89625e66b0
The machined pull does not utilize the lxc_cache_environment variable to configure its environment, so it will not use proxies. This fixes machined to properly configure its environment so pulls can operate through proxies. Based on https://wbl.krm.io/howto-proxify-systemd-machined/ Change-Id: I17c452a8ba67561435737ee9d672219a2e306489
143 lines
4.3 KiB
YAML
143 lines
4.3 KiB
YAML
---
|
|
# Copyright 2015, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Pull SystemD Version
|
|
command: "systemctl --version"
|
|
changed_when: false
|
|
register: systemd_version
|
|
|
|
- name: Retrieve Image Index
|
|
uri:
|
|
url: "{{ lxc_image_cache_server }}/meta/1.0/index-system"
|
|
return_content: yes
|
|
register: image_index
|
|
|
|
- name: Set image index fact
|
|
set_fact:
|
|
lxc_images: >
|
|
{%- set images = [] %}
|
|
{%- for image in image_index.content.splitlines() %}
|
|
{%- if image | match("^" + cache_index_item) %}
|
|
{%- set _ = images.append(image) %}
|
|
{%- endif %}
|
|
{%- endfor %}
|
|
{{- images -}}
|
|
|
|
- block:
|
|
- name: Create machined proxy override unit directories
|
|
file:
|
|
path: "/etc/systemd/system/{{ item }}"
|
|
owner: root
|
|
group: root
|
|
mode: '0755'
|
|
state: directory
|
|
with_items:
|
|
- systemd-machined.service.d
|
|
- systemd-importd.service.d
|
|
|
|
- name: Drop the machined proxy override units
|
|
template:
|
|
src: systemd-proxy-unit.conf.j2
|
|
dest: /etc/systemd/system/{{ item }}/proxy.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
with_items:
|
|
- systemd-machined.service.d
|
|
- systemd-importd.service.d
|
|
when: lxc_cache_environment.keys() | length > 0
|
|
|
|
- include: "lxc_cache_preparation_systemd_{{ (systemd_version.stdout_lines[0].split()[-1] | int > 219) | ternary('new', 'old') }}.yml"
|
|
|
|
- name: Generate apt keys from LXC host for the container cache
|
|
shell: apt-key exportall > /root/repo.keys
|
|
changed_when: False
|
|
when:
|
|
- ansible_pkg_mgr == 'apt'
|
|
|
|
# TODO(evrardjp): replace this with a copy with remote_src: True
|
|
# when ansible2.0 will be supported
|
|
- name: Rsyncing files from the LXC host to the container cache
|
|
shell: |
|
|
if [[ -e "{{ item }}" ]]; then
|
|
rsync -av "{{ item }}" "{{ lxc_image_cache_path }}{{ item }}"
|
|
fi
|
|
args:
|
|
executable: "/bin/bash"
|
|
with_items: "{{ lxc_cache_map.copy_from_host }}"
|
|
tags:
|
|
- skip_ansible_lint
|
|
|
|
- name: Copy files from deployment host to the container cache
|
|
copy:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ lxc_image_cache_path }}{{ item.dest | default(item.src) }}"
|
|
owner: "{{ item.owner | default('root') }}"
|
|
group: "{{ item.group | default('root') }}"
|
|
mode: "{{ item.mode | default('0644') }}"
|
|
with_items: "{{ lxc_container_cache_files }}"
|
|
|
|
- name: Cached image preparation script
|
|
copy:
|
|
content: |
|
|
#!/usr/bin/env bash
|
|
set -e -x
|
|
{{ lxc_cache_map.cache_prep_commands }}
|
|
dest: "{{ lxc_image_cache_path }}/usr/local/bin/cache-prep-commands.sh"
|
|
mode: "0755"
|
|
|
|
# This task runs several commands against the cached image to speed up the
|
|
# lxc_container_create playbook.
|
|
- name: Prepare cached image setup commands
|
|
command: "chroot {{ lxc_image_cache_path }} /usr/local/bin/cache-prep-commands.sh"
|
|
changed_when: false
|
|
|
|
- name: Adjust sshd configuration in container
|
|
lineinfile:
|
|
dest: "{{ lxc_image_cache_path }}/etc/ssh/sshd_config"
|
|
regexp: "{{ item.regexp }}"
|
|
line: "{{ item.line }}"
|
|
state: present
|
|
with_items: "{{ lxc_cache_sshd_configuration }}"
|
|
|
|
- name: Obtain the deploy system's ssh public key
|
|
set_fact:
|
|
lxc_container_ssh_key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
|
|
when: lxc_container_ssh_key is not defined
|
|
|
|
- name: Deploy ssh public key into the cached image
|
|
lineinfile:
|
|
dest: "{{ lxc_image_cache_path }}/root/.ssh/authorized_keys"
|
|
line: "{{ lxc_container_ssh_key }}"
|
|
create: true
|
|
|
|
- name: Remove generated apt keys from LXC host
|
|
file:
|
|
path: /root/repo.keys
|
|
state: absent
|
|
when:
|
|
- ansible_pkg_mgr == 'apt'
|
|
changed_when: False
|
|
|
|
- name: Remove requiretty for sudo on centos
|
|
template:
|
|
dest: "{{ lxc_image_cache_path }}/etc/sudoers.d/openstack-ansible"
|
|
owner: root
|
|
group: root
|
|
mode: "0440"
|
|
src: sudoers.j2
|
|
when:
|
|
- ansible_pkg_mgr == 'yum'
|