Cleanup mounts in containers

Cleanup mount docs, remove redundant config, and set the default backup
mount. These change bring nspawn inline with our LXC capabilities. To
ensure the LXC and nspawn capabilities are on level footing, the read
only bind mount was removed.

Change-Id: I62e2c4ed2b3c7af879e58fca1b22c7dda93fc518
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
Kevin Carter 2018-06-10 14:11:04 -05:00 committed by Jesse Pretorius (odyssey4me)
parent 1cc5f52136
commit 465ef2c09f
8 changed files with 16 additions and 64 deletions

View File

@ -33,7 +33,10 @@ nspawn_read_only_host_bindmount: "{{ _nspawn_read_only_host_bindmount | default(
# bind mount. If any of these items are passed into the container.
# nspawn_shared_host_bindmount:
# - /etc/apt
nspawn_shared_host_bindmount: "{{ _nspawn_shared_host_bindmount | default([]) }}"
nspawn_shared_host_bindmount:
- /etc/localtime
- /root
- /opt
# Defined CPU architecture map
nspawn_architecture_mapping:
@ -84,12 +87,18 @@ container_image: "{{ nspawn_map['distro'] }}-{{ nspawn_map['release'] }}-{{ nspa
container_domain: "openstack.local"
# Container Default bind mounts. This option will be merged with the container
# bind mounts. This option takes a list of files on a host that will be mounted
# at the exact same path within the container.
container_default_bind_mounts: []
# bind mounts. This option takes a list of files with `mount_path` defining the
# path on the host and `bind_dir_path` which defines the intra-container path
# and is relative, it assumes that it starts with a "/".
container_default_bind_mounts:
- mount_path: "/openstack/backup/{{ inventory_hostname }}"
bind_dir_path: "var/backup"
# Container bind mounts. This option takes a list of files on a host that will
# be mounted at the exact same path within the container.
# be mounted at the exact same path within the container. This option takes a
# list of files with `mount_path` defining the path on the host and
# `bind_dir_path` which defines the intra-container path which is a relative
# and starts at "/".
container_bind_mounts: []
# option used to specific specific container config values which will be

View File

@ -353,7 +353,6 @@
name: systemd_networkd
private: true
vars:
systemd_interface_cleanup: true
systemd_run_networkd: true
systemd_resolved_available: "{{ nspawn_container_enable_resolved }}"
systemd_resolved:

View File

@ -16,7 +16,7 @@ BindReadOnly={{ ro_bind.source }}:{{ ro_bind.dest }}
Bind=/openstack/backup/{{ inventory_hostname }}:/var/backup
Bind=/openstack/log/{{ inventory_hostname }}:/var/log
{% for bind in container_default_bind_mounts | union(container_bind_mounts | default([])) %}
Bind={{ bind.mount_path }}:{{ bind.bind_dir_path }}
Bind={{ bind.mount_path }}:/{{ bind.bind_dir_path }}
{% endfor %}
{% for bind in nspawn_shared_host_bindmount %}
Bind={{ bind }}:{{ bind }}

View File

@ -7,7 +7,7 @@
{% set _ = cli_switches.append('--bind=/openstack/backup/' + inventory_hostname + ':/var/backup') %}
{% set _ = cli_switches.append('--bind=/openstack/log/' + inventory_hostname + ':/var/log') %}
{% for bind in container_default_bind_mounts | union(container_bind_mounts | default([])) %}
{% set _ = cli_switches.append('--bind=' + bind.mount_path + ':' + bind.bind_dir_path) %}
{% set _ = cli_switches.append('--bind=' + bind.mount_path + ':/' + bind.bind_dir_path) %}
{% endfor %}
{% for bind in nspawn_shared_host_bindmount %}
{% set _ = cli_switches.append('--bind=' + bind + ':' + bind) %}

View File

@ -17,17 +17,3 @@ _nspawn_map:
distro: centos
arch: "{{ nspawn_architecture_mapping[container_architecture] }}"
release: 7
# This is a list of items that will be passed into the container as READ-ONLY
# files or directories. If any of these items are passed into the container
# the container create process will ensure the file is not present within the
# contianer prior to writting the config.
_nspawn_read_only_host_bindmount:
- { source: /etc/environment, dest: /etc/environment }
# This is a list of items that will be passed into the container as a shared
# bind mount. If any of these items are passed into the container.
_nspawn_shared_host_bindmount:
- /etc/localtime
- /root
- /opt

View File

@ -18,20 +18,6 @@ _nspawn_map:
arch: "{{ nspawn_architecture_mapping[container_architecture] }}"
release: "{{ hostvars[physical_host]['ansible_distribution_version'] }}"
# This is a list of items that will be passed into the container as READ-ONLY
# files or directories. If any of these items are passed into the container
# the container create process will ensure the file is not present within the
# contianer prior to writting the config.
_nspawn_read_only_host_bindmount:
- { source: /etc/environment, dest: /etc/environment }
# This is a list of items that will be passed into the container as a shared
# bind mount. If any of these items are passed into the container.
_nspawn_shared_host_bindmount:
- /etc/localtime
- /root
- /opt
# This version of SUSE does not have access to systemd-resolved. This will need
# to remained disabled until it does.
_nspawn_container_enable_resolved: false

View File

@ -17,17 +17,3 @@ _nspawn_map:
distro: ubuntu
arch: "{{ nspawn_architecture_mapping[container_architecture] }}"
release: xenial
# This is a list of items that will be passed into the container as READ-ONLY
# files or directories. If any of these items are passed into the container
# the container create process will ensure the file is not present within the
# contianer prior to writting the config.
_nspawn_read_only_host_bindmount:
- { source: /etc/environment, dest: /etc/environment }
# This is a list of items that will be passed into the container as a shared
# bind mount. If any of these items are passed into the container.
_nspawn_shared_host_bindmount:
- /etc/localtime
- /root
- /opt

View File

@ -17,17 +17,3 @@ _nspawn_map:
distro: ubuntu
arch: "{{ nspawn_architecture_mapping[container_architecture] }}"
release: bionic
# This is a list of items that will be passed into the container as READ-ONLY
# files or directories. If any of these items are passed into the container
# the container create process will ensure the file is not present within the
# contianer prior to writting the config.
_nspawn_read_only_host_bindmount:
- { source: /etc/environment, dest: /etc/environment }
# This is a list of items that will be passed into the container as a shared
# bind mount. If any of these items are passed into the container.
_nspawn_shared_host_bindmount:
- /etc/localtime
- /root
- /opt