--- # Copyright 2015, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: Pull systemd version command: "systemctl --version" changed_when: false register: systemd_version tags: # Avoid ANSIBLE0006 lint issue: systemctl used in place of systemd module - skip_ansible_lint - block: - name: Create machined proxy override unit directories file: path: "/etc/systemd/system/{{ item }}" owner: root group: root mode: '0755' state: directory with_items: - systemd-machined.service.d - systemd-importd.service.d - name: Drop the machined proxy override units template: src: systemd-proxy-unit.conf.j2 dest: /etc/systemd/system/{{ item }}/proxy.conf owner: root group: root mode: '0644' with_items: - systemd-machined.service.d - systemd-importd.service.d when: - (deployment_environment_variables | default({})).keys() | length > 0 - include_tasks: lxc_volume.yml - include_tasks: "lxc_cache_preparation_systemd_{{ (systemd_version.stdout_lines[0].split()[-1] | int > 219) | ternary('new', 'old') }}.yml" - name: Set the qgroup limits block: - name: Set the qgroup size|compression limits on machines command: "btrfs qgroup limit {{ item }} {{ lxc_image_cache_path }}" changed_when: false with_items: - "-e {{ lxc_host_machine_qgroup_space_limit }}" - "-c {{ lxc_host_machine_qgroup_compression_limit }}" when: - not lxc_host_machine_quota_disabled rescue: - name: Notice regarding quota system debug: msg: >- There was an error processing the setup of qgroups. Check the system to ensure they're available otherwise disable the quota system by setting `lxc_host_machine_quota_disabled` to true. - block: - name: Generate apt keys from LXC host for the container cache shell: "apt-key exportall" changed_when: false register: _apt_exportall tags: - skip_ansible_lint - name: Write exported keys to temporary file copy: content: "{{ _apt_exportall.stdout }}" dest: "/root/repo.keys" notify: - Remove generated apt keys from LXC host when: - ansible_pkg_mgr == 'apt' # NOTE(cloudnull): We're using rsync and an if block because we've no means # to loop over a block. Re-evaluate this task when/if this is # merged https://github.com/ansible/ansible/issues/13262 - name: Rsyncing files from the LXC host to the container cache shell: | if [[ -e "{{ item }}" ]]; then rsync -av "{{ item }}" "{{ lxc_image_cache_path }}{{ item }}" else exit 3 fi changed_when: _rsync_container_cache.rc == 0 failed_when: _rsync_container_cache.rc not in [0, 3] register: _rsync_container_cache args: executable: "/bin/bash" with_items: "{{ (lxc_cache_map.copy_from_host | union(lxc_container_cache_files_from_host)) | list }}" - name: Ensure directories exist for lxc_container_cache_files file: dest: "{{ lxc_image_cache_path }}{{ item.dest | default(item.src) | dirname }}" state: directory with_items: "{{ lxc_container_cache_files }}" - name: Copy files from deployment host to the container cache copy: src: "{{ item.src }}" dest: "{{ lxc_image_cache_path }}{{ item.dest | default(item.src) }}" owner: "{{ item.owner | default('root') }}" group: "{{ item.group | default('root') }}" mode: "{{ item.mode | default('0644') }}" with_items: "{{ lxc_container_cache_files }}" - name: Cached image preparation script template: src: "{{ lxc_cache_prep_template }}" dest: "{{ lxc_image_cache_path }}/opt/cache-prep-commands.sh" mode: "0755" # This task runs several commands against the cached image to speed up the # lxc_container_create playbook. - name: Prepare cached image setup commands shell: "chroot {{ lxc_image_cache_path }} /opt/cache-prep-commands.sh > /var/log/lxc-cache-prep-commands.log 2>&1" changed_when: false async: "{{ lxc_cache_prep_timeout }}" poll: 0 register: _lxc_cache_prepare_commands - name: Obtain the deploy system's ssh public key set_fact: lxc_container_ssh_key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}" when: lxc_container_ssh_key is not defined - name: Deploy ssh public key into the cached image lineinfile: dest: "{{ lxc_image_cache_path }}/root/.ssh/authorized_keys" line: "{{ lxc_container_ssh_key }}" create: true # NOTE(cloudnull): Wait for the cache preparation script has completed before # building the new RootFS - name: Ensure that the LXC cache has been prepared async_status: jid: "{{ _lxc_cache_prepare_commands.ansible_job_id }}" register: _lxc_cache_prepare_commands_result until: _lxc_cache_prepare_commands_result.finished delay: 10 retries: "{{ lxc_cache_prep_timeout // 10 }}" - name: Remove requiretty for sudo on centos template: dest: "{{ lxc_image_cache_path }}/etc/sudoers.d/openstack-ansible" owner: root group: root mode: "0440" src: sudoers.j2 when: - ansible_pkg_mgr == 'yum' - name: Adjust sshd configuration in container lineinfile: dest: "{{ lxc_image_cache_path }}/etc/ssh/sshd_config" regexp: "{{ item.regexp }}" line: "{{ item.line }}" state: present with_items: "{{ lxc_cache_sshd_configuration }}"