ed7f78ea56
When running os-ansible-deployment on a cluster siting behind a proxy, users may need to set up special variables for proxies so that pip, and the services all work as expected. Closes-bug: 1452456 Change-Id: I2a397abad6557a48bc737dcd9cca787fc5afa728
164 lines
6.3 KiB
YAML
164 lines
6.3 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Obtain the Systems SSH-Key
|
|
set_fact:
|
|
lxc_container_ssh_key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
|
|
when: >
|
|
lxc_container_ssh_key is not defined
|
|
delegate_to: "{{ physical_host }}"
|
|
|
|
- name: Check for lxc volume group
|
|
shell: "(which vgs > /dev/null && vgs | grep -o '{{ lxc_container_vg_name }}') || false"
|
|
register: vg_result
|
|
failed_when: false
|
|
changed_when: vg_result.rc != 0
|
|
delegate_to: "{{ physical_host }}"
|
|
tags:
|
|
- lxc-container-vg-detect
|
|
|
|
- name: Set container backend "dir" if "lvm" not found
|
|
set_fact:
|
|
lxc_container_backing_store: dir
|
|
when: vg_result.rc != 0
|
|
delegate_to: "{{ physical_host }}"
|
|
tags:
|
|
- lxc-container-vg-detect
|
|
|
|
- name: Container service directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: "directory"
|
|
with_items:
|
|
- "/openstack/{{ inventory_hostname }}"
|
|
- "/openstack/backup/{{ inventory_hostname }}"
|
|
- "/openstack/log/{{ inventory_hostname }}"
|
|
delegate_to: "{{ physical_host }}"
|
|
tags:
|
|
- lxc-container-directories
|
|
|
|
- name: Create container
|
|
lxc_container:
|
|
name: "{{ inventory_hostname }}"
|
|
container_log: "true"
|
|
config: "{{ properties.container_config|default(lxc_container_config) }}"
|
|
template: "{{ properties.container_template|default(lxc_container_template) }}"
|
|
state: started
|
|
backing_store: "{{ properties.container_backing_store|default(lxc_container_backing_store) }}"
|
|
fs_size: "{{ properties.container_fs_size|default(lxc_container_fs_size) }}"
|
|
fs_type: "{{ properties.container_fs_type|default(lxc_container_fs_type) }}"
|
|
vg_name: "{{ properties.container_vg_name|default(lxc_container_vg_name) }}"
|
|
template_options: "{{ lxc_container_template_options }}"
|
|
container_command: |
|
|
{% if global_environment_variables is defined %}
|
|
{%- for name, value in global_environment_variables.items() %}
|
|
{% if value %}
|
|
if ! grep '{{ name }}={{ value }}' /etc/environment;
|
|
echo '{{ name }}={{ value }}' | tee -a /etc/environment
|
|
fi
|
|
{% endif %}
|
|
{%- endfor %}
|
|
{% endif %}
|
|
mkdir -p ~/.ssh/
|
|
if [ ! -f "~/.ssh/authorized_keys" ];then
|
|
touch ~/.ssh/authorized_keys
|
|
fi
|
|
grep '{{ lxc_container_ssh_key }}' ~/.ssh/authorized_keys || echo '{{ lxc_container_ssh_key }}' | tee -a ~/.ssh/authorized_keys
|
|
# Create internal directories
|
|
mkdir -p /etc/network/interfaces.d
|
|
mkdir -p /var/backup
|
|
sed -i 's/PermitRootLogin.*/PermitRootLogin\ yes/g' /etc/ssh/sshd_config
|
|
service ssh restart
|
|
# Configure defined apt-repos
|
|
rm /etc/apt/sources.list
|
|
echo '# Do not edit this file. Add new sources to /etc/apt/sources.list.d/' | tee /etc/apt/sources.list
|
|
echo 'deb {{ lxc_container_template_main_apt_repo }} {{ lxc_container_release }} main restricted universe multiverse' | tee -a /etc/apt/sources.list
|
|
echo 'deb {{ lxc_container_template_main_apt_repo }} {{ lxc_container_release }}-updates main restricted universe multiverse' | tee -a /etc/apt/sources.list
|
|
echo 'deb {{ lxc_container_template_main_apt_repo }} {{ lxc_container_release }}-backports main restricted universe multiverse' | tee -a /etc/apt/sources.list
|
|
echo 'deb {{ lxc_container_template_security_apt_repo }} {{ lxc_container_release }}-security main restricted universe multiverse' | tee -a /etc/apt/sources.list
|
|
while timeout 120 apt-get update && apt-get -y install python2.7; [ $? = 124 ]; do
|
|
sleep 5
|
|
done
|
|
rm /usr/bin/python
|
|
ln -s /usr/bin/python2.7 /usr/bin/python
|
|
echo -e '{{ lxc_container_default_interfaces }}' | tee /etc/network/interfaces
|
|
container_config:
|
|
- "lxc.aa_profile=lxc-openstack"
|
|
- "lxc.mount.entry=/openstack/backup/{{ inventory_hostname }} var/backup none defaults,bind,rw 0 0"
|
|
delegate_to: "{{ physical_host }}"
|
|
tags:
|
|
- lxc-container-create
|
|
|
|
- name: Force container user password set
|
|
lxc_container:
|
|
name: "{{ inventory_hostname }}"
|
|
container_command: >
|
|
getent passwd "{{ lxc_container_user_name }}" &&
|
|
echo "{{ lxc_container_user_name }}:{{ lxc_container_user_password }}" | chpasswd
|
|
delegate_to: "{{ physical_host }}"
|
|
tags:
|
|
- lxc-container-user-password-regen
|
|
|
|
- name: Container network interfaces
|
|
lxc_container:
|
|
name: "{{ inventory_hostname }}"
|
|
container_command: |
|
|
echo -e '{{ lxc_container_interface }}' | tee /etc/network/interfaces.d/{{ item.value.interface }}.cfg
|
|
with_dict: container_networks
|
|
delegate_to: "{{ physical_host }}"
|
|
tags:
|
|
- lxc-container-networks
|
|
|
|
- name: LXC host config for container networks
|
|
template:
|
|
src: "container-interface.ini.j2"
|
|
dest: "/var/lib/lxc/{{ inventory_hostname }}/{{ item.value.interface }}.ini"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
with_dict: container_networks
|
|
notify:
|
|
- Lxc container restart
|
|
delegate_to: "{{ physical_host }}"
|
|
tags:
|
|
- lxc-container-networks
|
|
|
|
- name: Container network configs
|
|
lineinfile:
|
|
dest: "/var/lib/lxc/{{ inventory_hostname }}/config"
|
|
line: "lxc.include = /var/lib/lxc/{{ inventory_hostname }}/{{ item.value.interface }}.ini"
|
|
backup: "true"
|
|
with_dict: container_networks
|
|
when: >
|
|
item.value.interface is defined
|
|
notify:
|
|
- Lxc container restart
|
|
delegate_to: "{{ physical_host }}"
|
|
tags:
|
|
- lxc-container-networks
|
|
|
|
- name: Create container service directories
|
|
lxc_container:
|
|
name: "{{ inventory_hostname }}"
|
|
container_command: |
|
|
mkdir -p '/var/log/{{ properties.service_name }}'
|
|
mkdir -p '/etc/{{ properties.service_name }}'
|
|
container_config:
|
|
- "lxc.mount.entry=/openstack/log/{{ inventory_hostname }} var/log/{{ properties.service_name }} none defaults,bind,rw 0 0"
|
|
when: properties.service_name is defined
|
|
delegate_to: "{{ physical_host }}"
|
|
tags:
|
|
- lxc-container-service-dirs
|