links
|
||||||
|
|
||||||
|
- name: Run ldconfig to make sure all libs are linked
|
||||||
|
command: ldconfig -v
|
||||||
|
tags:
|
||||||
|
- lxc-links
|
||||||
|
|
||||||
|
# This is needed because Ansible will not read an exported PATH and the default path is too restrictive
|
||||||
|
- name: Update the sudoers defaults
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/sudoers
|
||||||
|
state: present
|
||||||
|
regexp: '{{ item.regexp }}'
|
||||||
|
line: '{{ item.line }}'
|
||||||
|
validate: 'visudo -cf %s'
|
||||||
|
with_items:
|
||||||
|
- regexp: '^Defaults.*env_reset.*'
|
||||||
|
line: 'Defaults env_reset'
|
||||||
|
- regexp: '^Defaults.*secure_path.*'
|
||||||
|
line: 'Defaults secure_path="/opt/lxc_embedded/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
|
||||||
|
tags:
|
||||||
|
- lxc-path
|
@ -13,27 +13,79 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Drop lxc net bridge
|
||||||
|
template:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
mode: "0644"
|
||||||
|
with_items: "{{ lxc_cached_network_interfaces }}"
|
||||||
|
notify:
|
||||||
|
- Bring bridge up
|
||||||
|
tags:
|
||||||
|
- lxc-files
|
||||||
|
- lxc-net
|
||||||
|
- lxc-bridge
|
||||||
|
- lxc-interfaces
|
||||||
|
|
||||||
|
# All Debian installations of LXC use the lxc-net service. This service breaks our network
|
||||||
|
# model and needs to be disabled
|
||||||
|
- name: Disable and stop lxc-net
|
||||||
|
service:
|
||||||
|
name: lxc-net
|
||||||
|
enabled: no
|
||||||
|
state: stopped
|
||||||
|
when:
|
||||||
|
- ansible_os_family == "Debian"
|
||||||
|
tags:
|
||||||
|
- lxc-net
|
||||||
|
|
||||||
|
# All installations of LXC on init based systems (upstart primarily) will need to have the
|
||||||
|
# the lxc-net service override in place to ensure its not restarted on system boot
|
||||||
|
- name: Drop lxc-net override file for upstart
|
||||||
|
template:
|
||||||
|
src: manual-init.override.j2
|
||||||
|
dest: /etc/init/lxc-net.override
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
when:
|
||||||
|
- pid1_name == "init"
|
||||||
|
tags:
|
||||||
|
- lxc-files
|
||||||
|
- lxc-net
|
||||||
|
|
||||||
|
# All Debian based systems use the interfaces.d directory for extra network configs
|
||||||
|
# this check ensures the needed source line is in the base config file
|
||||||
- name: Ensure networking includes interfaces.d
|
- name: Ensure networking includes interfaces.d
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: "/etc/network/interfaces"
|
dest: "/etc/network/interfaces"
|
||||||
line: "source /etc/network/interfaces.d/*.cfg"
|
line: "source /etc/network/interfaces.d/*.cfg"
|
||||||
backup: "yes"
|
backup: "yes"
|
||||||
|
when:
|
||||||
|
- ansible_os_family == "Debian"
|
||||||
tags:
|
tags:
|
||||||
- lxc-net
|
- lxc-net
|
||||||
- lxc-interfaces
|
- lxc-interfaces
|
||||||
|
|
||||||
- name: Drop lxc net bridge
|
- name: Drop lxc net bridge - Debian
|
||||||
template:
|
template:
|
||||||
src: "lxc-net-bridge.cfg.j2"
|
src: "lxc-net-bridge.cfg.j2"
|
||||||
dest: "/etc/network/interfaces.d/lxc-net-bridge.cfg"
|
dest: "/etc/network/interfaces.d/lxc-net-bridge.cfg"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
group: "root"
|
group: "root"
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- ansible_os_family == "Debian"
|
||||||
|
notify:
|
||||||
|
- Restart bridge
|
||||||
tags:
|
tags:
|
||||||
- lxc-files
|
- lxc-files
|
||||||
- lxc-net
|
- lxc-net
|
||||||
- lxc-bridge
|
- lxc-bridge
|
||||||
|
|
||||||
|
# Check that the container bridge exists, if not bring it up
|
||||||
- name: Check Container Bridge exists
|
- name: Check Container Bridge exists
|
||||||
file:
|
file:
|
||||||
state: "file"
|
state: "file"
|
||||||
@ -44,5 +96,7 @@
|
|||||||
notify:
|
notify:
|
||||||
- Bring bridge up
|
- Bring bridge up
|
||||||
tags:
|
tags:
|
||||||
- lxc-net
|
|
||||||
- lxc-bridge
|
- lxc-bridge
|
||||||
|
|
||||||
|
# Ensure lxc networks are running as they're supposed to
|
||||||
|
- meta: flush_handlers
|
||||||
|
@ -32,38 +32,23 @@
|
|||||||
mode: "{{ item.mode|default('0644') }}"
|
mode: "{{ item.mode|default('0644') }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { src: lxc-openstack.conf.j2, dest: "/etc/lxc/lxc-openstack.conf" }
|
- { src: lxc-openstack.conf.j2, dest: "/etc/lxc/lxc-openstack.conf" }
|
||||||
|
- { src: default.conf.j2, dest: "/etc/lxc/default.conf" }
|
||||||
- { src: lxc.default.j2, dest: "/etc/default/lxc-net", mode: "0644" }
|
- { src: lxc.default.j2, dest: "/etc/default/lxc-net", mode: "0644" }
|
||||||
- { src: lxc-system-manage.j2, dest: "/usr/local/bin/lxc-system-manage", mode: "0755" }
|
- { src: lxc-system-manage.j2, dest: "/usr/local/bin/lxc-system-manage", mode: "0755" }
|
||||||
tags:
|
tags:
|
||||||
- lxc-files
|
- lxc-files
|
||||||
- lxc-config
|
- lxc-config
|
||||||
|
|
||||||
- name: Drop irqbalance config
|
- name: Drop lxc veth check script
|
||||||
template:
|
copy:
|
||||||
src: "irqbalance.j2"
|
src: "lxc-veth-check.sh"
|
||||||
dest: "/etc/default/irqbalance"
|
dest: "/usr/local/bin/lxc-veth-check"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
group: "root"
|
group: "root"
|
||||||
mode: "0644"
|
mode: "0755"
|
||||||
notify:
|
|
||||||
- Restart irqbalance
|
|
||||||
tags:
|
tags:
|
||||||
- lxc-files
|
- lxc-files
|
||||||
- lxc-irqbalance
|
- lxc-config
|
||||||
|
|
||||||
- name: Drop lxc-openstack app armor profile
|
|
||||||
template:
|
|
||||||
src: "lxc-openstack.apparmor.j2"
|
|
||||||
dest: "/etc/apparmor.d/lxc/lxc-openstack"
|
|
||||||
owner: "root"
|
|
||||||
group: "root"
|
|
||||||
mode: "0644"
|
|
||||||
notify:
|
|
||||||
- Load lxc-openstack apparmor profile
|
|
||||||
- Restart apparmor
|
|
||||||
tags:
|
|
||||||
- lxc-files
|
|
||||||
- lxc-apparmor
|
|
||||||
|
|
||||||
# Ensure apparmor reindex runs before other things that may fail
|
# Ensure apparmor reindex runs before other things that may fail
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
@ -32,14 +32,3 @@
|
|||||||
- "{{ lxc_container_cache_path }}"
|
- "{{ lxc_container_cache_path }}"
|
||||||
tags:
|
tags:
|
||||||
- lxc-directories
|
- lxc-directories
|
||||||
|
|
||||||
- name: Drop lxc-net override file
|
|
||||||
template:
|
|
||||||
src: manual-init.override.j2
|
|
||||||
dest: /etc/init/lxc-net.override
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0644
|
|
||||||
tags:
|
|
||||||
- lxc-files
|
|
||||||
- lxc-config
|
|
||||||
|
@ -35,10 +35,23 @@
|
|||||||
with_first_found:
|
with_first_found:
|
||||||
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
|
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
|
||||||
- "{{ ansible_distribution | lower }}.yml"
|
- "{{ ansible_distribution | lower }}.yml"
|
||||||
|
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
|
||||||
- "{{ ansible_os_family | lower }}.yml"
|
- "{{ ansible_os_family | lower }}.yml"
|
||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
|
||||||
|
- name: Check init system
|
||||||
|
command: cat /proc/1/comm
|
||||||
|
register: _pid1_name
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
|
- name: Set the name of pid1
|
||||||
|
set_fact:
|
||||||
|
pid1_name: "{{ _pid1_name.stdout }}"
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
- include: lxc_pre_install.yml
|
- include: lxc_pre_install.yml
|
||||||
- include: lxc_install.yml
|
- include: lxc_install.yml
|
||||||
- include: lxc_post_install.yml
|
- include: lxc_post_install.yml
|
||||||
@ -46,7 +59,6 @@
|
|||||||
- include: lxc_net.yml
|
- include: lxc_net.yml
|
||||||
- include: lxc_dnsmasq_cleanup.yml
|
- include: lxc_dnsmasq_cleanup.yml
|
||||||
- include: lxc_cache.yml
|
- include: lxc_cache.yml
|
||||||
- include: lxc_cache_preparation.yml
|
|
||||||
when: lxc_container_caches is defined
|
|
||||||
- name: Flush handlers
|
- name: Flush handlers
|
||||||
meta: flush_handlers
|
meta: flush_handlers
|
||||||
|
5
templates/default.conf.j2
Normal file
5
templates/default.conf.j2
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
lxc.network.type = {{ lxc_container_net_type }}
|
||||||
|
lxc.network.name = {{ lxc_container_net_name }}
|
||||||
|
lxc.network.link = {{ lxc_container_net_link }}
|
||||||
|
lxc.network.flags = up
|
||||||
|
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
|
17
templates/lxc-net-ifcfg-bridge.cfg.j2
Normal file
17
templates/lxc-net-ifcfg-bridge.cfg.j2
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
DEVICE={{ lxc_net_bridge }}
|
||||||
|
TYPE=Bridge
|
||||||
|
IPADDR={{ lxc_net_address }}
|
||||||
|
NETMASK={{ lxc_net_netmask }}
|
||||||
|
{% if lxc_net_gateway is not none %}
|
||||||
|
GATEWAY={{ lxc_net_gateway }}
|
||||||
|
{% endif %}
|
||||||
|
{% if lxc_net_mtu is defined %}
|
||||||
|
MTU={{ lxc_net_mtu }}
|
||||||
|
{% endif %}
|
||||||
|
ONBOOT=yes
|
||||||
|
BOOTPROTO=none
|
||||||
|
NM_CONTROLLED=no
|
||||||
|
DELAY=0
|
||||||
|
STP=no
|
@ -1,3 +0,0 @@
|
|||||||
{% for item in lxc_cache_resolvers %}
|
|
||||||
{{ item }}
|
|
||||||
{% endfor %}
|
|
@ -1,5 +0,0 @@
|
|||||||
# {{ ansible_managed }}
|
|
||||||
deb {{ lxc_container_template_main_apt_repo }} {{ lxc_container_release }} {{ lxc_container_template_apt_components | join(" ") }}
|
|
||||||
deb {{ lxc_container_template_main_apt_repo }} {{ lxc_container_release }}-updates {{ lxc_container_template_apt_components | join(" ") }}
|
|
||||||
deb {{ lxc_container_template_main_apt_repo }} {{ lxc_container_release }}-backports {{ lxc_container_template_apt_components | join(" ") }}
|
|
||||||
deb {{ lxc_container_template_security_apt_repo }} {{ lxc_container_release }}-security {{ lxc_container_template_apt_components | join(" ") }}
|
|
@ -1,15 +0,0 @@
|
|||||||
auto lxcbr0
|
|
||||||
iface lxcbr0 inet static
|
|
||||||
address 10.100.100.1
|
|
||||||
netmask 255.255.255.0
|
|
||||||
# dnsmasq start and stop
|
|
||||||
post-up /usr/local/bin/lxc-system-manage iptables-create
|
|
||||||
post-up /usr/local/bin/lxc-system-manage dnsmasq-start || true
|
|
||||||
post-down /usr/local/bin/lxc-system-manage iptables-remove
|
|
||||||
post-down /usr/local/bin/lxc-system-manage dnsmasq-stop
|
|
||||||
bridge_fd 0
|
|
||||||
bridge_maxwait 0
|
|
||||||
bridge_ports none
|
|
||||||
bridge_hello 2
|
|
||||||
bridge_maxage 12
|
|
||||||
bridge_stp off
|
|
@ -17,9 +17,14 @@
|
|||||||
hosts: localhost
|
hosts: localhost
|
||||||
connection: local
|
connection: local
|
||||||
pre_tasks:
|
pre_tasks:
|
||||||
|
- name: Show host facts
|
||||||
|
debug:
|
||||||
|
var: hostvars
|
||||||
- name: First ensure apt cache is always refreshed
|
- name: First ensure apt cache is always refreshed
|
||||||
apt:
|
apt:
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
when:
|
||||||
|
- ansible_pkg_mgr == 'apt'
|
||||||
- name: Ensure root ssh key
|
- name: Ensure root ssh key
|
||||||
user:
|
user:
|
||||||
name: "{{ ansible_env.USER | default('root') }}"
|
name: "{{ ansible_env.USER | default('root') }}"
|
||||||
@ -46,43 +51,34 @@
|
|||||||
- src: files/container-file-copy-test.txt
|
- src: files/container-file-copy-test.txt
|
||||||
dest: /tmp/file-copied-from-deployment-host.txt
|
dest: /tmp/file-copied-from-deployment-host.txt
|
||||||
post_tasks:
|
post_tasks:
|
||||||
- name: Open sysctl file
|
- name: Get sysctl content
|
||||||
slurp:
|
shell: |
|
||||||
src: /etc/sysctl.conf
|
cat /etc/sysctl.conf
|
||||||
register: sysctl_file
|
register: sysctl_content
|
||||||
- name: Read files
|
|
||||||
set_fact:
|
|
||||||
sysctl_content: "{{ sysctl_file.content | b64decode }}"
|
|
||||||
- name: Check for container tar
|
|
||||||
stat:
|
|
||||||
path: /var/cache/lxc_trusty.tgz
|
|
||||||
register: container_tar_file
|
|
||||||
- name: Check for container cache dir
|
|
||||||
stat:
|
|
||||||
path: /var/cache/lxc/trusty/rootfs-amd64/
|
|
||||||
register: container_cache_dir
|
|
||||||
- name: Check for lxc bridge
|
- name: Check for lxc bridge
|
||||||
stat:
|
stat:
|
||||||
path: /sys/class/net/lxcbr0/bridge/bridge_id
|
path: /sys/class/net/lxcbr0/bridge/bridge_id
|
||||||
register: lxc_bridge_file
|
register: lxc_bridge_file
|
||||||
- name: Check dnsmasq is running
|
- name: Check dnsmasq is running
|
||||||
shell: ps auxfww | grep -w 'dnsmasq -u lxc-dnsmasq'
|
shell: ps auxfww | grep -w 'dnsmasq -u lxc-dnsmasq'
|
||||||
- name: Get deployed interface file contents, without Ansible managed line
|
- name: DEBIAN - Get deployed interface file contents, without Ansible managed line
|
||||||
shell: |
|
shell: |
|
||||||
cat /etc/network/interfaces.d/lxc-net-bridge.cfg | tail -n +3
|
cat /etc/network/interfaces.d/lxc-net-bridge.cfg | tail -n +3
|
||||||
register: interface_file
|
register: _debian_interface_file
|
||||||
- name: Get expected interface file contents
|
when: ansible_os_family | lower == "debian"
|
||||||
|
- name: DEBIAN - interface file fact
|
||||||
|
set_fact:
|
||||||
|
interface_file: "{{ _debian_interface_file.stdout }}"
|
||||||
|
when: ansible_os_family | lower == "debian"
|
||||||
|
- name: RHEL - Get deployed interface file contents, without Ansible managed line
|
||||||
shell: |
|
shell: |
|
||||||
cat files/expected-lxc-net-bridge.cfg
|
cat /etc/sysconfig/network-scripts/ifcfg-lxcbr0 | tail -n +3
|
||||||
register: expected_interface_file
|
register: _rhel_interface_file
|
||||||
- name: Get the deployed test file from the container cache
|
when: ansible_os_family | lower == "redhat"
|
||||||
slurp:
|
- name: RHEL - interface file fact
|
||||||
src: /var/cache/lxc/trusty/rootfs-amd64/tmp/file-copied-from-deployment-host.txt
|
set_fact:
|
||||||
register: copied_file
|
interface_file: "{{ _rhel_interface_file.stdout }}"
|
||||||
- name: Get the expected test file which should have been copied
|
when: ansible_os_family | lower == "redhat"
|
||||||
slurp:
|
|
||||||
src: files/container-file-copy-test.txt
|
|
||||||
register: expected_copied_file
|
|
||||||
- name: Get bridge interface facts
|
- name: Get bridge interface facts
|
||||||
setup:
|
setup:
|
||||||
filter: ansible_lxcbr0
|
filter: ansible_lxcbr0
|
||||||
@ -90,10 +86,9 @@
|
|||||||
- name: Check role functions
|
- name: Check role functions
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- "'fs.inotify.max_user_instances' in sysctl_content"
|
- interface_file | search('.*lxcbr0.*')
|
||||||
|
- interface_file | search('.*10.100.100.1.*')
|
||||||
|
- interface_file | search('.*255.255.255.0.*')
|
||||||
|
- sysctl_content.stdout | search('fs.inotify.max_user_instances.*')
|
||||||
- "lxc_bridge_file.stat.exists"
|
- "lxc_bridge_file.stat.exists"
|
||||||
- "container_cache_dir.stat.isdir"
|
|
||||||
- "container_tar_file.stat.exists"
|
|
||||||
- "interface_file.stdout | match(expected_interface_file.stdout)"
|
|
||||||
- "copied_file.content | match(expected_copied_file.content)"
|
|
||||||
- "lxcbr0_facts.ansible_facts.ansible_lxcbr0.ipv4.address | match('10.100.100.1')"
|
- "lxcbr0_facts.ansible_facts.ansible_lxcbr0.ipv4.address | match('10.100.100.1')"
|
||||||
|
70
vars/redhat-7.yml
Normal file
70
vars/redhat-7.yml
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
lxc_download_url: "https://linuxcontainers.org/downloads/lxc/lxc-1.0.8.tar.gz"
|
||||||
|
|
||||||
|
# Required rpm packages.
|
||||||
|
lxc_packages:
|
||||||
|
- '@Development Tools'
|
||||||
|
- automake
|
||||||
|
- autoconf
|
||||||
|
- bridge-utils
|
||||||
|
- debootstrap
|
||||||
|
- docbook2X
|
||||||
|
- dnsmasq
|
||||||
|
- git
|
||||||
|
- libseccomp
|
||||||
|
- libseccomp-devel
|
||||||
|
- libcap-devel
|
||||||
|
- libselinux
|
||||||
|
- libselinux-devel
|
||||||
|
- python-devel
|
||||||
|
- python34-libs
|
||||||
|
- python34-devel
|
||||||
|
- pkgconfig
|
||||||
|
- redhat-lsb
|
||||||
|
- xz
|
||||||
|
|
||||||
|
lxc_cache_map:
|
||||||
|
distro: centos
|
||||||
|
arch: amd64
|
||||||
|
release: 7
|
||||||
|
cache_packages:
|
||||||
|
- openssh-server
|
||||||
|
- sudo
|
||||||
|
repos: {}
|
||||||
|
cache_base_commands: |
|
||||||
|
rm /etc/resolv.conf
|
||||||
|
{% for resolver in lxc_cache_resolvers %}
|
||||||
|
echo "{{ resolver }}" | tee -a /etc/resolv.conf
|
||||||
|
{% endfor %}
|
||||||
|
{{ lxc_cache_install_command }} wget python2
|
||||||
|
rm -f /usr/bin/python
|
||||||
|
ln -s /usr/bin/python2.7 /usr/bin/python
|
||||||
|
/usr/bin/wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -O /tmp/epel-release-latest-7.noarch.rpm
|
||||||
|
/usr/bin/rpm -ivh /tmp/epel-release-latest-7.noarch.rpm || true
|
||||||
|
cache_post_commands: |
|
||||||
|
yum clean all
|
||||||
|
|
||||||
|
lxc_cache_install_command: "yum install -y"
|
||||||
|
|
||||||
|
pip_install_options: >
|
||||||
|
--global-option=build_ext
|
||||||
|
--global-option="-L/opt/lxc_embedded/x86_64-linux-gnu/"
|
||||||
|
--global-option="-I/opt/lxc_embedded/include/"
|
||||||
|
|
||||||
|
lxc_cached_network_interfaces:
|
||||||
|
- src: "lxc-net-ifcfg-bridge.cfg.j2"
|
||||||
|
dest: "/etc/sysconfig/network-scripts/ifcfg-lxcbr0"
|
@ -18,17 +18,13 @@ cache_timeout: 600
|
|||||||
|
|
||||||
# Container repos
|
# Container repos
|
||||||
lxc_container_template_main_apt_repo: "https://mirror.rackspace.com/ubuntu"
|
lxc_container_template_main_apt_repo: "https://mirror.rackspace.com/ubuntu"
|
||||||
lxc_container_template_security_apt_repo: "https://mirror.rackspace.com/ubuntu"
|
lxc_container_template_security_apt_repo: "{{ lxc_container_template_main_apt_repo }}"
|
||||||
lxc_container_template_apt_components:
|
lxc_container_template_apt_components:
|
||||||
- main
|
- main
|
||||||
- universe
|
- universe
|
||||||
|
|
||||||
# Default image to build from
|
|
||||||
lxc_container_release: trusty
|
|
||||||
lxc_container_user_name: ubuntu
|
|
||||||
|
|
||||||
# Required apt packages.
|
# Required apt packages.
|
||||||
lxc_apt_packages:
|
lxc_packages:
|
||||||
- apparmor
|
- apparmor
|
||||||
- apparmor-utils
|
- apparmor-utils
|
||||||
- bridge-utils
|
- bridge-utils
|
||||||
@ -45,11 +41,91 @@ lxc_apt_packages:
|
|||||||
- lxc-templates
|
- lxc-templates
|
||||||
- python-dev
|
- python-dev
|
||||||
- python3-lxc
|
- python3-lxc
|
||||||
|
- pxz
|
||||||
|
|
||||||
# Commands to run against cached LXC image
|
lxc_cache_map:
|
||||||
lxc_cache_commands:
|
distro: ubuntu
|
||||||
- apt-get update
|
arch: amd64
|
||||||
- apt-get -y upgrade
|
release: trusty
|
||||||
- apt-get -y install python2.7
|
cache_packages:
|
||||||
- rm -f /usr/bin/python
|
- bridge-utils
|
||||||
- ln -s /usr/bin/python2.7 /usr/bin/python
|
- bsdmainutils
|
||||||
|
- build-essential
|
||||||
|
- cgmanager
|
||||||
|
- cgmanager-utils
|
||||||
|
- cgroup-lite
|
||||||
|
- comerr-dev
|
||||||
|
- curl
|
||||||
|
- debconf-utils
|
||||||
|
- debhelper
|
||||||
|
- dh-apparmor
|
||||||
|
- gettext
|
||||||
|
- gir1.2-glib-2.0
|
||||||
|
- git
|
||||||
|
- groff-base
|
||||||
|
- intltool-debian
|
||||||
|
- iptables
|
||||||
|
- iso-codes
|
||||||
|
- krb5-multidev
|
||||||
|
- libcgmanager-dev
|
||||||
|
- libdbus-1-dev
|
||||||
|
- libdbus-glib-1-2
|
||||||
|
- libdevmapper-event1.02.1
|
||||||
|
- libexpat1-dev
|
||||||
|
- libffi-dev
|
||||||
|
- libpq-dev
|
||||||
|
- libpq5
|
||||||
|
- libpython-dev
|
||||||
|
- libxml2-dev
|
||||||
|
- libxslt1-dev
|
||||||
|
- libxslt1.1
|
||||||
|
- lvm2
|
||||||
|
- openssh-server
|
||||||
|
- python-apt
|
||||||
|
- python-apt-common
|
||||||
|
- python-dev
|
||||||
|
- python-pycurl
|
||||||
|
- python-software-properties
|
||||||
|
- python3-apt
|
||||||
|
- python3-dbus
|
||||||
|
- python3-gi
|
||||||
|
- python3-minimal
|
||||||
|
- python3-pycurl
|
||||||
|
- python3-software-properties
|
||||||
|
- software-properties-common
|
||||||
|
- sqlite3
|
||||||
|
- ssh
|
||||||
|
- sshpass
|
||||||
|
- time
|
||||||
|
repos:
|
||||||
|
"/etc/apt/sources.list": |
|
||||||
|
deb {{ lxc_container_template_main_apt_repo }} trusty {{ lxc_container_template_apt_components | join(' ') }}
|
||||||
|
deb {{ lxc_container_template_main_apt_repo }} trusty-updates {{ lxc_container_template_apt_components | join(' ') }}
|
||||||
|
deb {{ lxc_container_template_main_apt_repo }} trusty-backports {{ lxc_container_template_apt_components | join(' ') }}
|
||||||
|
deb {{ lxc_container_template_security_apt_repo }} trusty-security {{ lxc_container_template_apt_components | join(' ') }}
|
||||||
|
cache_base_commands: |
|
||||||
|
rm /run/resolvconf/resolv.conf
|
||||||
|
# This enforces the resolvers from within the image
|
||||||
|
{% for resolver in lxc_cache_resolvers %}
|
||||||
|
echo "{{ resolver }}" | tee -a /run/resolvconf/resolv.conf
|
||||||
|
{% endfor %}
|
||||||
|
cp /run/resolvconf/resolv.conf /etc/resolvconf/resolv.conf.d/base
|
||||||
|
echo "# NONE" > /etc/resolvconf/resolv.conf.d/tail
|
||||||
|
echo "# NONE" > /etc/resolvconf/resolv.conf.d/original
|
||||||
|
# This is done because its possible the base repos being installed will use https
|
||||||
|
# and ansible needs access to python2.7 which the system may not have by default
|
||||||
|
{{ lxc_cache_install_command }} apt-transport-https python2.7
|
||||||
|
apt-get -y upgrade
|
||||||
|
rm -f /usr/bin/python
|
||||||
|
ln -s /usr/bin/python2.7 /usr/bin/python
|
||||||
|
mkdir -p /root/.ssh
|
||||||
|
chmod 700 /root/.ssh
|
||||||
|
userdel --force --remove ubuntu || true
|
||||||
|
cache_post_commands: |
|
||||||
|
apt-get clean
|
||||||
|
|
||||||
|
lxc_cache_install_command: "export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get install -y"
|
||||||
|
|
||||||
|
lxc_cached_network_interfaces:
|
||||||
|
- src: "lxc-net-bridge.cfg.j2"
|
||||||
|
dest: "/etc/network/interfaces.d/lxc-net-bridge.cfg"
|
||||||
|
84
vars/ubuntu-16.04.yml
Normal file
84
vars/ubuntu-16.04.yml
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
## APT Cache Options
|
||||||
|
cache_timeout: 600
|
||||||
|
|
||||||
|
# Container repos
|
||||||
|
lxc_container_template_main_apt_repo: "https://mirror.rackspace.com/ubuntu"
|
||||||
|
lxc_container_template_security_apt_repo: "{{ lxc_container_template_main_apt_repo }}"
|
||||||
|
|
||||||
|
lxc_container_template_apt_components:
|
||||||
|
- main
|
||||||
|
- universe
|
||||||
|
|
||||||
|
# Required apt packages.
|
||||||
|
lxc_packages:
|
||||||
|
- apparmor
|
||||||
|
- apparmor-utils
|
||||||
|
- bridge-utils
|
||||||
|
- cgmanager
|
||||||
|
- cgroup-lite
|
||||||
|
- debootstrap
|
||||||
|
- dnsmasq
|
||||||
|
- git
|
||||||
|
- irqbalance
|
||||||
|
- language-pack-en
|
||||||
|
- liblxc1
|
||||||
|
- lxc
|
||||||
|
- lxc-dev
|
||||||
|
- lxc-templates
|
||||||
|
- python-dev
|
||||||
|
- python3-lxc
|
||||||
|
- pxz
|
||||||
|
|
||||||
|
lxc_cache_map:
|
||||||
|
distro: ubuntu
|
||||||
|
arch: amd64
|
||||||
|
release: xenial
|
||||||
|
cache_packages:
|
||||||
|
- openssh-server
|
||||||
|
repos:
|
||||||
|
"/etc/apt/sources.list": |
|
||||||
|
deb {{ lxc_container_template_main_apt_repo }} xenial {{ lxc_container_template_apt_components | join(' ') }}
|
||||||
|
deb {{ lxc_container_template_main_apt_repo }} xenial-updates {{ lxc_container_template_apt_components | join(' ') }}
|
||||||
|
deb {{ lxc_container_template_main_apt_repo }} xenial-backports {{ lxc_container_template_apt_components | join(' ') }}
|
||||||
|
deb {{ lxc_container_template_security_apt_repo }} xenial-security {{ lxc_container_template_apt_components | join(' ') }}
|
||||||
|
cache_base_commands: |
|
||||||
|
rm /run/resolvconf/resolv.conf
|
||||||
|
# This enforces the resolvers from within the image
|
||||||
|
{% for resolver in lxc_cache_resolvers %}
|
||||||
|
echo "{{ resolver }}" | tee -a /run/resolvconf/resolv.conf
|
||||||
|
{% endfor %}
|
||||||
|
cp /run/resolvconf/resolv.conf /etc/resolvconf/resolv.conf.d/base
|
||||||
|
echo "# NONE" > /etc/resolvconf/resolv.conf.d/tail
|
||||||
|
echo "# NONE" > /etc/resolvconf/resolv.conf.d/original
|
||||||
|
# This is done because its possible the base repos being installed will use https
|
||||||
|
# and ansible needs access to python2.7 which the system may not have by default
|
||||||
|
{{ lxc_cache_install_command }} apt-transport-https python2.7
|
||||||
|
apt-get -y upgrade
|
||||||
|
rm -f /usr/bin/python
|
||||||
|
ln -s /usr/bin/python2.7 /usr/bin/python
|
||||||
|
mkdir -p /root/.ssh
|
||||||
|
chmod 700 /root/.ssh
|
||||||
|
userdel --force --remove ubuntu || true
|
||||||
|
cache_post_commands: |
|
||||||
|
apt-get clean
|
||||||
|
|
||||||
|
lxc_cache_install_command: "export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get install -y"
|
||||||
|
|
||||||
|
lxc_cached_network_interfaces:
|
||||||
|
- src: "lxc-net-bridge.cfg.j2"
|
||||||
|
dest: "/etc/network/interfaces.d/lxc-net-bridge.cfg"
|
Loading…
Reference in New Issue
Block a user