Update the systemd-nspawn template for legacy systemd environments
The systemd-nspawn template has been updated to better support for modern systems. This was primarily done for better centos and suse support which have older versions of systemd. Change-Id: I4c01102dae8445317a3a891861f2cd4bef20492b Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
parent
0d48c2d6ec
commit
fd7bb01097
|
@ -282,6 +282,7 @@
|
|||
src: "/var/run/systemd/resolve/resolv.conf"
|
||||
dest: "/var/lib/machines/{{ inventory_hostname }}/etc/resolv.conf"
|
||||
force: true
|
||||
follow: false
|
||||
state: link
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when:
|
||||
|
@ -322,7 +323,7 @@
|
|||
daemon_reload: yes
|
||||
name: "systemd-nspawn@{{ systemd_escape.stdout }}"
|
||||
state: "{{ ((machinectl_container_clone is changed or container_config_new is changed or container_config_old is changed) | default(false)) | ternary('restarted', 'started') }}"
|
||||
enabled: "{{ (nspawn_systemd_version | int > 219) | ternary('true', 'false') }}"
|
||||
enabled: true
|
||||
register: machinectl_start
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
|
|
@ -45,6 +45,11 @@ Documentation=man:systemd-nspawn(1)
|
|||
PartOf=machines.target
|
||||
Before=machines.target
|
||||
After=network.target
|
||||
After=network-online.target
|
||||
After=systemd-networkd.service
|
||||
After=systemd-resolved.service
|
||||
After=nspawn-macvlan.service
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/bin/systemd-nspawn --keep-unit --boot --link-journal=try-host --machine={{ systemd_escape.stdout }} {{ cli_switches | unique | join(' ') }}
|
||||
|
@ -54,7 +59,7 @@ RestartForceExitStatus=133
|
|||
SuccessExitStatus=133
|
||||
Slice=machine.slice
|
||||
Delegate=yes
|
||||
TasksMax=8192
|
||||
TasksMax=16384
|
||||
|
||||
# Enforce a strict device policy, similar to the one nspawn configures
|
||||
# when it allocates its own scope unit. Make sure to keep these
|
||||
|
@ -76,5 +81,10 @@ DeviceAllow=/dev/loop-control rw
|
|||
DeviceAllow=block-loop rw
|
||||
DeviceAllow=block-blkext rw
|
||||
|
||||
# nspawn can set up LUKS encrypted loopback files, in which case it needs
|
||||
# access to /dev/mapper/control and the block devices /dev/mapper/*.
|
||||
DeviceAllow=/dev/mapper/control rw
|
||||
DeviceAllow=block-device-mapper rw
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
WantedBy=machines.target
|
||||
|
|
Loading…
Reference in New Issue