openstack/openstack-ansible-lxc_hosts
Code Issues Proposed changes
df71862a17
openstack-ansible-lxc_hosts/tasks/lxc_post_install.yml
Kevin Carter 89dc180ca4 Update the option uts name in the machinectl template 
The machinectl template was running with the legacy uts name option.
This change updates that option so that it uses the hash and major
version to update the config variable.

Change-Id: I85b5c92422116b139e447330214b2d6b5afbf948
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
2018-10-10 00:59:34 +00:00

139 lines
4.8 KiB
YAML
Raw Blame History

---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Ensure the lxc dnsmasq user exists
user:
name: "{{ lxc_net_dnsmasq_user }}"
comment: "LXC dnsmasq"
system: "yes"
shell: "/bin/false"
home: "/var/lib/lxc"
tags:
- lxc-dnsmasq-user
- name: Drop base config file(s)
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ item.owner|default('root') }}"
group: "{{ item.group|default('root') }}"
mode: "{{ item.mode|default('0644') }}"
with_items:
- { src: lxc-openstack.conf.j2, dest: "/etc/lxc/lxc-openstack.conf" }
- { src: lxc.default.j2, dest: "{{ system_config_dir }}/lxc-net", mode: "0644" }
- { src: lxc-system-manage.j2, dest: "/usr/local/bin/lxc-system-manage", mode: "0755" }
tags:
- lxc-files
- lxc-config
- name: Pull lxc version
command: "lxc-ls --version"
changed_when: false
register: lxc_version
tags:
- skip_ansible_lint
- name: Enable or Disable lxc three syntax
set_fact:
lxc_major_version: "{{ lxc_version.stdout.split('.')[0] }}"
- name: Create machinectl base template
template:
src: "lxc-machinectl.j2"
dest: "/usr/share/lxc/templates/lxc-machinectl"
owner: "root"
group: "root"
mode: "0755"
- name: Drop lxc veth check script
copy:
src: "lxc-veth-check.sh"
dest: "/usr/local/bin/lxc-veth-check"
owner: "root"
group: "root"
mode: "0755"
tags:
- lxc-files
- lxc-config
- name: Set systemd DefaultTasksMax value
lineinfile:
dest: /etc/systemd/system.conf
state: present
regexp: "^.*DefaultTasksMax.*$"
line: "DefaultTasksMax={{ lxc_default_tasks_max }}"
when:
- ansible_service_mgr == 'systemd'
notify:
- Reload systemd units
tags:
- lxc-config
# NOTE(hwoarang): The previous task only affected newly created services.
# However, for particular systemd versions like v228 the default one for
# started scopes is 512
# See https://github.com/systemd/systemd/commit/9ded9cd14cc03c67291b10a5c42ce5094ba0912f
# This has later been fixed in v231
# https://github.com/systemd/systemd/commit/79baeeb96d58676853521e10a358e85d83dac7f1
# The only way to change the value for already started services and scopes is
# by using the sysfs interface. Moreover, it appears that lxc places itself into the
# init.scope group which is being created during boot and as such it always uses
# the default value. There are variours reports that the init.scope breaks things
# for LXC such as
# https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1497420
# https://github.com/lxc/lxc/issues/713
# https://bugs.archlinux.org/index.php?do=details&action=details.addvote&task_id=47303
# In any case, it's best to also edit the pids controller to ensure that a
# better max value is used in the init.scope
- name: Check that the init.scope support the pid controller
stat:
path: "/sys/fs/cgroup/pids/init.scope/pids.max"
register: _init_scope_pid
tags:
- lxc-config
- block:
- name: Get init.scope pids.max value
slurp:
src: "/sys/fs/cgroup/pids/init.scope/pids.max"
register: init_scope_cgroup_pids_max
changed_when: false
# NOTE(cloudnull): The "shell" module is being used instead of "copy" with
# content as we need direct write access to the sysFS.
- name: Set systemd pids.max in init.scope
shell: "echo {{ lxc_default_tasks_max }} > /sys/fs/cgroup/pids/init.scope/pids.max"
when:
- (init_scope_cgroup_pids_max.content | b64decode) != lxc_default_tasks_max
tags:
- skip_ansible_lint
rescue:
- name: Notice regarding setting the init.scope/pids.max
debug:
msg: |
Failed writing to "/sys/fs/cgroup/pids/init.scope/pids.max". While
we prefer setting this option it's not required. See the following
issues on why this is desired and what can be done when the cgroup
hierarchy exists.
* https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1497420
* https://github.com/lxc/lxc/issues/713
* https://bugs.archlinux.org/index.php?do=details&action=details.addvote&task_id=47303
when: _init_scope_pid.stat.exists
tags:
- lxc-config
# Ensure apparmor reindex runs before other things that may fail
- meta: flush_handlers
View Git Blame Copy Permalink