openstack-ansible/playbooks/roles/lxc_hosts/defaults/main.yml

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# lxc container rootfs directory and cache path
lxc_container_directory: "/var/lib/lxc"
lxc_container_cache_path: "/var/cache/lxc"

# lxc container net network
lxc_net_bridge: lxcbr0
lxc_net_bridge_port: none
lxc_net_address: 10.0.3.1
lxc_net_netmask: 255.255.255.0
lxc_net_gateway: none  ## if "none" no gateway will on the LXC bridge, nat must be "false" to use a gateway.

# lxc container nat enabled
lxc_net_nat: true  ## If "true" nat rules will be created with the lxc network.

# lxc container dhcp settings
lxc_net_dhcp_range: 10.0.3.2,10.0.3.253
lxc_net_dhcp_max: 253
lxc_net_dhcp_config: ''
lxc_net_dnsmasq_user: lxc-dnsmasq
lxc_net_domain: ''

# lxc_container_net_link variable should be set to the lxc-net bridge.
lxc_container_net_link: "{{ lxc_net_bridge }}"  ## name of the host bridge to attach to
lxc_container_net_type: veth  ## lxc network interface type (veth, phys, vlan, macvlan, empty)
lxc_container_net_name: eth0  ## name of the interface inside the container.

# System control kernel tuning
lxc_kernel_options:
  - { key: 'fs.inotify.max_user_instances', value: 1024 }
  - { key: 'vm.swappiness', value: 10 }

# Default image to build from
lxc_container_release: trusty
lxc_container_user_name: ubuntu
lxc_container_user_password: "{{ lookup('pipe', 'date --rfc-3339=ns | sha512sum | base64 | head -c 32') }}"
lxc_container_template_options: >
  --release {{ lxc_container_release }}
  --user {{ lxc_container_user_name }}
  --password {{ lxc_container_user_password }}

lxc_container_template_main_apt_repo: "https://mirror.rackspace.com/ubuntu"
lxc_container_template_security_apt_repo: "https://mirror.rackspace.com/ubuntu"


# Required apt packages.
lxc_apt_packages:
  - apparmor-utils
  - bridge-utils
  - cgmanager
  - cgroup-lite
  - debootstrap
  - dnsmasq
  - git
  - liblxc1
  - lxc
  - lxc-dev
  - lxc-templates
  - python-dev
  - python3-lxc

# Commands to run against cached LXC image
lxc_cache_commands:
  - apt-get update
  - apt-get -y upgrade
  - apt-get -y install python2.7
  - rm -f /usr/bin/python
  - ln -s /usr/bin/python2.7 /usr/bin/python

lxc_cache_sshd_configuration:
    - { regexp: "^PermitRootLogin",         line: "PermitRootLogin yes" }
    - { regexp: "^TCPKeepAlive",            line: "TCPKeepAlive yes" }
    - { regexp: "^UseDNS",                  line: "UseDNS no" }
    - { regexp: "^X11Forwarding",           line: "X11Forwarding no" }
    - { regexp: "^PasswordAuthentication",  line: "PasswordAuthentication no" }

# Prebuilt images to deploy onto hosts for use in containers.
# lxc_container_caches:
#   - url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz"
#     name: "trusty.tgz"
#     sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c"
#     chroot_path: trusty/rootfs-amd64