986c648479
- bump version to 2.0.6 - check sha256sum Change-Id: Ifdd0228ef1916247988f9541d93016a750b4c56a
248 lines
6.6 KiB
YAML
248 lines
6.6 KiB
YAML
---
|
|
# Copyright 2016, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Install yum packages
|
|
yum:
|
|
pkg: "{{ item }}"
|
|
state: present
|
|
register: install_packages
|
|
until: install_packages|success
|
|
retries: 5
|
|
delay: 2
|
|
with_items: "{{ lxc_hosts_distro_packages }}"
|
|
tags:
|
|
- lxc-packages
|
|
|
|
- name: Create base directories
|
|
file:
|
|
path: "/opt/lxc_embedded"
|
|
state: "directory"
|
|
owner: "root"
|
|
group: "root"
|
|
tags:
|
|
- lxc-directories
|
|
|
|
- name: download file with sha256 check
|
|
get_url:
|
|
url: "{{ lxc_download_url }}"
|
|
dest: "/opt/lxc_embedded/{{ lxc_download_url | basename }}"
|
|
checksum: "sha256:{{ lxc_sha256sum }}"
|
|
register: source_download
|
|
tags:
|
|
- lxc-source
|
|
- lxc-source-download
|
|
|
|
- name: Move lxc cached image into place
|
|
unarchive:
|
|
src: "/opt/lxc_embedded/{{ lxc_download_url | basename }}"
|
|
dest: "/opt/lxc_embedded/"
|
|
copy: "no"
|
|
when: source_download|changed
|
|
tags:
|
|
- lxc-source
|
|
- lxc-source-unarchive
|
|
# don't trigger ANSIBLE0016
|
|
- skip_ansible_lint
|
|
|
|
- name: Create new linked lib location
|
|
copy:
|
|
content: "/opt/lxc_embedded/x86_64-linux-gnu"
|
|
dest: "/etc/ld.so.conf.d/lxc-x86_64.conf"
|
|
mode: "0644"
|
|
tags:
|
|
- lxc-source
|
|
- lxc-ldconfig
|
|
|
|
- name: Create python3 link
|
|
file:
|
|
src: /usr/bin/python3.4
|
|
dest: /usr/bin/python3
|
|
state: link
|
|
tags:
|
|
- lxc-source
|
|
|
|
- name: Build and install LXC
|
|
command: '{{ item }}'
|
|
args:
|
|
creates: /opt/lxc_embedded/bin/lxc-ls
|
|
chdir: "/opt/lxc_embedded/{{ lxc_download_url | basename | replace('.tar.gz', '') }}"
|
|
environment:
|
|
PYTHONDEV_CFLAGS: "-I/usr/include/python3.4m"
|
|
PYTHONDEV_LIBS: "-lpython3.4m"
|
|
changed_when: false
|
|
with_items:
|
|
- ./autogen.sh
|
|
- ./configure --prefix=/opt/lxc_embedded
|
|
--libdir=/opt/lxc_embedded/x86_64-linux-gnu
|
|
--libexecdir=/opt/lxc_embedded/x86_64-linux-gnu
|
|
--with-rootfs-path=/opt/lxc_embedded/x86_64-linux-gnu/lxc
|
|
--sysconfdir=/etc
|
|
--localstatedir=/var
|
|
--with-config-path=/var/lib/lxc
|
|
--with-distro={{ ansible_distribution | lower }}
|
|
--with-init-script=systemd
|
|
--enable-seccomp
|
|
--enable-python
|
|
--enable-doc
|
|
--enable-rpath
|
|
--enable-selinux
|
|
--enable-capabilities
|
|
--enable-configpath-log
|
|
--disable-tests
|
|
--disable-lua
|
|
- make
|
|
- make install
|
|
tags:
|
|
- lxc-source
|
|
- lxc-source-compile
|
|
|
|
- name: Ensure embedded LXC is within the PATH
|
|
lineinfile:
|
|
dest: "{{ item.dest }}"
|
|
line: "{{ item.line }}"
|
|
create: "true"
|
|
with_items:
|
|
- { dest: "/etc/profile.d/lxc-path.sh", line: "pathmunge /opt/lxc_embedded/bin" }
|
|
tags:
|
|
- lxc-source
|
|
- lxc-path
|
|
|
|
- name: Remove sub system lock if found
|
|
file:
|
|
path: "/var/lock/subsys/lxc"
|
|
state: "absent"
|
|
owner: "root"
|
|
group: "root"
|
|
tags:
|
|
- lxc-directories
|
|
|
|
- name: Drop post up script
|
|
copy:
|
|
content: |
|
|
#!/usr/bin/env bash
|
|
if [ "${DEVICE}" == "{{ lxc_net_bridge }}" ];then
|
|
if [ "{{ lxc_net_nat }}" == "True" ];then
|
|
/usr/local/bin/lxc-system-manage iptables-create
|
|
/usr/local/bin/lxc-system-manage dnsmasq-start || true
|
|
fi
|
|
fi
|
|
dest: "/etc/sysconfig/network-scripts/ifup-post-{{ lxc_net_bridge }}"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0755"
|
|
tags:
|
|
- lxc-post-up
|
|
|
|
- name: Drop post down script
|
|
copy:
|
|
content: |
|
|
#!/usr/bin/env bash
|
|
if [ "${DEVICE}" == "{{ lxc_net_bridge }}" ];then
|
|
if [ "{{ lxc_net_nat }}" == "True" ];then
|
|
/usr/local/bin/lxc-system-manage dnsmasq-stop
|
|
/usr/local/bin/lxc-system-manage iptables-remove
|
|
fi
|
|
fi
|
|
dest: "/etc/sysconfig/network-scripts/ifdown-post-{{ lxc_net_bridge }}"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0755"
|
|
tags:
|
|
- lxc-post-down
|
|
|
|
- name: Create networking post-up data
|
|
lineinfile:
|
|
dest: "{{ item.dest }}"
|
|
line: "{{ item.line }}"
|
|
insertbefore: "^exit\ 0$"
|
|
with_items:
|
|
- dest: "/etc/sysconfig/network-scripts/ifup-post"
|
|
line: ". /etc/sysconfig/network-scripts/ifup-post-{{ lxc_net_bridge }}"
|
|
tags:
|
|
- lxc-post-up
|
|
|
|
- name: Create networking post-down data
|
|
lineinfile:
|
|
dest: "{{ item.dest }}"
|
|
line: "{{ item.line }}"
|
|
insertbefore: "^exit\ 0$"
|
|
with_items:
|
|
- dest: "/etc/sysconfig/network-scripts/ifdown-post"
|
|
line: ". /etc/sysconfig/network-scripts/ifdown-post-{{ lxc_net_bridge }}"
|
|
tags:
|
|
- lxc-post-down
|
|
|
|
- name: Link embedded lxc to python3
|
|
shell: >
|
|
find /opt/lxc_embedded/lib64/python3.4/site-packages/* -maxdepth 0 | xargs -n1 ln -sf
|
|
args:
|
|
chdir: /usr/lib64/python3.4
|
|
changed_when: false
|
|
tags:
|
|
- lxc-links
|
|
|
|
- name: Run ldconfig to make sure all libs are linked
|
|
command: ldconfig -v
|
|
changed_when: false
|
|
tags:
|
|
- lxc-links
|
|
|
|
# This is needed because Ansible will not read an exported PATH and the default path is too restrictive
|
|
- name: Update the sudoers defaults
|
|
lineinfile:
|
|
dest: /etc/sudoers
|
|
state: present
|
|
regexp: '{{ item.regexp }}'
|
|
line: '{{ item.line }}'
|
|
validate: 'visudo -cf %s'
|
|
with_items:
|
|
- regexp: '^Defaults.*env_reset.*'
|
|
line: 'Defaults env_reset'
|
|
- regexp: '^Defaults.*secure_path.*'
|
|
line: 'Defaults secure_path="/opt/lxc_embedded/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
|
|
tags:
|
|
- lxc-path
|
|
|
|
- name: Enable lxc service
|
|
service:
|
|
name: lxc
|
|
enabled: "yes"
|
|
|
|
- name: Create directory for compiling SELinux rule
|
|
file:
|
|
path: "/tmp/lxc-attach-selinux/"
|
|
state: 'directory'
|
|
mode: '0755'
|
|
|
|
- name: Drop SELinux config
|
|
copy:
|
|
src: "lxc-attach.te"
|
|
dest: "/tmp/lxc-attach-selinux/lxc-attach.te"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0755"
|
|
|
|
- name: Compile and load SELinux module
|
|
command: '{{ item }}'
|
|
args:
|
|
creates: '/etc/selinux/targeted/modules/active/modules/lxc-attach.pp'
|
|
chdir: "/tmp/lxc-attach-selinux/"
|
|
with_items:
|
|
- make -f /usr/share/selinux/devel/Makefile
|
|
- semodule -i /tmp/lxc-attach-selinux/lxc-attach.pp
|
|
when:
|
|
- ansible_selinux.status == "enabled"
|
|
|