Changed the container interaction process
This changes the way that containers are interacted with. With this change, container actions are deletgated to the host instead of looping through the hacky mess that we were doing. This change will make it so that the entire container process is faster. This also removes the needs for the "/openstack/monitoring" directory which was held over cruft from long ago. This should address the race condition when delegating to a host and the monitoring directory attempts to be created at the same time on the same host. Closes-Bug: #1399427 Change-Id: Ifaa0fa5719f79180610b4a63d590ca8bc681f87d
This commit is contained in:
Kevin Carter
@@ -965,7 +965,7 @@ class LxcManagement(object):
|
||||
self.module.get_bin_path('lxc-stop', True),
|
||||
'--logfile /tmp/lxc-ansible-%s-stop.log' % name,
|
||||
'--logpriority INFO',
|
||||
'--timeout 10',
|
||||
'--timeout 120',
|
||||
'--name %s' % name
|
||||
]
|
||||
|
||||
|
||||
@@ -13,16 +13,10 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- hosts: "{{ host_group|default('hosts') }}"
|
||||
- hosts: "{{ host_group|default('all_containers') }}"
|
||||
user: root
|
||||
gather_facts: false
|
||||
roles:
|
||||
- container_setup
|
||||
vars_files:
|
||||
- vars/config_vars/container_interfaces.yml
|
||||
vars:
|
||||
default_container_groups: "{{ hostvars[inventory_hostname]['container_types'] }}"
|
||||
container_groups: "{{ groups[container_group|default(default_container_groups)] | default('') }}"
|
||||
required_container_config_options:
|
||||
- "lxc.mount.entry=/openstack/log/{{ hostvars[item]['container_name'] }} var/log/{{ hostvars[item]['service_name'] }} none defaults,bind,rw 0 0"
|
||||
- "lxc.mount.entry=/openstack/backup/{{ hostvars[item]['container_name'] }} var/backup none defaults,bind,rw 0 0"
|
||||
- "lxc.mount.entry=/openstack/monitoring monitoring none defaults,bind,rw 0 0"
|
||||
|
||||
@@ -14,10 +14,8 @@
|
||||
# limitations under the License.
|
||||
|
||||
# This playbook destroys all known containers.
|
||||
- hosts: "{{ host_group|default('hosts') }}"
|
||||
- hosts: "{{ host_group|default('all_containers') }}"
|
||||
user: root
|
||||
gather_facts: false
|
||||
roles:
|
||||
- container_destroy
|
||||
vars:
|
||||
default_container_groups: "{{ hostvars[inventory_hostname]['container_types'] }}"
|
||||
container_groups: "{{ groups[container_group|default(default_container_groups)] }}"
|
||||
|
||||
@@ -14,4 +14,4 @@
|
||||
# limitations under the License.
|
||||
|
||||
- include: container_create.yml
|
||||
when: container_groups|length > 0
|
||||
|
||||
|
||||
@@ -17,6 +17,7 @@
|
||||
|
||||
- name: Destroy Containers
|
||||
lxc:
|
||||
name: "{{ hostvars[item]['container_name'] }}"
|
||||
name: "{{ container_name }}"
|
||||
command: "destroy"
|
||||
with_items: container_groups
|
||||
delegate_to: "{{ physical_host }}"
|
||||
|
||||
|
||||
@@ -14,4 +14,4 @@
|
||||
# limitations under the License.
|
||||
|
||||
- include: container_restart.yml
|
||||
when: container_groups|length > 0
|
||||
|
||||
|
||||
@@ -16,109 +16,54 @@
|
||||
- name: Obtain the Systems SSH-Key
|
||||
set_fact:
|
||||
container_ssh_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
|
||||
- name: Fail when empty or non-existent SSH pub key
|
||||
fail: >
|
||||
msg="Failing - ~/.ssh/id_rsa.pub file doesn't exist or is empty"
|
||||
fail: msg="Failing - ~/.ssh/id_rsa.pub file doesn't exist or is empty"
|
||||
when: container_ssh_key == ""
|
||||
|
||||
- name: Set the SSH key in place
|
||||
lxc: >
|
||||
name={{ hostvars[item]['container_name'] }}
|
||||
command=attach
|
||||
container_command="
|
||||
mkdir -p ~/.ssh/;
|
||||
if [ ! -f \"~/.ssh/authorized_keys\" ];then
|
||||
touch ~/.ssh/authorized_keys;
|
||||
fi;
|
||||
grep '{{ container_ssh_key }}' ~/.ssh/authorized_keys ||
|
||||
echo '{{ container_ssh_key }}' | tee -a ~/.ssh/authorized_keys;
|
||||
"
|
||||
with_items: container_groups
|
||||
|
||||
- name: Set base network interface
|
||||
lxc: >
|
||||
name={{ hostvars[item]['container_name'] }}
|
||||
command=attach
|
||||
container_command="
|
||||
echo -e '{{ container_interface }}' | tee /etc/network/interfaces;
|
||||
"
|
||||
with_items: container_groups
|
||||
|
||||
- name: Set management network interface
|
||||
lxc: >
|
||||
name={{ hostvars[item]['container_name'] }}
|
||||
command=attach
|
||||
container_command="
|
||||
echo -e '{{ management_interface }}' | tee /etc/network/interfaces.d/management.cfg;
|
||||
"
|
||||
with_items: container_groups
|
||||
|
||||
- name: Ensure SSH is avail at boot
|
||||
lxc: >
|
||||
name={{ hostvars[item]['container_name'] }}
|
||||
command=attach
|
||||
container_command="update-rc.d ssh defaults"
|
||||
with_items: container_groups
|
||||
|
||||
- name: Ensure SSH is available for root
|
||||
lxc: >
|
||||
name={{ hostvars[item]['container_name'] }}
|
||||
command=attach
|
||||
container_command="sed -i 's/PermitRootLogin.*/PermitRootLogin\ yes/g' /etc/ssh/sshd_config"
|
||||
with_items: container_groups
|
||||
|
||||
- name: Ensure SSH started
|
||||
lxc: >
|
||||
name={{ hostvars[item]['container_name'] }}
|
||||
command=attach
|
||||
container_command="service ssh restart"
|
||||
with_items: container_groups
|
||||
|
||||
- name: Ensure required inner directories
|
||||
lxc: >
|
||||
name={{ hostvars[item.1]['container_name'] }}
|
||||
command=attach
|
||||
container_command="mkdir -p {{ item.0 }}"
|
||||
with_nested:
|
||||
- [ "/monitoring", "/etc/network/interfaces.d", "/var/backup" ]
|
||||
- container_groups
|
||||
|
||||
- name: Create Required local log directories
|
||||
file: >
|
||||
path="{{ item.0 }}/{{ hostvars[item.1]['container_name'] }}"
|
||||
state=directory
|
||||
with_nested:
|
||||
- [ "/openstack/backup", "/openstack/log" ]
|
||||
- container_groups
|
||||
delegate_to: "{{ physical_host }}"
|
||||
|
||||
- name: Create Required local monitoring directories
|
||||
file: >
|
||||
path={{ item }}
|
||||
state=directory
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: "directory"
|
||||
with_items:
|
||||
- "/openstack/monitoring"
|
||||
- "/openstack/backup/{{ container_name }}"
|
||||
- "/openstack/log/{{ container_name }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
|
||||
- name: Ensure required inner service directories
|
||||
lxc: >
|
||||
name={{ hostvars[item.1]['container_name'] }}
|
||||
command=attach
|
||||
container_command="mkdir -p {{ item.0 }}/{{ hostvars[item.1]['service_name'] }}"
|
||||
with_nested:
|
||||
- [ "/etc", "/var/log" ]
|
||||
- container_groups
|
||||
|
||||
- name: Ensure python2.7 installed
|
||||
lxc: >
|
||||
name={{ hostvars[item]['container_name'] }}
|
||||
command=attach
|
||||
container_command="apt-get -y install python2.7; rm /usr/bin/python; ln -s /usr/bin/python2.7 /usr/bin/python"
|
||||
with_items: container_groups
|
||||
- name: Basic Inner Container Setup
|
||||
lxc:
|
||||
name: "{{ container_name }}"
|
||||
command: "attach"
|
||||
container_command: |
|
||||
mkdir -p ~/.ssh/
|
||||
if [ ! -f "~/.ssh/authorized_keys" ];then
|
||||
touch ~/.ssh/authorized_keys
|
||||
fi
|
||||
grep '{{ container_ssh_key }}' ~/.ssh/authorized_keys || echo '{{ container_ssh_key }}' | tee -a ~/.ssh/authorized_keys
|
||||
# Create internal directories
|
||||
mkdir -p /monitoring
|
||||
mkdir -p /etc/network/interfaces.d
|
||||
mkdir -p /var/backup
|
||||
mkdir -p '/var/log/{{ service_name }}'
|
||||
mkdir -p '/etc/{{ service_name }}'
|
||||
sed -i 's/PermitRootLogin.*/PermitRootLogin\ yes/g' /etc/ssh/sshd_config
|
||||
service ssh restart
|
||||
apt-get update
|
||||
apt-get -y install python2.7
|
||||
rm /usr/bin/python
|
||||
ln -s /usr/bin/python2.7 /usr/bin/python
|
||||
echo -e '{{ default_interfaces }}' | tee /etc/network/interfaces
|
||||
echo -e '{{ management_interface }}' | tee /etc/network/interfaces.d/management.cfg
|
||||
delegate_to: "{{ physical_host }}"
|
||||
|
||||
- name: Ensure Required container config options
|
||||
lxc: >
|
||||
name={{ hostvars[item]['container_name'] }}
|
||||
command=config
|
||||
options="{{ required_container_config_options }}"
|
||||
state=running
|
||||
with_items: container_groups
|
||||
lxc:
|
||||
name: "{{ container_name }}"
|
||||
command: config
|
||||
options:
|
||||
- "lxc.mount.entry=/openstack/log/{{ container_name }} var/log/{{ service_name }} none defaults,bind,rw 0 0"
|
||||
- "lxc.mount.entry=/openstack/backup/{{ container_name }} var/backup none defaults,bind,rw 0 0"
|
||||
state: running
|
||||
delegate_to: "{{ physical_host }}"
|
||||
|
||||
@@ -14,4 +14,4 @@
|
||||
# limitations under the License.
|
||||
|
||||
- include: container_setup.yml
|
||||
when: container_groups|length > 0
|
||||
|
||||
|
||||
@@ -13,19 +13,18 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
container_interface: |
|
||||
default_interfaces: |
|
||||
# The loopback network interface
|
||||
auto lo
|
||||
iface lo inet loopback
|
||||
|
||||
# LXC interface
|
||||
auto eth0
|
||||
iface eth0 inet dhcp
|
||||
|
||||
# Load any additional configs
|
||||
source /etc/network/interfaces.d/*.cfg
|
||||
|
||||
|
||||
management_interface: |
|
||||
auto {{ hostvars[item]['container_network']['container_interface'] }}
|
||||
iface {{ hostvars[item]['container_network']['container_interface'] }} inet static
|
||||
address {{ hostvars[item]['container_address'] }}
|
||||
netmask {{ hostvars[item]['container_network']['container_netmask']|default(hostvars[item]['container_netmask']) }}
|
||||
auto {{ container_network['container_interface'] }}
|
||||
iface {{ container_network['container_interface'] }} inet static
|
||||
address {{ container_address }}
|
||||
netmask {{ container_network['container_netmask']|default(container_netmask) }}
|
||||
|
||||
Reference in New Issue
Block a user