b7a4e017f1
Change-Id: I8f9fa9a3795add5e695a731411f9b13187ced43f
162 lines
5.5 KiB
YAML
162 lines
5.5 KiB
YAML
---
|
|
# Copyright 2015, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Pull systemd version
|
|
command: "systemctl --version"
|
|
changed_when: false
|
|
register: systemd_version
|
|
tags:
|
|
# Avoid ANSIBLE0006 lint issue: systemctl used in place of systemd module
|
|
- skip_ansible_lint
|
|
- always
|
|
|
|
- block:
|
|
- name: Create machined proxy override unit directories
|
|
file:
|
|
path: "/etc/systemd/system/{{ item }}"
|
|
owner: root
|
|
group: root
|
|
mode: '0755'
|
|
state: directory
|
|
with_items:
|
|
- systemd-machined.service.d
|
|
- systemd-importd.service.d
|
|
|
|
- name: Drop the machined proxy override units
|
|
template:
|
|
src: systemd-proxy-unit.conf.j2
|
|
dest: /etc/systemd/system/{{ item }}/proxy.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
with_items:
|
|
- systemd-machined.service.d
|
|
- systemd-importd.service.d
|
|
when:
|
|
- (deployment_environment_variables | default({})).keys() | length > 0
|
|
|
|
- include_tasks: lxc_volume.yml
|
|
|
|
- include_tasks: "lxc_cache_preparation_systemd_{{ (systemd_version.stdout_lines[0].split()[-1] | int > 219) | ternary('new', 'old') }}.yml"
|
|
|
|
- name: Set the qgroup limits
|
|
block:
|
|
- name: Set the qgroup size|compression limits on machines
|
|
command: "btrfs qgroup limit {{ item }} {{ lxc_image_cache_path }}"
|
|
changed_when: false
|
|
with_items:
|
|
- "-e {{ lxc_host_machine_qgroup_space_limit }}"
|
|
- "-c {{ lxc_host_machine_qgroup_compression_limit }}"
|
|
when:
|
|
- not lxc_host_machine_quota_disabled
|
|
rescue:
|
|
- name: Notice regarding quota system
|
|
debug:
|
|
msg: >-
|
|
There was an error processing the setup of qgroups. Check the system
|
|
to ensure they're available otherwise disable the quota system by
|
|
setting `lxc_host_machine_quota_disabled` to true.
|
|
|
|
# NOTE(cloudnull): We're using rsync and an if block because we've no means
|
|
# to loop over a block. Re-evaluate this task when/if this is
|
|
# merged https://github.com/ansible/ansible/issues/13262
|
|
- name: Rsyncing files from the LXC host to the container cache
|
|
shell: |
|
|
if [[ -e "{{ item }}" ]]; then
|
|
rsync -av "{{ item }}" "{{ lxc_image_cache_path }}{{ item }}"
|
|
else
|
|
exit 3
|
|
fi
|
|
changed_when: _rsync_container_cache.rc == 0
|
|
failed_when: _rsync_container_cache.rc not in [0, 3]
|
|
register: _rsync_container_cache
|
|
args:
|
|
executable: "/bin/bash"
|
|
with_items: "{{ (lxc_cache_map.copy_from_host | union(lxc_container_cache_files_from_host)) | list }}"
|
|
|
|
- name: Ensure directories exist for lxc_container_cache_files
|
|
file:
|
|
dest: "{{ lxc_image_cache_path }}{{ item.dest | default(item.src) | dirname }}"
|
|
state: directory
|
|
with_items: "{{ lxc_container_cache_files }}"
|
|
|
|
- name: Copy files from deployment host to the container cache
|
|
copy:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ lxc_image_cache_path }}{{ item.dest | default(item.src) }}"
|
|
owner: "{{ item.owner | default('root') }}"
|
|
group: "{{ item.group | default('root') }}"
|
|
mode: "{{ item.mode | default('0644') }}"
|
|
with_items: "{{ lxc_container_cache_files }}"
|
|
|
|
- name: Ensure opt directory exists in container
|
|
file:
|
|
dest: "{{ lxc_image_cache_path }}/opt"
|
|
state: directory
|
|
|
|
- name: Cached image preparation script
|
|
template:
|
|
src: "{{ lxc_cache_prep_template }}"
|
|
dest: "{{ lxc_image_cache_path }}/opt/cache-prep-commands.sh"
|
|
mode: "0755"
|
|
|
|
# This task runs several commands against the cached image to speed up the
|
|
# lxc_container_create playbook.
|
|
- name: Prepare cached image setup commands
|
|
shell: "chroot {{ lxc_image_cache_path }} /opt/cache-prep-commands.sh > /var/log/lxc-cache-prep-commands.log 2>&1"
|
|
changed_when: false
|
|
async: "{{ lxc_cache_prep_timeout | int }}"
|
|
poll: 0
|
|
register: _lxc_cache_prepare_commands
|
|
|
|
- name: Obtain the deploy system's ssh public key
|
|
set_fact:
|
|
lxc_container_ssh_key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
|
|
when: lxc_container_ssh_key is not defined
|
|
|
|
- name: Deploy ssh public key into the cached image
|
|
lineinfile:
|
|
dest: "{{ lxc_image_cache_path }}/root/.ssh/authorized_keys"
|
|
line: "{{ lxc_container_ssh_key }}"
|
|
create: true
|
|
|
|
# NOTE(cloudnull): Wait for the cache preparation script has completed before
|
|
# building the new RootFS
|
|
- name: Ensure that the LXC cache has been prepared
|
|
async_status:
|
|
jid: "{{ _lxc_cache_prepare_commands.ansible_job_id }}"
|
|
register: _lxc_cache_prepare_commands_result
|
|
until: _lxc_cache_prepare_commands_result.finished
|
|
delay: 10
|
|
retries: "{{ lxc_cache_prep_timeout | int // 10 }}"
|
|
|
|
- name: Remove requiretty for sudo on centos
|
|
template:
|
|
dest: "{{ lxc_image_cache_path }}/etc/sudoers.d/openstack-ansible"
|
|
owner: root
|
|
group: root
|
|
mode: "0440"
|
|
src: sudoers.j2
|
|
when:
|
|
- ansible_pkg_mgr == 'yum'
|
|
|
|
- name: Adjust sshd configuration in container
|
|
lineinfile:
|
|
dest: "{{ lxc_image_cache_path }}/etc/ssh/sshd_config"
|
|
regexp: "{{ item.regexp }}"
|
|
line: "{{ item.line }}"
|
|
state: present
|
|
with_items: "{{ lxc_cache_sshd_configuration }}"
|