--- # Copyright 2016, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Usage: # This common task will update lxc containers to use the lxc-openstack # app-armor profile by default however this profile can be changed as needed. # This will also load in a list of bind mounts for a given container. To load # in a list of bind mounts the variable, "list_of_bind_mounts" must be used # containing at least one dictionary with the keys "bind_dir_path", # "relative_bind_dir_path", and "mount_path". # * bind_dir_path = Container path used in a bind mount # * mount_path = Local path on the physical host used for a bind mount # If extra container configurations are desirable set the # "extra_container_config" list to strings containing the options needed. - name: Set default bind mounts (bind var/log) set_fact: lxc_default_bind_mounts: '{{ lxc_default_bind_mounts | default([{"bind_dir_path": "/var/log", "mount_path": "/openstack/log/{{ inventory_hostname }}"}]) }}' when: - default_bind_mount_logs | bool tags: - common-lxc - name: Ensure mount directories exists file: path: "{{ item['mount_path'] }}" state: "directory" with_items: - "{{ lxc_default_bind_mounts | default([]) }}" - "{{ list_of_bind_mounts | default([]) }}" delegate_to: "{{ physical_host }}" when: - not is_metal | bool tags: - common-lxc - name: Add bind mount configuration to container lineinfile: dest: "/var/lib/lxc/{{ inventory_hostname }}/config" line: "lxc.mount.entry = {{ item['mount_path'] }} {{ item['bind_dir_path'].lstrip('/') }} none bind,create=dir 0 0" backup: "true" with_items: - "{{ lxc_default_bind_mounts | default([]) }}" - "{{ list_of_bind_mounts | default([]) }}" delegate_to: "{{ physical_host }}" when: - not is_metal | bool register: _mc tags: - common-lxc - name: Extra lxc config lineinfile: dest: "/var/lib/lxc/{{ inventory_hostname }}/config" line: "{{ item.split('=')[0] }} = {{ item.split('=', 1)[1] }}" insertafter: "^{{ item.split('=')[0] }}" backup: "true" with_items: "{{ extra_container_config | default([]) }}" delegate_to: "{{ physical_host }}" register: _ec when: not is_metal | bool tags: - common-lxc - name: Extra lxc config no restart lineinfile: dest: "/var/lib/lxc/{{ inventory_hostname }}/config" line: "{{ item.split('=')[0] }} = {{ item.split('=', 1)[1] }}" insertafter: "^{{ item.split('=')[0] }}" backup: "true" with_items: "{{ extra_container_config_no_restart | default(['lxc.start.order=100']) }}" delegate_to: "{{ physical_host }}" when: not is_metal | bool tags: - common-lxc - name: Check container state command: "lxc-info -n {{ inventory_hostname }} --state" changed_when: false delegate_to: "{{ physical_host }}" register: _lxc_container_state until: _lxc_container_state | success retries: 3 delay: 5 when: - not is_metal | bool - (_mc is defined and _mc | changed) or (_ec is defined and _ec | changed) # Due to https://github.com/ansible/ansible-modules-extras/issues/2691 # this uses the LXC CLI tools to ensure that we get logging. # TODO(odyssey4me): revisit this once the bug is fixed and released - name: Lxc container restart command: > lxc-stop --name {{ inventory_hostname }} --logfile {{ lxc_container_log_path }}/lxc-{{ inventory_hostname }}.log --logpriority {{ (debug | bool) | ternary('DEBUG', 'INFO') }} delegate_to: "{{ physical_host }}" register: container_stop until: container_stop | success retries: 3 when: - not is_metal | bool - (_mc is defined and _mc | changed) or (_ec is defined and _ec | changed) - _lxc_container_state.stdout.find('RUNNING') != -1 tags: - common-lxc # Due to https://github.com/ansible/ansible-modules-extras/issues/2691 # this uses the LXC CLI tools to ensure that we get logging. # TODO(odyssey4me): revisit this once the bug is fixed and released - name: Start Container command: > lxc-start --daemon --name {{ inventory_hostname }} --logfile {{ lxc_container_log_path }}/lxc-{{ inventory_hostname }}.log --logpriority {{ (debug | bool) | ternary('DEBUG', 'INFO') }} delegate_to: "{{ physical_host }}" register: container_start until: container_start | success retries: 3 when: - not is_metal | bool - (_mc is defined and _mc | changed) or (_ec is defined and _ec | changed) tags: - common-lxc - name: Wait for container connectivity wait_for_connection: connect_timeout: "{{ lxc_container_wait_params.connect_timeout | default(omit) }}" delay: "{{ lxc_container_wait_params.delay | default(omit) }}" sleep: "{{ lxc_container_wait_params.sleep | default(omit) }}" timeout: "{{ lxc_container_wait_params.timeout | default(omit) }}" when: - (_mc is defined and _mc | changed) or (_ec is defined and _ec | changed) - not is_metal | bool tags: - common-lxc