bb2e7a08a0
The current LXC cache preparation copies the DNS resolver config from the host into the container. When the host has been setup with a DNS caching system like 'unbound' running on it, the host's resolv.conf contains only a localhost nameserver entry which will not work from inside the container. The Ubuntu containers use resolvconf by default. Resolvconf gathers the DNS settings from each interface configured and compiles /etc/resolv.conf from the interface information. This results in a nameserver list which will start with the LXC dnsmasq service which runs on lxcbr0. This service uses the host's DNS configuration for name resolution. In effect, therefore, when the containers use the DNS service on lxcbr0, the host does the resolution and responds to the container. This means far less moving parts and a far more predictable implementation for name resolution. This patch implements the changes necessary for this strategy to work. Change-Id: Ib139af5221dbb1f479ca068e472cf0e8aa828a8d
154 lines
4.1 KiB
YAML
154 lines
4.1 KiB
YAML
---
|
|
# Copyright 2016, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
## APT Cache Options
|
|
cache_timeout: 600
|
|
|
|
# Required apt packages.
|
|
lxc_packages:
|
|
- apparmor
|
|
- apparmor-utils
|
|
- bridge-utils
|
|
- cgmanager
|
|
- cgroup-lite
|
|
- debootstrap
|
|
- dnsmasq
|
|
- git
|
|
- irqbalance
|
|
- language-pack-en
|
|
- liblxc1
|
|
- lxc
|
|
- lxc-dev
|
|
- lxc-templates
|
|
- python-dev
|
|
- python3-lxc
|
|
- pxz
|
|
|
|
lxc_cache_map:
|
|
distro: ubuntu
|
|
arch: "{{ lxc_architecture_mapping.get( ansible_architecture ) }}"
|
|
release: trusty
|
|
copy_from_host:
|
|
- /etc/apt/sources.list
|
|
- /etc/apt/apt.conf.d/
|
|
- /root/repo.keys
|
|
cache_prep_commands: |
|
|
if [ -a /etc/resolv.conf ]; then
|
|
mv /etc/resolv.conf /etc/resolv.conf.org
|
|
fi
|
|
echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf
|
|
apt-key add /root/repo.keys
|
|
rm /root/repo.keys
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
apt-get update
|
|
apt-get install -y {{ lxc_cache_install_debconf }} {{ lxc_cache_packages | join(' ') }}
|
|
apt-get upgrade -y {{ lxc_cache_install_debconf }}
|
|
rm -f /usr/bin/python
|
|
ln -s /usr/bin/python2.7 /usr/bin/python
|
|
mkdir -p /root/.ssh
|
|
chmod 700 /root/.ssh
|
|
userdel --force --remove ubuntu || true
|
|
apt-get clean
|
|
mkdir -p /var/backup
|
|
if [ -f "/usr/lib/systemd/system/poweroff.target" ];then
|
|
ln -sf /usr/lib/systemd/system/poweroff.target /etc/systemd/system/sigpwr.target || true
|
|
fi
|
|
ln -s /dev/null /etc/systemd/system/systemd-udevd.service || true
|
|
ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket || true
|
|
ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket || true
|
|
ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount || true
|
|
echo -e '{{ lxc_container_default_interfaces }}' | tee /etc/network/interfaces
|
|
mkdir -p /etc/network/interfaces.d
|
|
chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
|
|
if [ -a /etc/resolv.conf.org ]; then
|
|
mv /etc/resolv.conf.org /etc/resolv.conf
|
|
else
|
|
rm -f /etc/resolv.conf
|
|
fi
|
|
|
|
# This forces any modified configurations to remain, and any unmodified configs to be replaced
|
|
# ref: http://serverfault.com/questions/259226/automatically-keep-current-version-of-config-files-when-apt-get-install
|
|
lxc_cache_install_debconf: '-o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes'
|
|
|
|
lxc_cache_packages:
|
|
- apt-transport-https
|
|
- bridge-utils
|
|
- bsdmainutils
|
|
- build-essential
|
|
- ca-certificates
|
|
- cgmanager
|
|
- cgmanager-utils
|
|
- cgroup-lite
|
|
- comerr-dev
|
|
- curl
|
|
- debconf-utils
|
|
- debhelper
|
|
- dh-apparmor
|
|
- gettext
|
|
- gir1.2-glib-2.0
|
|
- git
|
|
- groff-base
|
|
- intltool-debian
|
|
- iptables
|
|
- iso-codes
|
|
- krb5-multidev
|
|
- libcgmanager-dev
|
|
- libdbus-1-dev
|
|
- libdbus-glib-1-2
|
|
- libdevmapper-event1.02.1
|
|
- libexpat1-dev
|
|
- libffi-dev
|
|
- libpq-dev
|
|
- libpq5
|
|
- libpython-dev
|
|
- libxml2-dev
|
|
- libxslt1-dev
|
|
- libxslt1.1
|
|
- lvm2
|
|
- openssh-server
|
|
- python2.7
|
|
- python-apt
|
|
- python-apt-common
|
|
- python-dev
|
|
- python-pycurl
|
|
- python-software-properties
|
|
- python3-apt
|
|
- python3-dbus
|
|
- python3-gi
|
|
- python3-minimal
|
|
- python3-pycurl
|
|
- python3-software-properties
|
|
- software-properties-common
|
|
- sqlite3
|
|
- ssh
|
|
- sshpass
|
|
- time
|
|
|
|
lxc_cached_network_interfaces:
|
|
- src: "lxc-net-bridge.cfg.j2"
|
|
dest: "/etc/network/interfaces.d/lxc-net-bridge.cfg"
|
|
|
|
lxc_container_default_interfaces: |
|
|
# The loopback network interface
|
|
auto lo
|
|
iface lo inet loopback
|
|
# LXC interface, this is ALWAYS assumed to be DHCP.
|
|
auto eth0
|
|
iface eth0 inet dhcp
|
|
# Load any additional configs
|
|
source /etc/network/interfaces.d/*.cfg
|
|
|
|
lxc_default_release: "trusty-backports"
|