As far as I can find these symlinks are unnecessary. They
appear to have originally been sourced from the Archlinux
'Linux Containers' wiki page, from where it's now been
removed. There are some noteworthy comments in [1] which
was cited in the wiki page removal.
The bits that are necessary are all included in the LXC
template on a per distribution basis and we now use the
download template in which everything has been prepared.
[1] https://github.com/lxc/lxc/pull/1011
Change-Id: Ia538dc3baea78397b0b13ac4effb6ff1a40fc03c
This reverts commit 018aeb4c34.
Now that this has been resolved upstream, this needs to be reverted as it's causing CentOS builds to fail.
Change-Id: I55371b7eb3c5276e4d13927544c2e1d49d487753
this is temporary until this get merged and the template gets updated
https://github.com/lxc/lxc/pull/1286
Change-Id: I81d2bf010f598c28196de8bfd0984c19dc73c959
Containers should use the same TZ setting as the host machine. This
change ensures that all containers created are using iheriting the
system's "/etc/localtime" which ensurs that the container and the host
are running on the same TZ at build time.
Change-Id: Ica571d9dc280bf46be475b6a83ada47fd3410d92
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Ansible doesn't have role scoped include_vars. Adding
lxc_hosts_pip_install_options for the pip install build on centos and
allow override with pip_install_options for other roles.
Change-Id: I78fb85d44b5b0e1643bd07af3e15462c02041c89
The package for pxz is installed but was not being used, so
the base container compression was only using 1 core during
compression. This change allows pxz to be used which will
compress much faster when multiple cores are available.
Change-Id: I7eee214a69762b36c9bb2b23edad5688189bb967
In order to make it easier to differentiate between the lists of
python packages, distribution packages, downloaded packages,
package pins and other similar variables the variable names are
being changed to ensure that they have a more explicit suffix
that defines the purpose and makes the naming more consistent.
This is to facilitate a lookup plugin which will be able to look
up all the package lists and present them as a consolidated piece
of data which may be used for artifact preparation.
Change-Id: I09a21bac75a48450850313d2fe6d57aac311ce65
This change simply removes a package from the base container image via
a prep command to ensure "libssl1.0.0" installed is a valid version and
is using a release that is supported by the local mirrors.
Change-Id: I7933b6300df5a3aff91d49cfff0deb95896e4f84
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
In the current tests, the container stop/start process most
often fails on CentOS.
This patch updates the version to the latest available in
the hope of resolving this.
Change-Id: I5c29b015b773255879dec9e7fed2a046caec72f8
The current LXC cache preparation copies the DNS resolver config
from the host into the container.
When the host has been setup with a DNS caching system like 'unbound'
running on it, the host's resolv.conf contains only a localhost
nameserver entry which will not work from inside the container.
The Ubuntu containers use resolvconf by default. Resolvconf gathers
the DNS settings from each interface configured and compiles
/etc/resolv.conf from the interface information. This results in
a nameserver list which will start with the LXC dnsmasq service
which runs on lxcbr0. This service uses the host's DNS configuration
for name resolution.
In effect, therefore, when the containers use the DNS service on
lxcbr0, the host does the resolution and responds to the container.
This means far less moving parts and a far more predictable
implementation for name resolution.
This patch implements the changes necessary for this strategy to
work.
Change-Id: Ib139af5221dbb1f479ca068e472cf0e8aa828a8d
This change adds the systemd resolver file to the `copy_from_host`
include list. This will ensure that all of the resolver information
on a given host is also present within a container.
Change-Id: I8cb6635f0021c65cf8245ca346c5effcd759115d
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This patch implements the preparation commands from the
lxc-container-create role as this preparation is required
to be done for all containers and is not unique for each
container.
Change-Id: Ia8c0bb759b5df29f1b3a5e11230040ffc6e97362
The /var/backup is created in all containers, so it should be created
in the container cache.
This also ensures that the bind mount to this directory can be done
when the container is first created.
Change-Id: I0e2922b31fe301002837e82970814fe8cbe6088a
This change updates the installation of LXC on Ubuntu 14.04 to be the
latest stable release. The change will, at the time of this commit,
use LXC version 2.0.x as the base version. By updating we'll be able
to take advantage of the various performance and stability enhancements
that have been created since the release of 2.x. This also brings our
Ubuntu 14.04 installations in line with Ubuntu 16.04 and CentOS7 such
that we're using a single supported release.
Change-Id: I29220bee11401cc424ef54160cc873b8fc395dd1
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Without this patch, any errors that happen during the
'apt-get update' execution will cause the 'apt-get install'
execution to never happen.
This patch implements the following:
- It sets the cache prep script to exit on error to ensure
that the task fails if there is an error.
- It splits the upgrade and install command on to different
lines to ensure that each command's success can be
determined individually.
- It removes the clearing of the archive metadata introduced
in https://review.openstack.org/310091 as this also removes
apt lock files and other things which should not be removed.
Removing all this is unnecessary with the new cache prep
process and the 'apt-get clean' execution later clears the
cache before it is packaged.
- It removes the copy of /etc/apt/sources.list.d/ from the host
to prevent a situation where a host apt source requires
additional packages to be installed (for example curl) and
those packages can't be installed due to the 'apt-get update'
command failing because the package to update the index is
missing.
Change-Id: I07a864e4125a7fc076cbf5bf7380a8e34e6d2d7c
On Ubuntu 16.04, iptables is not installed by default.
This patch ensures lxc hosts and containers have iptables
installed.
Change-Id: I31d367a840952c2e6a20730ce1ce1e049b44b419
Ubuntu 14/16.04 uses links /etc/resolv.conf to
/run/resolvconf/resolv.conf. This results in a
failure of rsync to copy the contents of the
lxc host's resolv.conf contents into the container
template, and only recreates the link.
This commit adds the necessary files from /run/resolvconf
to the container template to allow for proper domain
resolution during template modification.
The sync command from the tasks/lxc_cache_preparation.yml file
now ensures a source exists prior to running the sync. This is
needed because of differences in the gate vs what is seen in
production. Additionally the item variables in the sync command
have been quoted they can not be escaped.
Change-Id: I58c9a81306922f9e587e1ed3a7a2693c64bfec3c
Currently the container cache preparation process uses a list of
resolver addresses in order to prepare the container DNS resolution
configuration.
This presents a few problems:
- The default value is set to Google's DNS addresses, which may not
be accessible from a deployer's environment. This will cause an
installation to fail and the deployer will have to dig around to
find out why. This is counterintuitive - it would be better if the
default process was to discover the host's configuration and to use
that instead.
- Nothing other than a very simple resolv.conf can be implemented.
Deployers may wish to implement more advanced settings such as
timeouts and round-robin queries.
This patch changes the image cache preparation process to ensure that
the container resolver configuration matches that of the host. This is
simpler and more intuitive.
Change-Id: I66b448dee361e231d172eb278b290ec4dccfdf97
In a situation where the LXC cache and the apt mirror used do
not have matching package versions, or where the host and the
LXC cache have mismatches, the 'apt-get upgrade' and/or
'apt-get install' actions can fail due to dpkg asking what to
do about the config file mismatches.
This patch ensures that dpkg knows what to do, which is to
keep the existing in-place file (the file copied from the
host). This ensures that whatever apt configuration was
implemented on the host is definitely used in the containers.
Change-Id: I1f8bc785a8acdac71f46eff0e0d9573ba5c62ab3
This generates apt key dump of the lxc host, copies it to the container,
loads it and then removes the temporary file for it.
All non-interactively.
This only applies for ubuntu {14,16}.04
Change-Id: I74650b5924cbe5ded16ce2dfa683e2c110c4e943
Signed-off-by: Jean-Philippe Evrard <jean-philippe.evrard@rackspace.co.uk>
Occassionally during gate test, some containers
seem to be lacking or have an outdated 'ca-certificates'
package.
This patch adds ca-certificates to container cache prep
for the container build process.
Change-Id: Ib3613e4338e4dc7e2f1df75e842aa4213d207746
Currently the container cache preparation process uses a pre-prepared
LXC base image which includes its own package repository configuration.
This presents a few problems:
- The first packages installed will make use of the base image's
package repo configuration, resulting in a bypass of local mirrors
to install the first set of packages.
- A set of vars need to be set in order to have the containers use a
local mirror, otherwise it'll use the mirrors set in the role's vars
files. This is counterintuitive.
Another problem introduced by I95c210c83ca968d11ba6f6a36b634bb798fa291f
as a result of the package repository vars moving from the role defaults
to the vars files is that the precedence has changed. The change in
precedence means that a task which sets a fact can't be used to override
the defaults set in the vars file. This method is used in all the role
tests to ensure that the OpenStack-CI repositories can be discovered from
the host and then used.
This patch changes the image cache preparation process to ensure that
the container package repository configuration matches the host
configuration. This is simpler and more intuitive.
Additionally the copy task from the deployment host into the container
cache is set to assume the same destination in the container as the
source (to reduce configuration verbosity), appropriately sets the
leading '0' for the mode (to prevent unexpected surprises), and
appropriately quotes the variable (to ensure forward compatibility
with Ansible 2.0).
Finally, the use of lxc_container_caches in the test configuration
has been removed as it is no longer used.
Change-Id: I420382fd3bbbb5fcae90ae0c6160233202a1a51a
This commit allows the functional tests to pass on ppc64 with
Ubuntu. It uses a dict to map the architecture of the platform to
the appropriate repo url. One thing to note is that ansible reports
the architecture as ppc64le while the distro uses ppc64el.
Change-Id: I99ce6b6f84b3ddff5486debbb1a26e1ba7d7d17e
When using an Ubuntu mirror that is different from the mirror used
to build the LXC image, differences in the mirror metadata can result
in a "Hash Sum mismatch" error during apt-get update.
Ading "rm -rf /var/lib/apt/lists/*" to lxc_cache_commands prevents
the problem.
Change-Id: I5fde7d0e7e84a6bd4f72dbf16d0fdfe423a2d715
Closes-Bug: 1574936
This change updates the lxc-host setup role to build the lxc cache using the
download template based on default images found here:[0]. These images are
upsteam builds from the greater LXC/D community.
This update adds support for Ubuntu 14.04, 16.04 and RHEL/CentOS 7 container
types and the cache will be generated from the host Operating system.
[0] - https://images.linuxcontainers.org/
Change-Id: Ie13be2322d28178760481c59805101d6aeef4f36
Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
* The default apt packages have been moved into a var file
that is only loaded when the detected OS is matched.
* The Install task file has had the apt specific tasks moved
into a named install task file.
Change-Id: I95c210c83ca968d11ba6f6a36b634bb798fa291f
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>