This has not had any practical use for several releases and mostly
carries copies of ansible facts. Remove the variable and use the
facts directly.
Change-Id: I1d2be9d07b38eaf2b737819c451a0d2339f723d0
Right now we write output of `date -d @{{ timestamp }} to
the expiry file, and then attempt to comapre with timestamp.
However, output of `date -d` is datetime and not timestamp,
so these 2 things can not be properly compared. So image cache
was valid forever.
Change-Id: I42f5b43f09d3c530813dd7fd334eafce7a5eaf39
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I80855ac314edcb193375976c86ac6001fac83ff3
This change adds a new role default option which will allow operators
to omit the deployment of specific lxc bridge network config. This
change is being implemented because, as an operator, I have a host
setup specifically built for OpenStack which includes an interface
config covering the lxc deployment. Currently when running a deployment
the role will attempt to deploy a new interface file which at best
conflicts with the host setup and at worst fails to run due to the
interface being in a state unknown to OSA.
The new config option `lxc_net_managed` is default **true** keeping
the existing expectations, but when set to **false** the role will
no longer deploy an interface file or attempt to bring up the interface
using the distro tools.
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
Change-Id: Icdf4a1f5ff98dc1b86c6a87ea4e606b7c74e1aac
This patch switches the debian/ubuntu OS to build their lxc base
images locally using debootstrap rather than download a pre-built
lxc image. This unifies the approach with Centos-8 which is already
building a local image using dnf.
The LXC cache prestage tasks are removed, and all variables
associated with the download of the lxc image are removed from
defaults/main.yml.
A new variable lxc_apt_mirror is introduced, which is passed to
debootstrap to provide the apt source that the container rootfs
should be built from.
Depends-On: https://review.opendev.org/786396
Change-Id: Ia5a62cee7ab493857df16f7ae906796d22ba616c
machinectl is only used to store the image during
initial cache preparation and is unrelated to the
backing store used by LXC.
This patch removes the use of machinectl and btrfs
which makes the lxc_hosts role portable to centos-8
which does not have btrfs
Change-Id: Ib03ea09fa5b4d4b6b3d5ca38a0a6c5cf67eb1df4
The sync from https://review.opendev.org/733244 updated to
openstackdocstheme 2.2.1 and reno 3.1.0 versions.
Set openstackdocs_pdf_link to link to PDF file. Note that
the link to the published document only works on docs.openstack.org
where the PDF file is placed in the top-level html directory. The
site-preview places the PDF in a pdf directory.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: Iabe397da6771d8d5272371b777b3a7a733aaedef
Add file to the reno documentation build to show release notes for
stable/ussuri.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/ussuri.
Change-Id: I409a9511dd7398ead3912cb434249da91e83998e
Sem-Ver: feature
New version of openstackdocstheme (Victoria+) respects pygments_style.
Since this repo is using now Victoria (master) requirements but has
not branched for Ussuri yet, it uses the new version.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
Change-Id: I54a62915be530ad645625e7775c9e0e9f1514090
This repo is now testing only with Python 3, so let's make
a few cleanups:
- Remove setup.* files, these are not needed for this repo
- Cleanup */source/conf.py to remove now obsolete content.
- Remove install_command from tox.ini, the default is fine,
move constraints into deps, cleanup a bit
- Enable warnings for docs building
- Correct ansible search/match tests for ansible 2.9
Depends-On: https://review.opendev.org/726645
Change-Id: Ia5aaa8f41172fe200d1d7ce0c7b6f26f7834e38a
Add file to the reno documentation build to show release notes for
stable/train.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/train.
Change-Id: I1bee281af3b6d54135fc164483fad0847d988fda
Sem-Ver: feature
Repository variables lxc_centos_epel_mirror and lxc_centos_epel_key will
default to centos_epel_mirror and centos_epel_key
Change-Id: Icf84a0a55654fa890947bae5b608870eddad7324
When using a custom repo with centos_epel_mirror, you maybe need to
change the gpg key url because offline env
You can use this variable: lxc_centos_epel_gpg_key
Change-Id: Ia30f20df6971a9a44a69e5cc22020831a95a1489
Add file to the reno documentation build to show release notes for
stable/stein.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/stein.
Change-Id: I614ebd816e393f3a8f8a2fd4655adc58edfcbe33
Sem-Ver: feature
There are a few manual workarounds that we're placing in order
to workaround old versions of machinectl however we don't actually
leverage those and they seem to be causing a dbus restart which
causes extra problems.
This patch removes those workarounds in order to prevent restarting
dbus which causes the system to start timing out on systemd-logind.
Change-Id: I86483225754a5b1c6030ef21e2c0cdf2cd908c3b
Closes-Bug: #1807405
This change implements the machinectl quota system and qgroups when
they're enabled and available. This change is being implemented to
resolve an issue where machinectl based containers using a loopback file
system spam DMESG with the following:
* BTRFS error (device loop0): could not find root $INT
While various upstream sources say this error is benign[0], it raises
an inconsistency flag within the host system and is speculatively the
cause of our inconsistent read-only/Full-FS issues we've seen in the
integrated gate. Once the qgroups are properly setup the system will
remove the inconsistency flag and the message spam will stop.
* BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
To resolve this issue the quota system is being enabled by default
and unlimited qgroups are being setup to ensure we're not running
into file system limitations. This change essentially acknowledges
the built-in quota system and provides for the ability to set /
define specific quota (qgroup) options as necessary. While many
deployers may never use these options or this tooling, the role will
now properly set everything up should it ever be needed.
[0] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1651435
Closes-Bug: #1753790
Change-Id: I34a41ac8a9fe4419254284c83f4600efee274c04
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
In the cache preparation stage, there are certain libraries that
depend on the existance of /dev/random and /dev/urandom in order
to be able to function correctly, such as NSS in the latest CentOS
release (7.5)
This patch adds those nodes so that the libraries are able to use
them with no problems, allowing yum and rpm specifically to work
properly again.
Change-Id: Iaf6b9cb1435591f28289493f480a7fe46789c551
The host and container image variable files have been split. This split
now gives deployers the ability to change or customize the container
image used on a given host.
Change-Id: I839bbcfff3f33dde144e9fb8d078fa1d97f8c410
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
For a very long time we've been parsing and using the lxc images as
provided by upstream lxc. While these images are functional there are by
no means optimal. In general they're quite a bit larger than they need
to be and contian a lot of little sharp edges that have cut us over
the years. This change removes all of the lxc image cache parsing and
meta-data linking and simply downloads the rootfs a given url. To
maintain compatibility with the legacy images a script has been created
to parse the image index and return the legacy image url.
The result of this change:
* Access to smaller more optimal base image which is well known by the
corresponding communities.
* Deployers now have the ability to set and forget the download url for an
internal image instead of having to create a cache infrastructure
compatible with the lxc download template.
* Any rootfs tarball will work as an image.
* Fewer tasks are executed and less memory is consumed resulting in faster
deployment times.
* The base cache has a uniform meta-data setup giving all container
types the same access to config, devices, and templating.
Change-Id: I1775e775bbb7fe86bdffdd8296c2cff5ebc5bac8
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This change moves the image prep scripts out of a ser of variables and
into an actual template. This change will reduce our overall memory
footprint by simply rendering a template instead of injecting content
into a file using the copy module. The result will be faster time to
execution and more understandable output, especially when running in
debug.
Change-Id: Ic90fa7c8fdec8ffd844070ee78d30bd63a33a2a9
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The machinectl cache is currently set image to 16G by default. If
multiple container images are imported into the cache this may be too
small by default. This change sets the cache to "64G" by default allowing
the cache more room to grow by.
This change also disables the quota system once the limit has been set
The option `lxc_host_machine_quota_disabled` has been added to disable or
enable the quota system as needed. This is done after the default limit has
been set so an adequately sized sparce file can be created should it not
already exist.
> More documentation can be seen here [0] with regard to the set-limit
option.
Because we support both modern and older systemd, the cache prep tasks
for old systemd have been updated so that deployers using earlier
versions of systemd can benefit from the ability to grow an existing
cache via playbook run.
[0] https://www.freedesktop.org/software/systemd/man/machinectl.html#set-limit%20%5BNAME%5D%20BYTES
Closes-Bug: #1745361
Change-Id: I85fefc6ce186bb6808ac37a9ea79a50e29671115
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This patch adds tasks that check to see if NetworkManager is
installed and running. If it is, the tasks allow NetworkManager
to handle the `lxcbr0` interface.
In addition, the `NetworkManager-wait-online.service` will be
enabled to ensure that all services that depend on networking will
wait for network configuration to be completed.
Partial-Bug: 1738467
Change-Id: I415241daccf22f03826062eea18b3b36b2d9e53e
CentOS deployments require a special COPR repository for modern LXC
packages. The COPR repository isn't mirrored at this time and this
causes failed gate tests and production deployments.
The role now syncs the LXC packages down from COPR to each host and
builds a local LXC package repository in `/opt/thm-lxc2.0`. This
greatly reduces the amount of times that packages must be downloaded
from the COPR server during deployments, which will reduce failures
until the packages can be hosted with a more reliable source.
In addition, this should speed up playbook runs since ``yum`` can
check a locally-hosted repository instead of a remote repository
with availability and performance challenges.
Partial-Bug: 1730380
Change-Id: I8726b46f4058bb67709246785c7a61278eb64fab
In https://review.openstack.org/523525 the default value was
changed for SuSE and CentOS to be higher, but the value was
also overridden using role vars which have a high precedence.
This patch ensures that the value uses the role defaults to
ensure it has the lowest precedence. It also changes the reno
to ensure that the change in default is communicated.
The increased timeout will have no real effect on gating, but
will benefit installations where the mirror is a bit slow.
Change-Id: I41a68313d1841d14001acca591db5c5638e53ffc
Release notes are version independent, so remove version/release
values. We've found that projects now require the service package
to be installed in order to build release notes, and this is entirely
due to the current convention of pulling in the version information.
Release notes should not need installation in order to build, so this
unnecessary version setting needs to be removed.
This is needed for new release notes publishing, see
I56909152975f731a9d2c21b2825b972195e48ee8 and the discussion starting
at
http://lists.openstack.org/pipermail/openstack-dev/2017-November/124480.html
.
Change-Id: Ided93af14301892493657dad7d0aa340173027b5
This patch implements an initial set of jobs intended to match
the current job execution method. It does not intend to improve
how the jobs are executed - only to replicate what is currently
in openstack-infra/openstack-zuul-jobs and provide the platform
to iterate on.
Change-Id: I53dfb4f5c24c523d77f9f293d47b7b882aa77bf1
This change creates a simple LXC create template for machinectl. This
will allow out container create process to use less storage and more
efficently build containers which will speed up operations and
deployments. This also begins to leverage common tools already on the
systems we support there by simplifing how cache is stored, containers
are built and the general management of images within a host.
The new lxc container create template, and the features it provides,
will only impact new containers created allowing deployers to safely
adopt this change in any existing environment.
Change-Id: I70d53cabd0888954f31def924e9f4436398cdebf
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Move the package list from vars/ to defaults/ to allow for overriding
in inventory group/host vars.
Change-Id: Idb186a061a396713a0e449d47ec262b30d5006ca
Allow deployers to choose a specific mirror by setting the
'lxc_hosts_opensuse_mirror_url' variable
Change-Id: If151501923c5308cfeaee6e33d12df3e7f6959d5
In Ubuntu the 'dnsmasq' package actually includes
init scripts and service configuration which
conflict with LXC and are best not included. The
actual dependent package is 'dnsmasq-base'.
With this change, the cleanup is no longer
required because the files are removed by the
purge or not installed in the first place.
Closes-Bug: #1711140
Change-Id: I0b0a8dec3943651f379479ea1a3b8038736b9219
This patch adds an async task to download the LXC image using aria2
with retries and read timeouts.
Closes-Bug: 1709329
Change-Id: Ib9ec6195dcb7e0e4b18b8526f030e6738f9953e8
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The s390x architecture (aka IBM z Systems) supports OpenStack since
the Kilo release. This change adds the necessary tweaks to let
openstack-ansible do its work on that platform.
Change-Id: Ib682fb19626156b6545e9e62bd8dd0732d2f1ab1
Co-Authored-By: Chris Beukers <chris.beukers@icu-it.nl>
As part of the docs migration work[0] for Pike we need to switch to use the
openstackdocstheme.
[0]https://review.openstack.org/#/c/472275/
Change-Id: I7d7c15ce2bd7c8e0710358e19160f2aebd5522d7
Zuul
OpenStack Release Bot