ef0d28eb80
This change implements the ability to set the apt repositories within a container upon container create from both a deployed image as well as when using the lxc-openstack container build template. * There are two new namespaced variables that set the main and security repositories for Ubuntu. These two variables are the same in both the `lxc_container_create` and `lxc_hosts` roles. These two new variables have been set as defaults in their respective roles. * The method by which the template and container create deploy the repositories within the container is the same. The old sources list is removed and the new entries are created. This will provide a consistent experience between hosts and containers as they can now use the same repositories without human intervention. With this change it will now be possible to deploy containers within a walled garden where the apt repository may not be publicly accessible. Juno-Backport-Potential Closes-Bug: #1433412 Change-Id: Iaf51a5e3919f684b20da370a9470dc45e2452d4e
93 lines
2.7 KiB
YAML
93 lines
2.7 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Create base directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: "directory"
|
|
owner: "root"
|
|
group: "root"
|
|
with_items:
|
|
- /etc/lxc
|
|
- /usr/local/bin
|
|
- /etc/network/interfaces.d
|
|
- /etc/apparmor.d/lxc
|
|
- /usr/share/lxc/templates
|
|
- /openstack
|
|
- /openstack/backup
|
|
tags:
|
|
- lxc-directories
|
|
|
|
- name: Ensure the lxc dnsmasq user exists
|
|
user:
|
|
name: "{{ lxc_net_dnsmasq_user }}"
|
|
comment: "LXC dnsmasq"
|
|
system: "yes"
|
|
shell: "/bin/false"
|
|
home: "/var/lib/lxc"
|
|
tags:
|
|
- lxc-dnsmasq-user
|
|
|
|
- name: Drop base config file(s)
|
|
template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: "{{ item.owner|default('root') }}"
|
|
group: "{{ item.group|default('root') }}"
|
|
mode: "{{ item.mode|default('0644') }}"
|
|
with_items:
|
|
- { src: lxc-openstack.conf.j2, dest: "/etc/lxc/lxc-openstack.conf" }
|
|
- { src: lxc.default.j2, dest: "/etc/default/lxc-net", mode: "0644" }
|
|
- { src: lxc-system-manage.j2, dest: "/usr/local/bin/lxc-system-manage", mode: "0755" }
|
|
- { src: manual-init.override.j2, dest: "/etc/init/lxc-net.override" }
|
|
- { src: lxc-openstack-template.j2, dest: "/usr/share/lxc/templates/lxc-openstack", mode: "0755" }
|
|
tags:
|
|
- lxc-files
|
|
- lxc-config
|
|
|
|
- name: Drop irqbalance config
|
|
template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: "{{ item.owner|default('root') }}"
|
|
group: "{{ item.group|default('root') }}"
|
|
mode: "{{ item.mode|default('0644') }}"
|
|
with_items:
|
|
- { src: irqbalance.j2, dest: "/etc/default/irqbalance" }
|
|
notify:
|
|
- Restart irqbalance
|
|
tags:
|
|
- lxc-files
|
|
- lxc-irqbalance
|
|
|
|
- name: Drop lxc-openstack app armor profile
|
|
copy:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: "{{ item.owner|default('root') }}"
|
|
group: "{{ item.group|default('root') }}"
|
|
mode: "{{ item.mode|default('0644') }}"
|
|
with_items:
|
|
- { src: lxc-openstack, dest: "/etc/apparmor.d/lxc/lxc-openstack" }
|
|
notify:
|
|
- Load lxc-openstack apparmor profile
|
|
- Restart apparmor
|
|
tags:
|
|
- lxc-files
|
|
- lxc-apparmor
|
|
|
|
# Ensure apparmor reindex runs before other things that may fail
|
|
- meta: flush_handlers
|