openstack/openstack-ansible-lxc_hosts
Code Issues Proposed changes
Files
f179f21a6695269259091f4ef1b37630527185e9
openstack-ansible-lxc_hosts/defaults/main.yml
Kevin Carter f179f21a66 Clean-up old systemd prep and allow machinctl to grow 
The machinectl cache is currently set image to 16G by default. If
multiple container images are imported into the cache this may be too
small by default. This change sets the cache to "64G" by default allowing
the cache more room to grow by.

This change also disables the quota system once the limit has been set
The option `lxc_host_machine_quota_disabled` has been added to disable or
enable the quota system as needed. This is done after the default limit has
been set so an adequately sized sparce file can be created should it not
already exist.

> More documentation can be seen here [0] with regard to the set-limit
  option.

Because we support both modern and older systemd, the cache prep tasks
for old systemd have been updated so that deployers using earlier
versions of systemd can benefit from the ability to grow an existing
cache via playbook run.

[0] https://www.freedesktop.org/software/systemd/man/machinectl.html#set-limit%20%5BNAME%5D%20BYTES

Closes-Bug: #1745361
Change-Id: I85fefc6ce186bb6808ac37a9ea79a50e29671115
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2018-02-12 15:30:14 +00:00

203 lines
8.0 KiB
YAML
Raw Blame History

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Validate certificates when downloading LXC templates
lxc_hosts_validate_certs: yes
# Set the package install state for distribution and pip packages
# Options are 'present' and 'latest'
lxc_hosts_package_state: "latest"
lxc_hosts_pip_package_state: "latest"
# Mappings from Ansible reported architecture to distro release architecture
lxc_architecture_mapping:
x86_64: amd64
ppc64le: ppc64el
s390x: s390x
armv7l: armhf
# Set the volume size in gigabytes for the machine image caches.
lxc_host_machine_volume_size: "64G"
# Disable the machinctl quota system.
lxc_host_machine_quota_disabled: true
# DefaultTasksMax systemd value. It's not recommended to change this value as it
# could prevent new processes from starting on busy containers.
lxc_default_tasks_max: 8192
# lxc container rootfs directory and cache path
lxc_container_directory: "/var/lib/lxc"
lxc_container_cache_path: "/var/cache/lxc/download"
# The container backing store can be set to 'overlayfs' to use overlayfs
# This should only be done for production use with a linux kernel > 3.14
# which is when overlayfs was merged into the mainline kernel
# lxc_container_backing_store: overlayfs
# The container backing method can be set to 'copy-on-write' to use LVM
# snapshot-backed containers when the container backing store is set to
# 'lvm'.
# lxc_container_backing_method: copy-on-write
# When using a base container to snapshot from for the overlayfs or LVM
# copy-on-write backing stored, the base container can be set.
lxc_container_base_name: "{{ lxc_cache_map.distro }}-{{ lxc_cache_map.release }}-{{ lxc_cache_map.arch }}"
# Set the default zfs root name
lxc_container_zfs_root_name: "pool/lxc"
# lxc container net network
lxc_net_bridge: lxcbr0
lxc_net_bridge_port: none
lxc_net_address: 10.0.3.1
lxc_net_netmask: 255.255.255.0
lxc_net_gateway: null ## if null, no gateway will be on the LXC bridge. lxc_net_nat must be "false" to use a gateway.
#lxc_net_mtu: 1500 ##setting this variable will add mtu configuration for the lxc config and network bridge
# lxc container nat enabled
lxc_net_nat: true ## If "true", nat rules will be created with the lxc network.
# Enable iptables for lxc network
lxc_net_manage_iptables: true ## If "true" iptables rules will be added when the bridge is up and deleted when bridge is down
# lxc container dhcp settings
lxc_net_dhcp_range: 10.0.3.2,10.0.3.253
lxc_net_dhcp_max: 253
lxc_net_dhcp_config: ''
lxc_net_dnsmasq_user: lxc-dnsmasq
lxc_net_domain: ''
# lxc network ipv6 settings
lxc_net6_address: null ## ie. fd05:ffb8:32b4:1212::1
lxc_net6_netmask: null ## ie. 64
lxc_net6_nat: false
# lxc_container_net_link variable should be set to the lxc-net bridge.
lxc_container_net_link: "{{ lxc_net_bridge }}" ## name of the host bridge to attach to
lxc_container_net_type: veth ## lxc network interface type (veth, phys, vlan, macvlan, empty)
lxc_container_net_name: eth0 ## name of the interface inside the container.
# System control kernel tuning
lxc_kernel_options:
- { key: 'fs.inotify.max_user_instances', value: 1024 }
lxc_pip_packages:
- lxc-python2
lxc_cache_sshd_configuration:
- { regexp: "^PermitRootLogin", line: "PermitRootLogin yes" }
- { regexp: "^TCPKeepAlive", line: "TCPKeepAlive yes" }
- { regexp: "^UseDNS", line: "UseDNS no" }
- { regexp: "^X11Forwarding", line: "X11Forwarding no" }
- { regexp: "^PasswordAuthentication", line: "PasswordAuthentication no" }
# The compression ratio used when creating the container cache rootfs archive
lxc_image_compression_ratio: 0
# A list of files may be copied into the container image cache from the
# deployment host during its preparation.
# Example:
# lxc_container_cache_files:
# - src: "/etc/openstack_deploy/files/etc/issue"
# dest: "/etc/issue"
lxc_container_cache_files: []
# A list of files may be copied into the container image cache from the
# LXC host during its preparation.
# Example:
# lxc_container_cache_files_from_host:
# - "/etc/apt/sources.list.d/myrepo.list"
lxc_container_cache_files_from_host: []
# DNS servers to use during cache preparation
lxc_cache_prep_dns:
- "{{ lxc_net_address }}"
# Custom shell commands to run before/after the LXC cache prep process has taken
# place.
lxc_cache_prep_pre_commands: '## pre command skipped ##'
lxc_cache_prep_post_commands: '## post command skipped ##'
# List of packages to be installed into the base container cache
lxc_cache_distro_packages: "{{ _lxc_cache_distro_packages }}"
# The maximum amount of time (in seconds) to wait until failing the cache
# preparation process. This is necessary to mitigate the issue that can
# arise where the cache prep hangs and never fails.
# The value is specified in seconds, with the default being 20 minutes.
lxc_cache_prep_timeout: 1200
# Set the servers to download LXC images from
# NOTE(mhayden): The main images.linuxcontainers.org site will redirect
# requests to (us|uk).images.linuxcontainers.org upon the first request. We
# add the mirrors here to get around some HTTP 400 errors and allow aria2 to
# download from both mirrors at the same time.
lxc_image_cache_server_mirrors:
- https://us.images.linuxcontainers.org
- https://uk.images.linuxcontainers.org
# The DNS name of the LXD server to source the base container cache from
# NOTE(cloudnull): This var should be removed in R.
lxc_image_cache_server: "{{ lxc_image_cache_server_mirrors[0].strip('http(?s)://') }}"
# Local path to cached image
lxc_image_cache_path: "/var/lib/machines/{{ lxc_container_base_name }}"
# Mode to pull image. This is used to pull the image from a remote source.
# Valid options are [import-tar, import-raw]
lxc_image_cache_pull_mode: import-tar
# Set this option to true to pull a new cached image.
lxc_image_cache_refresh: false
# The keyservers to use when validating GPG keys for the downloaded cache
lxc_image_cache_primary_keyserver: hkp://p80.pool.sks-keyservers.net:80
lxc_image_cache_secondary_keyserver: hkp://keyserver.ubuntu.com:80
## Default download template options
## This can be customized to use a local build server and options.
## By default these options will be fulfilled by the distro specific
## variable files found in vars/
# lxc_cache_download_template_options: >
# --dist NAME_OF_DISTRO
# --release DISTRO_RELEASE
# --arch CONTAINER_ARCH
# --force-cache
# --server SERVER_TO_GET_IMAGES_FROM
lxc_cache_default_variant: default
lxc_cache_download_template_extra_options: ""
lxc_cache_download_template_options: >-
--dist {{ lxc_cache_map.distro }}
--release {{ lxc_cache_map.release }}
--arch {{ lxc_cache_map.arch }}
--force-cache
--server {{ lxc_image_cache_server }}
--variant {{ lxc_cache_default_variant }}
{{ lxc_cache_download_template_extra_options }}
# LXC must be installed from a COPR repository on CentOS 7 since the version
# provided in EPEL is much too old (1.x).
lxc_centos_package_baseurl: https://copr-be.cloud.fedoraproject.org/results/thm/lxc2.0/epel-7-x86_64/
lxc_centos_package_key: https://copr-be.cloud.fedoraproject.org/results/thm/lxc2.0/pubkey.gpg
## Set default mirror for openSUSE repositories
# NOTE(hwoarang): Ensure that the full path to the 'opensuse' directory is used.
# Additionally, set 'lxc_hosts_opensuse_mirror_obs_url' to a mirror which also mirrors
# the OBS repositories. If you want to use the same mirror in both cases, then leave the
# 'lxc_hosts_opensuse_mirror_obs_url' to its default value.
lxc_hosts_opensuse_mirror_url: 'http://download.opensuse.org'
lxc_hosts_opensuse_mirror_obs_url: "{{ lxc_hosts_opensuse_mirror_url }}"
View Git Blame Copy Permalink