From de2dc69641d41f1a1e42dec4374f708634af55a9 Mon Sep 17 00:00:00 2001 From: Shu Shen Date: Wed, 10 Jun 2015 05:40:56 +0000 Subject: [PATCH] Configurable lxc cache and rootfs path The rootfs of the containers use large disk space and is defaulted to /var/lib/lxc. It's desirable to configure an alternative rootfs directory on a partition with large enough free space to hold the rootfs. The rootfs of a container is hard-linked to the lxc cache when created by lxc templates. Therefore both have to reside on the same partition and the lxc cache shall be configurable as well as the rootfs directory. The lxc-ubuntu template is patched by lxc-host role to use the configured lxc cache folder. This patch should be removed once the updated upstream lxc with support of configuring the cache path goes mainstream. To confgiure these parameters, set the following variables in global_overrides of openstack_user_config.yml: - lxc_container_directory, defaults to /var/lib/lxc - lxc_container_cache_path, defaults to /var/cache/lxc Closes-Bug: #1463905 Change-Id: I9ccf0c45e0a1875644750e0d70ce613265040176 --- playbooks/lxc-containers-destroy.yml | 1 + .../roles/lxc_container_create/defaults/main.yml | 4 ++++ .../lxc_container_create/tasks/container_create.yml | 1 + .../roles/lxc_container_destroy/tasks/main.yml | 1 + playbooks/roles/lxc_hosts/defaults/main.yml | 4 ++++ playbooks/roles/lxc_hosts/tasks/lxc_cache.yml | 2 +- playbooks/roles/lxc_hosts/tasks/lxc_install.yml | 13 +++++++++++++ playbooks/roles/lxc_hosts/tasks/lxc_pre_install.yml | 6 ++++-- .../lxc-openstack.apparmor.j2} | 8 ++++---- 9 files changed, 33 insertions(+), 7 deletions(-) rename playbooks/roles/lxc_hosts/{files/lxc-openstack => templates/lxc-openstack.apparmor.j2} (76%) diff --git a/playbooks/lxc-containers-destroy.yml b/playbooks/lxc-containers-destroy.yml index 077167ca65..73c0cffd60 100644 --- a/playbooks/lxc-containers-destroy.yml +++ b/playbooks/lxc-containers-destroy.yml @@ -35,6 +35,7 @@ - "/openstack/backup/{{ container_name }}" - "/openstack/log/{{ container_name }}" - "/var/lib/lxc/{{ container_name }}" + - "{{ lxc_container_directory|default('/var/lib/lxc') }}/{{ container_name }}" delegate_to: "{{ physical_host }}" tags: - container-directories diff --git a/playbooks/roles/lxc_container_create/defaults/main.yml b/playbooks/roles/lxc_container_create/defaults/main.yml index 8a7cf1c8cd..d2607b1d37 100644 --- a/playbooks/roles/lxc_container_create/defaults/main.yml +++ b/playbooks/roles/lxc_container_create/defaults/main.yml @@ -18,6 +18,10 @@ lxc_container_config: /etc/lxc/lxc-openstack.conf # Default container template to build from lxc_container_template: ubuntu +# lxc container rootfs directory and cache path +lxc_container_directory: "/var/lib/lxc" +lxc_container_cache_path: "/var/cache/lxc" + # container_fs.* is only used with building on an LVM backend lxc_container_fs_size: 5G lxc_container_fs_type: ext4 diff --git a/playbooks/roles/lxc_container_create/tasks/container_create.yml b/playbooks/roles/lxc_container_create/tasks/container_create.yml index 3d84aff377..48ada5a304 100644 --- a/playbooks/roles/lxc_container_create/tasks/container_create.yml +++ b/playbooks/roles/lxc_container_create/tasks/container_create.yml @@ -57,6 +57,7 @@ template: "{{ properties.container_template|default(lxc_container_template) }}" state: started backing_store: "{{ properties.container_backing_store|default(lxc_container_backing_store) }}" + directory: "{{ lxc_container_directory }}/{{ container_name }}" fs_size: "{{ properties.container_fs_size|default(lxc_container_fs_size) }}" fs_type: "{{ properties.container_fs_type|default(lxc_container_fs_type) }}" vg_name: "{{ properties.container_vg_name|default(lxc_container_vg_name) }}" diff --git a/playbooks/roles/lxc_container_destroy/tasks/main.yml b/playbooks/roles/lxc_container_destroy/tasks/main.yml index 5d4380bbdc..1ba50313d4 100644 --- a/playbooks/roles/lxc_container_destroy/tasks/main.yml +++ b/playbooks/roles/lxc_container_destroy/tasks/main.yml @@ -30,6 +30,7 @@ - "/openstack/backup/{{ container_name }}" - "/openstack/log/{{ container_name }}" - "/var/lib/lxc/{{ container_name }}" + - "{{ lxc_container_directory|default('/var/lib/lxc') }}/{{ container_name }}" delegate_to: "{{ physical_host }}" tags: - container-directories diff --git a/playbooks/roles/lxc_hosts/defaults/main.yml b/playbooks/roles/lxc_hosts/defaults/main.yml index f049eeeb6f..d553ce351f 100644 --- a/playbooks/roles/lxc_hosts/defaults/main.yml +++ b/playbooks/roles/lxc_hosts/defaults/main.yml @@ -13,6 +13,10 @@ # See the License for the specific language governing permissions and # limitations under the License. +# lxc container rootfs directory and cache path +lxc_container_directory: "/var/lib/lxc" +lxc_container_cache_path: "/var/cache/lxc" + # lxc container net network lxc_net_bridge: lxcbr0 lxc_net_bridge_port: none diff --git a/playbooks/roles/lxc_hosts/tasks/lxc_cache.yml b/playbooks/roles/lxc_hosts/tasks/lxc_cache.yml index 164d1ce6de..f2b9145681 100644 --- a/playbooks/roles/lxc_hosts/tasks/lxc_cache.yml +++ b/playbooks/roles/lxc_hosts/tasks/lxc_cache.yml @@ -29,7 +29,7 @@ - name: Move lxc cached image into place unarchive: src: "/var/cache/lxc_{{ item.name }}" - dest: "/var/cache/lxc/" + dest: "{{ lxc_container_cache_path }}/" copy: "no" with_items: lxc_container_caches when: cache_download|changed diff --git a/playbooks/roles/lxc_hosts/tasks/lxc_install.yml b/playbooks/roles/lxc_hosts/tasks/lxc_install.yml index fc108d2937..5e44c9499e 100644 --- a/playbooks/roles/lxc_hosts/tasks/lxc_install.yml +++ b/playbooks/roles/lxc_hosts/tasks/lxc_install.yml @@ -26,3 +26,16 @@ with_items: lxc_apt_packages tags: - lxc-packages + +# The functionality with changing the container cache has been added into the +# upstream LXC templates with patch [ https://github.com/lxc/lxc/pull/558 ] +# TODO: remove the below patch and pass lxc_container_cache_path to lxc +# templates as appropriate once the lxc update goes mainstream +- name: Patch lxc-ubuntu cache path + replace: + dest: /usr/share/lxc/templates/lxc-ubuntu + regexp: '\$LOCALSTATEDIR/cache/lxc' + replace: "{{ lxc_container_cache_path }}" + backup: yes + tags: + - lxc-cache-path diff --git a/playbooks/roles/lxc_hosts/tasks/lxc_pre_install.yml b/playbooks/roles/lxc_hosts/tasks/lxc_pre_install.yml index 711640ddb4..02ff8f73b4 100644 --- a/playbooks/roles/lxc_hosts/tasks/lxc_pre_install.yml +++ b/playbooks/roles/lxc_hosts/tasks/lxc_pre_install.yml @@ -27,6 +27,8 @@ - /usr/share/lxc/templates - /openstack - /openstack/backup + - "{{ lxc_container_directory }}" + - "{{ lxc_container_cache_path }}" tags: - lxc-directories @@ -72,14 +74,14 @@ - lxc-irqbalance - name: Drop lxc-openstack app armor profile - copy: + template: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: "{{ item.owner|default('root') }}" group: "{{ item.group|default('root') }}" mode: "{{ item.mode|default('0644') }}" with_items: - - { src: lxc-openstack, dest: "/etc/apparmor.d/lxc/lxc-openstack" } + - { src: lxc-openstack.apparmor.j2, dest: "/etc/apparmor.d/lxc/lxc-openstack" } notify: - Load lxc-openstack apparmor profile - Restart apparmor diff --git a/playbooks/roles/lxc_hosts/files/lxc-openstack b/playbooks/roles/lxc_hosts/templates/lxc-openstack.apparmor.j2 similarity index 76% rename from playbooks/roles/lxc_hosts/files/lxc-openstack rename to playbooks/roles/lxc_hosts/templates/lxc-openstack.apparmor.j2 index a38371369e..62b6ec78be 100644 --- a/playbooks/roles/lxc_hosts/files/lxc-openstack +++ b/playbooks/roles/lxc_hosts/templates/lxc-openstack.apparmor.j2 @@ -17,10 +17,10 @@ profile lxc-openstack flags=(attach_disconnected,mediate_deleted) { mount fstype=nbd* -> /**, mount fstype=nfs* -> /**, mount fstype=devpts, - + # allow System access. mount fstype=cgroup -> /sys/fs/cgroup/**, - mount fstype=proc -> /var/cache/lxc/**, - mount fstype=sysfs -> /var/cache/lxc/**, - mount options=(rw,bind) /var/cache/lxc/**/dev/shm/ -> /var/cache/lxc/**/run/shm/, + mount fstype=proc -> {{ lxc_container_cache_path }}/**, + mount fstype=sysfs -> {{ lxc_container_cache_path }}/**, + mount options=(rw,bind) {{ lxc_container_cache_path }}/**/dev/shm/ -> {{ lxc_container_cache_path }}/**/run/shm/, }