With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I6a9986cd948dbeaf2847ea4dd04deed974f80d20
Inside jinja block variables should not be inside start/end block.
This used to work due to the workaround placed in config_template
that was removed within [1]. So we fix our usage of jinja to make
variable resolved properly.
[1] https://review.opendev.org/c/openstack/ansible-config_template/+/881887
Change-Id: I1c3178e5694b08ace9364f6da397837049ca2d49
For consistency reasons we try to leverage our systemd_service role as
much as we can. Instead of maintaining separate systemd unit templates
the role can be leveraged for same purposes and reduce complexity in
this role.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/865952
Change-Id: I59e6504240eafdb5f0d010ff8a051078e25b1281
For consistency reasons instead of placing a template for
systemd-networkd we better use systemd_networkd role that is present
for a while.
Change-Id: I1e9deaa2892a8fa7eb171acaf75441d7efeac297
Refactoring of the lxc_hosts role means that there is no need for
differences in variables between operating systems.
This patch makes the ubuntu focal CI jobs non voting as it must
merge at the same time as a corresponding patch to lxc_hosts.
Change-Id: I29e91320baebb9a3a649533a0e1d3a433dd04ad9
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I2defac928ff0081b262ba31bdb9981274f13b32b
OpenSUSE Leap 15.0 now ships with lxc 3.1 which changed two config
options:
1. lxc.kmsg was removed
2. lxc.pts was renamed to lxc.pty.max
This change updates these two options in the container config.
Change-Id: I7b4c657e9216b5e3926672b76cb370256b98ce3c
Depends-On: I8a94f340b8866f3369cebb5950dea873f5d2fece
Signed-off-by: Nicolas Bock <nicolas.bock@suse.com>
This patch adds support for this role to be able to deploy on
Debian Stretch.
Change-Id: I4ee130917373c643ae80bab7a778cc6f35868dc8
Needed-By: I135ea73604890eae5e9e2a7cdcab81b2b39ad426
Required to support Gentoo is the ability to bind mount a new shared
directory. In order to support this, _lxc_container_bind_mounts has
been created for use in per-distro variables. For Gentoo the new bind
mounts allows the sharing of package data, shrinking both the container
size and the time needed to install packages.
Also needed was the creation of the `sysctl_path` variable as Gentoo
installs sysctl to an alternate location.
Change-Id: I8c20631aff9ee30289ef2f7f862ba0d4e1bb4569
This code was put in to handle upgrade and transitions from Queens
to Rocky and it is no longer necessary in Stein.
Change-Id: Iffc453ccb8af5d66e556da8427eb4fec1c2133ca
In RHEL-based operating systems, the update will actually attempt
to update every single package in the system which can result in
bad things (i.e. updating services when they're not supposed to).
The intention was to do the same as the apt-get update which simply
updates the repos. however this is not necessary in CentOS.
Change-Id: I5a1f86899406e125b3a790e2e85ce36d73fbc55e
Some use cases such as public facing dns servers for Designate
are difficult to deploy with the dynamic inventory as they have
a hard requirement for fixed IP on certain interfaces. An additional
variable allows the deployer to create these special interfaces.
Change-Id: I4f0ac58f2d5c19fea1606fe1fbb011bb1a36f7b4
Now that bionic testing is added into the tests repos, we can
start testing it in the repo.
Since bionic uses lxc >= 3, we need to make some adjustments to the role
to allow the role to work with both lxc > 3 and lxc < 3, there were
several config options changes which will impact on upgradeability.
LXC >= 3 requires networks to have an index, we can achieve this by
taking the network dict and converting it to a list, and using those to
generate the id "with_indexed_items".
Depends-On: https://review.openstack.org/#/c/566959/
Depends-On: https://review.openstack.org/#/c/567038/
Change-Id: Ib80c2ed2a01a4a6a8c48aed9bdf9a50e45ea9564
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The variable `lxc_user_defined_container` has been added which allows a
deployer to define the container variable file in use for a given
container type.
Depends-On: https://review.openstack.org/554383
Change-Id: Ia1373bfa916b4add49a8444d2e4553f898650328
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
With the implementation of networkd the ENI scripts and config files for
the default interfaces shipped with the lxc container images we use is
no longer useful. These old files can cause conflicts in networking
should the old scripts and networkd get confused especially when it
comes to an interface that is setup for DHCP. This change simply defines
the default interfaces for both suse and ubuntu and ensures they're
deleted.
The interface flush handler has been set to failed when false because on
initial container create the eth0 device may not exist until
systemd-networkd is restarted for the first time.
Change-Id: I70abb5ec4226a81a065e495e19f5e7e0c569e1b0
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Unify container network interfaces using Systemd Networkd for ubuntu,
centos, and openSUSE. This change allows the role to use a single way to
configure container networks.
Care has been taken to ensure we're able to cleanly upgrade to the new
capabilities within existing environments without breaking any feature
compatibility or causing any container restarts.
It's also worth noting that all of the pre/post networking up/down
script options have been converted to systemd "oneshot" services. This
retains the ability to run adhoc scripts post network availability
while also opening up this capability, which used to be ubuntu only,
to all of our supported operating systems.
> Our usage of `lxc-attach` was removed in favor of `nsenter` to fix a
issue where multiple `lxc-attach` commands issued to a single physical
host could result in a hang.
> Scripts that were being generated inline have been placed into
template files. This solves a long standing memory consumption issue
when creating lots of containers. The old shell tasks will now be
executed from a generated script. While this should also help with
debugging, the main driver is to ensure better system stability.
> A lot of cleanup has been done throughout the task files and
templates. In the process of updating the role to use unified
networking a lot of duplicate tasks, scripts, and processes have
consolidated.
> Handlers have been added for network connection wait conditions and
to various service restarts.
> The OSA plugins have been added to this role as a dependency. We
rely on the connection plugins throughout the stack however we were
doing a lot of workarounds to cater to the possibility of a deployer
running this role without them. This change simply adds the plugins
as a known dependency which allows for a more streamlined setup.
Change-Id: I5d3ddcfa11d575648a69a04f2fb30236c2c89da3
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The role may be used with 'gather_facts: false' leading to the
following problem:
'ansible_distribution_version' is undefined
As such, we need to rely on the discovered physical host's facts to
determine the distribution version.
Change-Id: I11ab98ac0a6f5e8cbcdc55d51ba7886e54aa5472
This supplements commit Ic43aa5d7e6bc7a534e21ba052561932ec01b3ae0
The base container now matches the host's distribution version so we
should use the 'ansible_distribution_version' fact instead of hardcoding
the version number.
Change-Id: Ie8d8ef236fcaa8b008e08c935d6efed3d64e728e
Add support for SUSE based distributions. We also update the bindep.txt,
run_tests.sh, tests-repo-clone.sh and Vagrantfile files from the
openstack-ansible-tests repository.
Change-Id: I9ac018ac1a94dac74a2ef213dccedf95b4272134
In Ansible, a "string"|bool jinja2 filter does not result to a true
value as presented below:
~$ ansible localhost -e foo="string" -m debug -a "msg={{foo|bool}}"
localhost | SUCCESS => {
"msg": false
}
Only a "true" string results in a boolean True value
~$ ansible localhost -e foo="true" -m debug -a "msg={{foo|bool}}"
localhost | SUCCESS => {
"msg": true
}
as such, the routing files where never installed for the RedHat
distributions. We fix this logic by simply leaving this variable
undefined for the distributions who don't need it.
Change-Id: I0af0ad47487365ad593c5550d2c7e05f650e7174
Add the ability to append pre-up, post-up, pre-down, and post-down script
entries to the container_networks dict that are dropped along with the OSA
default configurations when templating the container's interface config files.
The keys preup, postup, predown, and postdown will be appended to the OSA
lxc_container_default_{pre,post}{up/down} lists when dropping the interface
config.
Change-Id: Idf15ec17bac03b55638fb8d862e5445093677f23
When creating many containers on a single contended host, the execution
of many delegated tasks in parallel results in failure. This patch
consolidates the container prep and networking tasks leveraging the
lxc-rootfs pid path on the physical host instead of relying on delegation.
Change-Id: I0823e34286a0857b539a94604dbe9cdeb8a605f0
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
With https://review.openstack.org/354097 the container prep and
network config for eth0 into the cache preparation.
This patch therefore removes the duplicated prep.
Change-Id: If9abcff780fbf97b83b6f46704088adead30e910
Depends-On: Ia8c0bb759b5df29f1b3a5e11230040ffc6e97362
This commit adds support for container creation on Ubuntu ppc64le.
It maps the ansible architecture to the correct lxc architecture
and sets the container arch accordingly.
Change-Id: I1f142686d7190e5bfe7147366d406381b5011725
The current container creation process overrides the DNS resolution
configuration instead of consuming the configuration implemented
in the container cache preparation.
With the implementation of change I66b448dee361e231d172eb278b290ec4dccfdf97
The container cache makes use of the host resolver configuration.
This patch ensures that the container create process falls into line
with that instead of overriding the cache configuration.
Change-Id: I0f12a50471e670a03e17bfaa2c150a8da3f63af4
This change updates the lxc-container-create role to build lxc containers
using the download template. The build supports ubuntu 14.04/16.04 and
RedHat/CentOS 7 using the multi-distro framework.
This change is incorporating updates built into the lxc_hosts role. Once
merged this should unblock all work geared toward multi-distro support and
testing. The testing structure has been updated to match what is being done
in other roles.
A new file was created "manual-tests.rc" which assists in manual testing
by exporting the needed environment variables to run the role tests without
requiring everything to run through tox which has undesirable side-effects
when running tests that span multiple roles.
Change-Id: Iee304dd026e0865e0444259d2132122233d90f5f
Depends-On: Ie13be2322d28178760481c59805101d6aeef4f36
Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Dmitriy Rabotyagov