Commit Graph

34 Commits

Author SHA1 Message Date
Marc Gariepy
986c648479 LXC version to 2.0.6 on CentOS
- bump version to 2.0.6
- check sha256sum

Change-Id: Ifdd0228ef1916247988f9541d93016a750b4c56a
2016-12-05 15:40:29 -05:00
Marc Gariepy
6fd1f9e0c4 Add selinux rules to allow lxc-attach after reboot
Lxc-attach does not work after a reboot on CentOS
it needs a selinux module to allow it.

Change-Id: I4226a86b852193a4c3c2812ea4879b37cca348e6
2016-12-02 14:48:26 +00:00
Jesse Pretorius
684a88ae15 Remove unnecessary symlinks from container cache
As far as I can find these symlinks are unnecessary. They
appear to have originally been sourced from the Archlinux
'Linux Containers' wiki page, from where it's now been
removed. There are some noteworthy comments in [1] which
was cited in the wiki page removal.

The bits that are necessary are all included in the LXC
template on a per distribution basis and we now use the
download template in which everything has been prepared.

[1] https://github.com/lxc/lxc/pull/1011

Change-Id: Ia538dc3baea78397b0b13ac4effb6ff1a40fc03c
2016-11-29 13:43:15 +00:00
Jesse Pretorius (odyssey4me)
32e6fc2f9f Revert "Fix /var/run for centos lxc containers"
This reverts commit 018aeb4c34.

Now that this has been resolved upstream, this needs to be reverted as it's causing CentOS builds to fail.

Change-Id: I55371b7eb3c5276e4d13927544c2e1d49d487753
2016-11-10 07:40:19 +00:00
Marc Gariepy
018aeb4c34 Fix /var/run for centos lxc containers
this is temporary until this get merged and the template gets updated
https://github.com/lxc/lxc/pull/1286

Change-Id: I81d2bf010f598c28196de8bfd0984c19dc73c959
2016-11-08 18:32:46 +00:00
Marc Gariepy
b517074c7a LXC version to 2.0.5 on CentOS
Change-Id: I939cdeca5771ad71fc0034f751fc9a0dfd0bbde6
2016-10-24 10:15:50 -04:00
Kevin Carter
49979680bd
Copy system localtime when creating container cache
Containers should use the same TZ setting as the host machine. This
change ensures that all containers created are using iheriting the
system's "/etc/localtime" which ensurs that the container and the host
are running on the same TZ at build time.

Change-Id: Ica571d9dc280bf46be475b6a83ada47fd3410d92
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-10-13 14:26:07 -05:00
Marc Gariepy
ed293e9569 Add prefix vars to add options for lxc_build
Ansible doesn't have role scoped include_vars. Adding
lxc_hosts_pip_install_options for the pip install build on centos and
allow override with pip_install_options for other roles.

Change-Id: I78fb85d44b5b0e1643bd07af3e15462c02041c89
2016-10-11 11:09:59 -04:00
Marc Gariepy
7c5ecd3fa6 Add tar for the base centos lxc archive.
tar is needed by various containers ( venv create/extract).

Change-Id: I25c5c7a0f18a5a90127d822ff1b78c4cebe63bb1
2016-09-09 09:16:25 -04:00
Logan V
b9152b925c Compress base container using parallel xz
The package for pxz is installed but was not being used, so
the base container compression was only using 1 core during
compression. This change allows pxz to be used which will
compress much faster when multiple cores are available.

Change-Id: I7eee214a69762b36c9bb2b23edad5688189bb967
2016-09-04 09:12:03 -05:00
Marc Gariepy
812e72b7b2 Fix path for lxc-net config on distro.
Introducing system_config_dir to configure where the lxc-net file is
located on centos or ubuntu.

Change-Id: I3e2bbfd81f17b8a697ed9d7cad81c89b2b48ba9f
2016-09-01 10:23:55 -04:00
Jesse Pretorius
fe749b5d7d Rename package lists (and related vars) appropriately
In order to make it easier to differentiate between the lists of
python packages, distribution packages, downloaded packages,
package pins and other similar variables the variable names are
being changed to ensure that they have a more explicit suffix
that defines the purpose and makes the naming more consistent.

This is to facilitate a lookup plugin which will be able to look
up all the package lists and present them as a consolidated piece
of data which may be used for artifact preparation.

Change-Id: I09a21bac75a48450850313d2fe6d57aac311ce65
2016-08-30 16:13:24 +01:00
Kevin Carter (cloudnull)
a4b2802bdf Revert "[GATE UNBLOCK] Purge/reinstall broken package from the xenial base image"
This reverts commit d775ca665b.

Change-Id: I077265ecff3bbef2fb3afbb1f0efc819eb9dccb0
2016-08-25 00:50:37 +00:00
Kevin Carter
d775ca665b
[GATE UNBLOCK] Purge/reinstall broken package from the xenial base image
This change simply removes a package from the base container image via
a prep command to ensure "libssl1.0.0" installed is a valid version and
is using a release that is supported by the local mirrors.

Change-Id: I7933b6300df5a3aff91d49cfff0deb95896e4f84
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-08-24 08:32:21 -05:00
Jesse Pretorius
a3a365617c Update CentOS/RHEL LXC version to 2.0.4
In the current tests, the container stop/start process most
often fails on CentOS.

This patch updates the version to the latest available in
the hope of resolving this.

Change-Id: I5c29b015b773255879dec9e7fed2a046caec72f8
2016-08-19 12:47:39 +01:00
Jesse Pretorius
bb2e7a08a0 Revise container DNS resolution implementation
The current LXC cache preparation copies the DNS resolver config
from the host into the container.

When the host has been setup with a DNS caching system like 'unbound'
running on it, the host's resolv.conf contains only a localhost
nameserver entry which will not work from inside the container.

The Ubuntu containers use resolvconf by default. Resolvconf gathers
the DNS settings from each interface configured and compiles
/etc/resolv.conf from the interface information. This results in
a nameserver list which will start with the LXC dnsmasq service
which runs on lxcbr0. This service uses the host's DNS configuration
for name resolution.

In effect, therefore, when the containers use the DNS service on
lxcbr0, the host does the resolution and responds to the container.
This means far less moving parts and a far more predictable
implementation for name resolution.

This patch implements the changes necessary for this strategy to
work.

Change-Id: Ib139af5221dbb1f479ca068e472cf0e8aa828a8d
2016-08-17 18:42:05 +00:00
Kevin Carter
b1ab82b526 Added systemd resolver files to Ubuntu16.04 and RHEL7
This change adds the systemd resolver file to the `copy_from_host`
include list. This will ensure that all of the resolver information
on a given host is also present within a container.

Change-Id: I8cb6635f0021c65cf8245ca346c5effcd759115d
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-08-15 09:44:45 -05:00
Jesse Pretorius
d66cedcc15 Extend container prep to include default network interface
This patch implements the preparation commands from the
lxc-container-create role as this preparation is required
to be done for all containers and is not unique for each
container.

Change-Id: Ia8c0bb759b5df29f1b3a5e11230040ffc6e97362
2016-08-11 09:08:26 -05:00
Jesse Pretorius
6cbe56a090 Make backup directory in container cache
The /var/backup is created in all containers, so it should be created
in the container cache.

This also ensures that the bind mount to this directory can be done
when the container is first created.

Change-Id: I0e2922b31fe301002837e82970814fe8cbe6088a
2016-07-26 18:25:15 +00:00
Kevin Carter
5606ea555b
Update the version of LXC installed to the latest stable
This change updates the installation of LXC on Ubuntu 14.04 to be the
latest stable release. The change will, at the time of this commit,
use LXC version 2.0.x as the base version. By updating we'll be able
to take advantage of the various performance and stability enhancements
that have been created since the release of 2.x. This also brings our
Ubuntu 14.04 installations in line with Ubuntu 16.04 and CentOS7 such
that we're using a single supported release.

Change-Id: I29220bee11401cc424ef54160cc873b8fc395dd1
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-07-05 10:54:15 -05:00
Jesse Pretorius
a5e5567369 Improve LXC cache preparation process
Without this patch, any errors that happen during the
'apt-get update' execution will cause the 'apt-get install'
execution to never happen.

This patch implements the following:

- It sets the cache prep script to exit on error to ensure
  that the task fails if there is an error.

- It splits the upgrade and install command on to different
  lines to ensure that each command's success can be
  determined individually.

- It removes the clearing of the archive metadata introduced
  in https://review.openstack.org/310091 as this also removes
  apt lock files and other things which should not be removed.
  Removing all this is unnecessary with the new cache prep
  process and the 'apt-get clean' execution later clears the
  cache before it is packaged.

- It removes the copy of /etc/apt/sources.list.d/ from the host
  to prevent a situation where a host apt source requires
  additional packages to be installed (for example curl) and
  those packages can't be installed due to the 'apt-get update'
  command failing because the package to update the index is
  missing.

Change-Id: I07a864e4125a7fc076cbf5bf7380a8e34e6d2d7c
2016-06-23 11:43:34 -05:00
Jenkins
41f3e60433 Merge "Fix missing iptables in containers" 2016-06-03 16:07:52 +00:00
Kevin Carter
1df6b5d940
Update the version of LXC for centos7
This updates the version of LXC to the latest stable (2.0.1).
This is being done because issues exist when running LXC 1.x
within SystemD and how capabilities are handled. To resolve the
capability issues as seen here: [0] the version of LXC has been
updated. This change also pulls Centos 7 in line with the release
series of LXC found on Ubuntu 16.04.

This change will unblock the os_keystone PR [1].

[0] - http://logs.openstack.org/16/320216/10/experimental/gate-openstack-ansible-os_keystone-ansible-func-centos-7-nv/514118f/console.html#_2016-06-01_20_59_54_386
[1] - https://review.openstack.org/#/c/320216

Change-Id: I333fb1887339e8dc9ebf10ff137dda3cff629dc0
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-06-03 00:42:08 -05:00
Michael Gugino
e00c385f7d Fix missing iptables in containers
On Ubuntu 16.04, iptables is not installed by default.

This patch ensures lxc hosts and containers have iptables
installed.

Change-Id: I31d367a840952c2e6a20730ce1ce1e049b44b419
2016-06-02 16:30:41 -04:00
Michael Gugino
64b3a43b94 Fix missing /run/resolvconf/resolv.conf in trusty/xenial
Ubuntu 14/16.04 uses links /etc/resolv.conf to
/run/resolvconf/resolv.conf.  This results in a
failure of rsync to copy the contents of the
lxc host's resolv.conf contents into the container
template, and only recreates the link.

This commit adds the necessary files from /run/resolvconf
to the container template to allow for proper domain
resolution during template modification.

The sync command from the tasks/lxc_cache_preparation.yml file
now ensures a source exists prior to running the sync. This is
needed because of differences in the gate vs what is seen in
production. Additionally the item variables in the sync command
have been quoted they can not be escaped.

Change-Id: I58c9a81306922f9e587e1ed3a7a2693c64bfec3c
2016-06-01 22:44:47 +00:00
Jesse Pretorius
f11bbc4f34 Make the LXC cache prep use the host resolver config
Currently the container cache preparation process uses a list of
resolver addresses in order to prepare the container DNS resolution
configuration.

This presents a few problems:
- The default value is set to Google's DNS addresses, which may not
  be accessible from a deployer's environment. This will cause an
  installation to fail and the deployer will have to dig around to
  find out why. This is counterintuitive - it would be better if the
  default process was to discover the host's configuration and to use
  that instead.
- Nothing other than a very simple resolv.conf can be implemented.
  Deployers may wish to implement more advanced settings such as
  timeouts and round-robin queries.

This patch changes the image cache preparation process to ensure that
the container resolver configuration matches that of the host. This is
simpler and more intuitive.

Change-Id: I66b448dee361e231d172eb278b290ec4dccfdf97
2016-05-27 16:21:07 +00:00
Jesse Pretorius
c2266350c8 Ensure that modified files are kept when installing/upgrading
In a situation where the LXC cache and the apt mirror used do
not have matching package versions, or where the host and the
LXC cache have mismatches, the 'apt-get upgrade' and/or
'apt-get install' actions can fail due to dpkg asking what to
do about the config file mismatches.

This patch ensures that dpkg knows what to do, which is to
keep the existing in-place file (the file copied from the
host). This ensures that whatever apt configuration was
implemented on the host is definitely used in the containers.

Change-Id: I1f8bc785a8acdac71f46eff0e0d9573ba5c62ab3
2016-05-26 16:38:00 +01:00
Jean-Philippe Evrard
81d904bc78 Include the apt keys from lxc host in cache generation
This generates apt key dump of the lxc host, copies it to the container,
loads it and then removes the temporary file for it.

All non-interactively.

This only applies for ubuntu {14,16}.04

Change-Id: I74650b5924cbe5ded16ce2dfa683e2c110c4e943
Signed-off-by: Jean-Philippe Evrard <jean-philippe.evrard@rackspace.co.uk>
2016-05-20 16:06:34 +00:00
Michael Gugino
0bc0844e96 Fix missing ca-certificates package
Occassionally during gate test, some containers
seem to be lacking or have an outdated 'ca-certificates'
package.

This patch adds ca-certificates to container cache prep
for the container build process.

Change-Id: Ib3613e4338e4dc7e2f1df75e842aa4213d207746
2016-05-19 14:56:41 -04:00
Jesse Pretorius
aca3d5e01d Make the LXC cache prep use the host package source config
Currently the container cache preparation process uses a pre-prepared
LXC base image which includes its own package repository configuration.

This presents a few problems:
- The first packages installed will make use of the base image's
  package repo configuration, resulting in a bypass of local mirrors
  to install the first set of packages.
- A set of vars need to be set in order to have the containers use a
  local mirror, otherwise it'll use the mirrors set in the role's vars
  files. This is counterintuitive.

Another problem introduced by I95c210c83ca968d11ba6f6a36b634bb798fa291f
as a result of the package repository vars moving from the role defaults
to the vars files is that the precedence has changed. The change in
precedence means that a task which sets a fact can't be used to override
the defaults set in the vars file. This method is used in all the role
tests to ensure that the OpenStack-CI repositories can be discovered from
the host and then used.

This patch changes the image cache preparation process to ensure that
the container package repository configuration matches the host
configuration. This is simpler and more intuitive.

Additionally the copy task from the deployment host into the container
cache is set to assume the same destination in the container as the
source (to reduce configuration verbosity), appropriately sets the
leading '0' for the mode (to prevent unexpected surprises), and
appropriately quotes the variable (to ensure forward compatibility
with Ansible 2.0).

Finally, the use of lxc_container_caches in the test configuration
has been removed as it is no longer used.

Change-Id: I420382fd3bbbb5fcae90ae0c6160233202a1a51a
2016-05-18 18:14:17 +01:00
Kyle L. Henderson
756c4cb6c3 Implement Ubuntu support on ppc64le
This commit allows the functional tests to pass on ppc64 with
Ubuntu. It uses a dict to map the architecture of the platform to
the appropriate repo url.  One thing to note is that ansible reports
the architecture as ppc64le while the distro uses ppc64el.

Change-Id: I99ce6b6f84b3ddff5486debbb1a26e1ba7d7d17e
2016-05-09 11:00:21 -05:00
Charles Farquhar
a2bcc99dfa
Clear apt lists in LXC image before apt-get update
When using an Ubuntu mirror that is different from the mirror used
to build the LXC image, differences in the mirror metadata can result
in a "Hash Sum mismatch" error during apt-get update.

Ading "rm -rf /var/lib/apt/lists/*" to lxc_cache_commands prevents
the problem.

Change-Id: I5fde7d0e7e84a6bd4f72dbf16d0fdfe423a2d715
Closes-Bug: 1574936
2016-05-03 08:51:14 -05:00
Kevin Carter
f5542103b3
Changed for lxc-host setup/build for multi-distro
This change updates the lxc-host setup role to build the lxc cache using the
download template based on default images found here:[0]. These images are
upsteam builds from the greater LXC/D community.

This update adds support for Ubuntu 14.04, 16.04 and RHEL/CentOS 7 container
types and the cache will be generated from the host Operating system.

[0] - https://images.linuxcontainers.org/

Change-Id: Ie13be2322d28178760481c59805101d6aeef4f36
Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-05-03 08:49:54 -05:00
Kevin Carter
48a3423967
Updated role using the Multi-Distro framework
* The default apt packages have been moved into a var file
  that is only loaded when the detected OS is matched.
* The Install task file has had the apt specific tasks moved
  into a named install task file.

Change-Id: I95c210c83ca968d11ba6f6a36b634bb798fa291f
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-03-22 10:28:44 -05:00