This change makes it possible for us to add future support for multiple
container technologies within a single deployment. A new variable has
been added allowing the deployer to set the container tech within a
deployment. At this point the only supported container tech is "lxc"
however in a follow on PR we intend to add systemd-nspawn.
The playbooks for lxc-containers-* have all been renamed so we have a
consistent experience when sourcing and executing container type plays.
To ensure this change does not break existing deployer automation links
have been created for the old playbook names. In a future release we can
remove these links.
Change-Id: I8c2f8f29a93a3212de73c74c7d1ab7d851bbd204
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The numerous tags within the playbook have been condensed
to two potential tags: "$NAMESPACE-config", and "$NAMESPACE".
These tags have been chosen as they are namespaced and cover
the configuration pre-tasks as well as the option to execute
the main playbook from a higher level play. By tagging
everything in the play with "$NAMESPACE" we're ensuring that
everything covered by the playbook has a namespaced tag. Any
place using the "always" tag was left alone as the tasks being
executed must "always" execute whenever the playbook is called.
Notice: The os-swift-setup.yml playbook file has been
removed because it currently serves no purpose. While the
os-swift-sync.yml is no longer being directly called it has been
left as it could be of use to a deployer.
Change-Id: Iebfd82ebffedc768a18d9d9be6a9e70df2ae8fc1
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
When a container's data is destroyed, this patch ensures that
the LXC log file for the container is also destroyed.
Change-Id: I80c46c536dcfbb3ee1a0572aa25fb21b651799fe
Currently running the lxc-containers-destroy playbook will, when
agreed to, destroy all containers and container data across the
entire deployment.
This patch separates the removal of the container from the removal
of the data and includes a prompt to the user to confirm each
option.
The option can be pre-answered through the use of the boolean
variable 'force_containers_data_destroy'.
Change-Id: I70c4819dbe6fc996dd780f205f3e08c300f18591
Running the lxc-containers-destroy playbook will, by default, destroy
all containers and container data across the entire deployment.
Include a prompt to ensure that running the playbook was intentional.
Including this playbook within automation can still be done by providing
'force_containers_destroy' as an extra variable.
Change-Id: I534cc97a29018984966ca9a9d934cef4242f2f88
This was introduced in I348a4b7dfe70d56a64899246daf65ea834a75d2a
Ansible complains with:
[WARNING]: While constructing a mapping from /opt/openstack-ansible/playbooks
/lxc-containers-create.yml, line 16, column 3, found a duplicate dict key
(gather_facts). Using last defined value only.
Change-Id: I0cb978aa7b434568406a38c71da2e4bb1e1549cc
This commit adds a gather_facts variable in the playbooks, which
is defaulted to True. If run_playbooks.sh is used, this commit adds
"-e gather_facts=False" to the openstack-ansible cli for the playbook
run. Everything should work fine for deployers (because there is no
change for them), and for the gate (because fact caching is enabled)
It should speed up the gate by avoiding the long "setup" task cost for each host.
Instead it does the setup to the appropriate hosts, at the appropriate time.
Change-Id: I348a4b7dfe70d56a64899246daf65ea834a75d2a
Signed-off-by: Jean-Philippe Evrard <jean-philippe.evrard@rackspace.co.uk>
This commit removes the use of the net-cache flushing from all
$service plays which ensures that the cache is not overly flushed
which could impact performance of services like neutron.
The role lxc-container-destroy role was removed because its not used
and if it were ever used it its use would result in the same
situation covered by this issue.
Additionally it was noted that on container restarts, the mac addresses
of the container interfaces change. If *no* flushing is done at all,
this results in long run times whilst the arp entry for the container IP
times out. Hence, we add in here a configuration option that causes a
gratuitous arp whenever an interface has it's mac set, and/or the link
comes up. Because of the way the container veths work, we can't rely
on that happening on a linkm up event. So we forcefully set the mac
address in the post-up hook for the interface to force the issue of the
gratuitous arp.
Co-Authored-By: Evan Callicoat <diopter@gmail.com>
Co-Authored-By: Darren Birkett <darren.birkett@gmail.com>
Change-Id: I96800b2390ffbacb8341e5538545a3c3a4308cf3
Closes-Bug: 1497433
In a multiple host deployment, the deploying host (which runs the playbooks)
may not be the host for the containers being destroyed. Therefore,
flush-net-cache is not performed on the deploying host.
This would cause connectivity problem between the deploying host and the
containers before the staled net cache timed out ultimately.
Therefore, the local host shall always perform flush-net-cache when a container
is destroyed.
Change-Id: Iac0afa58084d35d285067c404de85e3466ba62e9
Closes-Bug: #1469285
The rootfs of the containers use large disk space and is defaulted to
/var/lib/lxc. It's desirable to configure an alternative rootfs directory on a
partition with large enough free space to hold the rootfs.
The rootfs of a container is hard-linked to the lxc cache when created by lxc
templates. Therefore both have to reside on the same partition and the lxc
cache shall be configurable as well as the rootfs directory.
The lxc-ubuntu template is patched by lxc-host role to use the configured lxc
cache folder. This patch should be removed once the updated upstream lxc with
support of configuring the cache path goes mainstream.
To confgiure these parameters, set the following variables in global_overrides
of openstack_user_config.yml:
- lxc_container_directory, defaults to /var/lib/lxc
- lxc_container_cache_path, defaults to /var/cache/lxc
Closes-Bug: #1463905
Change-Id: I9ccf0c45e0a1875644750e0d70ce613265040176
This change was made to improve ansible stability and speed.
Additionally this change comes with the now upstream lxc-container
module which will allow us to drop our carried module. In dropping
the module the entry point was changed from `lxc-container:` to
`lxc_container:`. All of the entry points have been changed in
support of the new upstream module and the carried `lxc-container`
module has been removed.
Partially Implements Blueprint: master-kilofication
Partial-Bug: 1399373
Change-Id: I4709eb78f153afc213225ea973570efa2e873993
This change implements the blueprint to convert all roles and plays into
a more generic setup, following upstream ansible best practices.
Items Changed:
* All tasks have tags.
* All roles use namespaced variables.
* All redundant tasks within a given play and role have been removed.
* All of the repetitive plays have been removed in-favor of a more
simplistic approach. This change duplicates code within the roles but
ensures that the roles only ever run within their own scope.
* All roles have been built using an ansible galaxy syntax.
* The `*requirement.txt` files have been reformatted follow upstream
Openstack practices.
* Dynamically generated inventory is now more organized, this should assist
anyone who may want or need to dive into the JSON blob that is created.
In the inventory a properties field is used for items that customize containers
within the inventory.
* The environment map has been modified to support additional host groups to
enable the seperation of infrastructure pieces. While the old infra_hosts group
will still work this change allows for groups to be divided up into seperate
chunks; eg: deployment of a swift only stack.
* The LXC logic now exists within the plays.
* etc/openstack_deploy/user_variables.yml has all password/token
variables extracted into the separate file
etc/openstack_deploy/user_secrets.yml in order to allow seperate
security settings on that file.
Items Excised:
* All of the roles have had the LXC logic removed from within them which
should allow roles to be consumed outside of the `os-ansible-deployment`
reference architecture.
Note:
* the directory rpc_deployment still exists and is presently pointed at plays
containing a deprecation warning instructing the user to move to the standard
playbooks directory.
* While all of the rackspace specific components and variables have been removed
and or were refactored the repository still relies on an upstream mirror of
Openstack built python files and container images. This upstream mirror is hosted
at rackspace at "http://rpc-repo.rackspace.com" though this is
not locked to and or tied to rackspace specific installations. This repository
contains all of the needed code to create and/or clone your own mirror.
DocImpact
Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Closes-Bug: #1403676
Implements: blueprint galaxy-roles
Change-Id: I03df3328b7655f0cc9e43ba83b02623d038d214e
