From cb466cd385603482470fb070b69c3cb42eab2b13 Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin.carter@rackspace.com>
Date: Tue, 3 Jul 2018 18:54:43 -0500
Subject: [PATCH] Update nspawn role correcting several issues

The tempfiles template was being setup on the host, this causes host
machines to have an issue with journald on reboot due to the directory
being part of systemd-tmpfiles.

Nspawn container journals were not being written to the host. This was
fixed by changing try-guest to try-host, which will fall back to the
guest in the event that host journalling is not possible.

Systemd-nspawn containers were not starting on boot due to them needing
to wait for networking to be online. The base template has been updated
to ensure networking is online before starting containers.

Change-Id: I6af3923bd10091172e75cfb16c9146cd47f827a4
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
 handlers/main.yml                                 |  4 ----
 tasks/main.yml                                    | 15 ++-------------
 tasks/nspawn_cache.yml                            |  5 -----
 templates/prep-scripts/_container_sys_setup.sh.j2 |  6 ++++++
 templates/systemd-journald-tmpfiles.j2            |  3 ---
 templates/systemd-nspawn@.service.j2              |  8 +++++++-
 6 files changed, 15 insertions(+), 26 deletions(-)
 delete mode 100644 templates/systemd-journald-tmpfiles.j2

diff --git a/handlers/main.yml b/handlers/main.yml
index cbd9210..7961bb8 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -42,10 +42,6 @@
     state: absent
   changed_when: false
 
-- name: Create tmpfiles structure in journald
-  command: "systemd-tmpfiles --create --prefix /var/log/journal"
-  changed_when: false
-
 - name: Restart systemd-journald
   systemd:
     name: "systemd-journald"
diff --git a/tasks/main.yml b/tasks/main.yml
index cd97896..67d4e66 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -35,6 +35,8 @@
   tags:
     - always
 
+# NOTE(cloudnull): Because DNSMasq will be installed this task is required to
+#                  ensure we're never starting that service in an unknown state.
 - name: Prevent service from starting on install
   copy:
     content: |
@@ -73,8 +75,6 @@
     - /etc/systemd/network
     - /etc/systemd/journald.conf.d
     - /var/log/journal
-  notify:
-    - Create tmpfiles structure in journald
 
 - name: Create journald directories
   file:
@@ -85,23 +85,12 @@
     mode: "02755"
   with_items:
     - /var/log/journal
-  notify:
-    - Create tmpfiles structure in journald
-
-- name: Create journald tempfiles
-  template:
-    src: "systemd-journald-tmpfiles.j2"
-    dest: "/etc/tmpfiles.d/systemd-journald.conf"
-  notify:
-    - Create tmpfiles structure in journald
-    - Restart systemd-journald
 
 - name: Create journald tempfiles
   template:
     src: "systemd-journald-nspawn_host.conf.j2"
     dest: "/etc/systemd/journald.conf.d/systemd-journald-nspawn_host.conf"
   notify:
-    - Create tmpfiles structure in journald
     - Restart systemd-journald
 
 - include: nspawn_cache_prestage.yml
diff --git a/tasks/nspawn_cache.yml b/tasks/nspawn_cache.yml
index ccac686..081c0c5 100644
--- a/tasks/nspawn_cache.yml
+++ b/tasks/nspawn_cache.yml
@@ -109,11 +109,6 @@
   when:
     - nspawn_image_cache_refresh | bool
 
-- name: Create networkd directory
-  file:
-    path: "/var/lib/machines/{{ nspawn_container_base_name }}/etc/systemd/network"
-    state: directory
-
 - name: Create static MACs in the container
   copy:
     src: "/etc/systemd/network/99-default.link"
diff --git a/templates/prep-scripts/_container_sys_setup.sh.j2 b/templates/prep-scripts/_container_sys_setup.sh.j2
index e66a12c..aaaab85 100644
--- a/templates/prep-scripts/_container_sys_setup.sh.j2
+++ b/templates/prep-scripts/_container_sys_setup.sh.j2
@@ -17,6 +17,12 @@ mkdir -p /etc/ansible/facts.d
 # Create the backups directory
 mkdir -p /var/backup
 
+# Create networkd directory
+mkdir -p /etc/systemd/network
+
+# Remove the journal directory
+rm -rf /var/log/journal || true
+
 # Create the cache resolvers
 rm /etc/resolv.conf || true
 {% for resolver in nspawn_cache_prep_dns %}
diff --git a/templates/systemd-journald-tmpfiles.j2 b/templates/systemd-journald-tmpfiles.j2
deleted file mode 100644
index 73ab784..0000000
--- a/templates/systemd-journald-tmpfiles.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-# {{ ansible_managed }}
-
-D /var/log/journal 0755 root systemd-journal
diff --git a/templates/systemd-nspawn@.service.j2 b/templates/systemd-nspawn@.service.j2
index b51bdc2..61b5e39 100644
--- a/templates/systemd-nspawn@.service.j2
+++ b/templates/systemd-nspawn@.service.j2
@@ -1,3 +1,5 @@
+# {{ ansible_managed }}
+
 #  This file is part of systemd.
 #
 #  systemd is free software; you can redistribute it and/or modify it
@@ -11,9 +13,13 @@ Documentation=man:systemd-nspawn(1)
 PartOf=machines.target
 Before=machines.target
 After=network.target
+After=network-online.target
+After=systemd-networkd.service
+After=nspawn-macvlan.service
+Wants=network-online.target
 
 [Service]
-ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth {{ (nspawn_systemd_version | int > 219) | ternary('--settings=override --machine=%I', '--machine=%I') }}
+ExecStart=/usr/bin/systemd-nspawn --keep-unit --boot --link-journal=try-host {{ (nspawn_systemd_version | int > 219) | ternary('--settings=override --machine=%I', '--machine=%I') }}
 KillMode=mixed
 Type=notify
 RestartForceExitStatus=133