If this is not done before the systemd_service role is run then
the operating system specific variables file cannot be loaded
and the container creation will fail with:
TASK [systemd_networkd : Gather variables for each operating system] ***********
fatal: [container1]: FAILED! => {"msg": "No file was found when using first_found.
This is due to varaibles like ansible_distribution being unset
until facts gathering has been done, and the lack of facts gathering
is probably exposed by the recent upgrade to ansible 2.9.
Depends-On: https://review.opendev.org/728995
Depends-On: https://review.opendev.org/728997
Change-Id: Ifee09ed58e32584d799fca13f33f842765f9cfb9
The private option on include role was never implemented and
will no longer be developed. This change removes the option
so ansible no longer raises a deprecation warning.
Change-Id: I7678c1a5de07cda066dcf1e24684300fef56e0ba
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The systemd-nspawn template has been updated to better support for
modern systems. This was primarily done for better centos and suse
support which have older versions of systemd.
Change-Id: I4c01102dae8445317a3a891861f2cd4bef20492b
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The current network creation loop would allow a user to create duplicate
configs within a container and that can break parts of an environment.
Change-Id: I3585422fb134eec5ef2532515a6cda463b239f7c
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Cleanup mount docs, remove redundant config, and set the default backup
mount. These change bring nspawn inline with our LXC capabilities. To
ensure the LXC and nspawn capabilities are on level footing, the read
only bind mount was removed.
Change-Id: I62e2c4ed2b3c7af879e58fca1b22c7dda93fc518
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Macvlan interfaces can have a user defined interface within the host
config. This change ensures that the capability, which is documented in
the nspawn_host role, is actually functional.
Change-Id: I083042a791d9213b9b1872a239dc18dc6c7ae46e
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The default qgroup setup was setting the qgroup limits to none which
allows the system to dynamical expand or contract. While this works
there can be a lag between the time it takes to grow vs the time it
takes to hit the limit. This change sets the limits accordingly should a
deployer not have a container specific limit set already.
Change-Id: Iea2498bfe1c391f4b4bee295c8f04b2655f404d9
The network cleanup Boolean has been enabled to cleanup the network
interface files this role will be responsible for as it creates
containers. This change will ensure the network interface files created
within nspawn containers do not grown uncontrollably or inadvertently
create conflicts.
Change-Id: Idc6f0895eb75c7f5f23f25b701754eb5bbf6163e
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The combined networks variable will allow deployers to set basic
container networks, default nspawn networks, and any "extra" networks a
deployer may need outside of a standard build.
Change-Id: I0cfed0ad6cce99c420c31920446e0a69a82fa602
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
We don't need everything the setup module pulls by default.
Change-Id: I404db42bad931520c5832edd3b1bd0468c4f676c
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The test networks were being setup using networkd and a custom template,
this change updates the process so we're dog fooding.
Additionally change the container config drop so that its executing a
container restart when needed and in the right order.
Several tests were removed because they are basic operations which are
already being tested in the nspawn_hosts role.
Change-Id: I50799d53f8d75f043ed12d4e50da3d55a4ee159a
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The container network creation process needs to assume that the bridge
name is available and fall back to the interface. Previously this was
being done in reverse.
Change-Id: I51829349b5bc3f97c100a379b13f7e99f4007228
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The host may have busted facts for any number of reasons. This change
gathers required facts on the physical_host prior to requiring them.
Change-Id: I0f12bc0b8d5df8840d232853d9aeaecac2688aa6
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The changes here remove the boiler plate code we had in favor of using
all of our common roles. This also updates the nspawn role using some of
the learnings we've had from our recent LXC changes and ensures we're
not breaking any compatibility we had with our various distros.
Add option to run a full config update if required
> As a deployer I need the ability to make a sweeping change to container
configs if required. At present the nspawn container create role will
attempt to preserve the configs and update only what's required, which
is desirable when maintaining uptime. This change provides the option
`nspawn_container_preserve_config` which, if set to "false" will
template the container configs instead of trying to preserve it.
Document everything in config
Change-Id: Ie969c10578e1102767ad8991c9d6171b547aef87
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The conditionals based on nspawn_config_exists.stat.exists
fail in some conditions. When the task doing the state does
not execute, there is no dictionary result with the appropriate
structure, causing tasks relying on the structure to fail.
This patch re-arranges the conditionals so that when they
are evaluated, they do so in a better process of elimination.
First, evaluate the same conditional as the stat task, then
validate that the stat dict exists, then check the key in
the stat result.
Change-Id: I6f2d8943c4279edf44907aa145935be858dbc673
The block rescue pattern has been replaced with a stat and slurp set of
tasks with conditionals making it more known to the deployer what is
happening and why.
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This change corrects environment settings and ensures new containers all
use private networking.
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Dmitriy Rabotyagov