diff --git a/defaults/main.yml b/defaults/main.yml index 235c3ad..5e10ac6 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -26,15 +26,6 @@ lxc_container_wait_params: lxc_container_config: /etc/lxc/lxc-openstack.conf -lxc_container_default_config_list: - - "lxc.start.auto=1" - - "lxc.start.delay=15" - - "lxc.group=onboot" - - "lxc.group=openstack" - - "lxc.autodev=1" - - "lxc.pts=1024" - - "lxc.kmsg=0" - - "lxc.hook.autodev=/var/lib/lxc/{{ inventory_hostname }}/autodev" lxc_container_config_list: [] lxc_container_commands: "" lxc_container_extra_commands: "{{ _lxc_container_extra_commands | default('echo noop') }}" @@ -146,6 +137,9 @@ lxc_container_allow_restarts: yes lxc_container_network_veth_pair_prefix: "{{ inventory_hostname[-8:].replace('-', '').replace('_', '') }}" lxc_container_network_veth_pair: "{{ lxc_container_network_veth_pair_prefix }}_{{ item.value.interface }}" +# In order to use "with_indexed_items" we need a specific var to reference item.1.interface +# This is for the container-interface.ini.j2 template only. +lxc_container_network_veth_pair_indexed: "{{ lxc_container_network_veth_pair_prefix }}_{{ item.1.interface }}" # A default set of container networks used within the LXC containers. lxc_container_networks: diff --git a/tasks/lxc_container_config.yml b/tasks/lxc_container_config.yml index 9df869e..09e6157 100644 --- a/tasks/lxc_container_config.yml +++ b/tasks/lxc_container_config.yml @@ -133,14 +133,16 @@ with_items: - "{{ macs.results }}" +# NOTE(andymccr): We need an index for the interfaces in LXC >= 3 converting +# to a list and using with_indexed_items for this purpose. - name: LXC host config for container networks template: src: "container-interface.ini.j2" - dest: "/var/lib/lxc/{{ inventory_hostname }}/{{ item.value.interface }}.ini" + dest: "/var/lib/lxc/{{ inventory_hostname }}/{{ item.1.interface }}.ini" owner: "root" group: "root" mode: "0644" - with_dict: "{{ lxc_container_networks_combined }}" + with_indexed_items: "{{ lxc_container_networks_combined.values() | list }}" register: network_config delegate_to: "{{ physical_host }}" @@ -181,7 +183,7 @@ with_items: - "lxc.hook.pre-start = /var/lib/lxc/{{ inventory_hostname }}/veth-cleanup.sh" - "lxc.hook.post-stop = /var/lib/lxc/{{ inventory_hostname }}/veth-cleanup.sh" - - "lxc.haltsignal = SIGRTMIN+4" + - "{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary ('lxc.signal.halt', 'lxc.haltsignal') }} = SIGRTMIN+4" delegate_to: "{{ physical_host }}" - name: Run veth wiring diff --git a/tasks/main.yml b/tasks/main.yml index 1417c0c..a7b4b26 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -13,6 +13,18 @@ # See the License for the specific language governing permissions and # limitations under the License. +- name: Pull lxc version + command: "lxc-ls --version" + changed_when: false + register: lxc_version + delegate_to: "{{ physical_host }}" + tags: + - skip_ansible_lint + +- name: Enable or Disable lxc three syntax + set_fact: + lxc_three_syntax: "{{ (lxc_version.stdout.split('.')[0] | int) >= 3 }}" + - name: Allow the usage of local facts file: path: /etc/ansible/facts.d/ diff --git a/templates/container-interface.ini.j2 b/templates/container-interface.ini.j2 index e312c53..86ae36d 100644 --- a/templates/container-interface.ini.j2 +++ b/templates/container-interface.ini.j2 @@ -1,20 +1,22 @@ # {{ ansible_managed }} +{### For lxc > 3.0 use lxc.net.[i] otherwise use lxc.network #} +{% set _lxc_net_var = (lxc_three_syntax | bool) | ternary ('lxc.net.' + ((item.0 | default(0)) | string),'lxc.network') %} -# Create a veth pair within the container -lxc.network.type = {{ item.value.type|default('veth') }} +# Create a veth pair within the contaihostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04'ner +{{ _lxc_net_var }}.type = {{ item.1.type|default('veth') }} # Network device within the container -lxc.network.name = {{ item.value.interface }} -{% if item.value.type is not defined or item.value.type == 'veth' %} +{{ _lxc_net_var }}.name = {{ item.1.interface }} +{% if item.1.type is not defined or item.1.type == 'veth' %} # Name the veth after the container # NOTE(major): The lxc.network.veth.pair line must appear right after # lxc.network.name or it will be ignored. -lxc.network.veth.pair = {{ lxc_container_network_veth_pair[-15:] }} +{{ _lxc_net_var }}.veth.pair = {{ lxc_container_network_veth_pair_indexed[-15:] }} {% endif %} # Host link to attach to, this should be a bridge if lxc.network.type = veth -lxc.network.link = {{ item.value.bridge }} +{{ _lxc_net_var }}.link = {{ item.1.bridge }} # Hardware Address -lxc.network.hwaddr = {{ hostvars[inventory_hostname][item.value.interface + '_mac_address'] }} +{{ _lxc_net_var }}.hwaddr = {{ hostvars[inventory_hostname][item.1.interface + '_mac_address'] }} # enable the device on boot -lxc.network.flags = up +{{ _lxc_net_var }}.flags = up # Set the container network MTU -lxc.network.mtu = {{ item.value.mtu|default(lxc_container_default_mtu) }} +{{ _lxc_net_var }}.mtu = {{ item.1.mtu|default(lxc_container_default_mtu) }} diff --git a/tests/host_vars/container1.yml b/tests/host_vars/container1.yml index 3a3440e..0fbcd6c 100644 --- a/tests/host_vars/container1.yml +++ b/tests/host_vars/container1.yml @@ -3,7 +3,7 @@ ansible_host: 10.100.100.2 ansible_become: True ansible_user: root lxc_container_config_list: - - "lxc.aa_profile=lxc-openstack" + - "{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary('lxc.apparmor.profile', 'lxc.aa_profile') }}=lxc-openstack" - "lxc.mount.entry=/openstack/{{ inventory_hostname }} opt/test1 none bind,create=dir 0 0" lxc_container_commands: | diff --git a/tests/host_vars/container2.yml b/tests/host_vars/container2.yml index 3b756c7..3505733 100644 --- a/tests/host_vars/container2.yml +++ b/tests/host_vars/container2.yml @@ -4,4 +4,4 @@ ansible_become: True ansible_user: root lxc_container_config_list: # The unconfined profile is causing problems with overlayfs. See https://bugs.launchpad.net/openstack-ansible/+bug/1612412 - - "lxc.aa_profile={{ (lxc_container_backing_store == 'overlayfs') | ternary('lxc-openstack', 'unconfined') }}" + - "{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary('lxc.apparmor.profile', 'lxc.aa_profile') }}={{ (lxc_container_backing_store == 'overlayfs') | ternary('lxc-openstack', 'unconfined') }}" diff --git a/tests/test-containers-functional.yml b/tests/test-containers-functional.yml index 0a31a5b..5e60893 100644 --- a/tests/test-containers-functional.yml +++ b/tests/test-containers-functional.yml @@ -36,22 +36,22 @@ - lxc_container_list.stdout | search("container2\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\s+)*10.100.100.3(,\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})*\s+") - lxc_container_list.stdout | search("container3\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\s+)*10.100.100.4(,\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})*\s+") - - name: Check for the presence of the right aa_profile for container1 - command: grep "^lxc.aa_profile = lxc-openstack$" /var/lib/lxc/container1/config + - name: Check for the presence of the right app armor profile for container1 + command: grep "^{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary('lxc.apparmor.profile', 'lxc.aa_profile') }} = lxc-openstack$" /var/lib/lxc/container1/config register: container1_profile failed_when: container1_profile.rc != 0 tags: - skip_ansible_lint - - name: Check for the presence of the right aa_profile for container2 - command: "grep -E '^lxc.aa_profile = {{ (lxc_container_backing_store == 'overlayfs') | ternary('lxc-openstack', 'unconfined') }}$' /var/lib/lxc/container2/config" + - name: Check for the presence of the right app armor profile for container2 + command: "grep -E '^{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary('lxc.apparmor.profile', 'lxc.aa_profile') }} = {{ (lxc_container_backing_store == 'overlayfs') | ternary('lxc-openstack', 'unconfined') }}$' /var/lib/lxc/container2/config" register: container2_profile failed_when: container2_profile.rc != 0 tags: - skip_ansible_lint - name: Check for the lack of presence of an aa_profile for container3 - command: grep "lxc.aa_profile" /var/lib/lxc/container3/config + command: grep "{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary('lxc.apparmor.profile', 'lxc.aa_profile') }}" /var/lib/lxc/container3/config register: container3_profile failed_when: container3_profile.rc == 0 tags: diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml index 4528816..ab26c41 100644 --- a/vars/redhat-7.yml +++ b/vars/redhat-7.yml @@ -25,6 +25,16 @@ lxc_container_map: arch: amd64 release: 7 +lxc_container_default_config_list: + - "lxc.start.auto=1" + - "lxc.start.delay=15" + - "lxc.group=onboot" + - "lxc.group=openstack" + - "lxc.autodev=1" + - "lxc.pts=1024" + - "lxc.kmsg=0" + - "lxc.hook.autodev=/var/lib/lxc/{{ inventory_hostname }}/autodev" + ### REMOVE IN "S" # The networkd commands are executed within the container but using the host # network namespace. Remove this once systemd-networkd is part of the base diff --git a/vars/suse-42.yml b/vars/suse-42.yml index f27dca6..7f3f7f7 100644 --- a/vars/suse-42.yml +++ b/vars/suse-42.yml @@ -32,6 +32,16 @@ lxc_container_map: arch: amd64 release: "42.3" +lxc_container_default_config_list: + - "lxc.start.auto=1" + - "lxc.start.delay=15" + - "lxc.group=onboot" + - "lxc.group=openstack" + - "lxc.autodev=1" + - "lxc.pts=1024" + - "lxc.kmsg=0" + - "lxc.hook.autodev=/var/lib/lxc/{{ inventory_hostname }}/autodev" + ### REMOVE IN "S" # The machine-id is not removed in the base container. Remove the machine-id # command when the base container no longer has a stored id. diff --git a/vars/ubuntu-16.04.yml b/vars/ubuntu-16.04.yml index aed0146..6f72e03 100644 --- a/vars/ubuntu-16.04.yml +++ b/vars/ubuntu-16.04.yml @@ -25,6 +25,16 @@ lxc_container_map: arch: "{{ lxc_architecture_mapping.get( hostvars[physical_host]['ansible_architecture'] | lower ) }}" release: xenial +lxc_container_default_config_list: + - "lxc.start.auto=1" + - "lxc.start.delay=15" + - "lxc.group=onboot" + - "lxc.group=openstack" + - "lxc.autodev=1" + - "lxc.pts=1024" + - "lxc.kmsg=0" + - "lxc.hook.autodev=/var/lib/lxc/{{ inventory_hostname }}/autodev" + ### REMOVE IN "S" # DBUS is not guarenteeded to be part of the base image. This installs the # requirement. Once DBUS is a built in dependency remove this. diff --git a/vars/ubuntu-18.04.yml b/vars/ubuntu-18.04.yml new file mode 100644 index 0000000..de388a2 --- /dev/null +++ b/vars/ubuntu-18.04.yml @@ -0,0 +1,47 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# TODO: COnfigure with networkd or the other system. +lxc_container_default_route_interfaces: "/etc/network/interfaces.d/{{ item.value.interface }}.cfg" +lxc_container_interface_target: "/etc/network/interfaces.d/{{ item.value.interface }}.cfg" +lxc_container_default_interface: "/etc/network/interfaces" + +lxc_container_map: + distro: ubuntu + arch: "{{ lxc_architecture_mapping.get( hostvars[physical_host]['ansible_architecture'] | lower ) }}" + release: bionic + +lxc_container_default_config_list: + - "lxc.start.auto=1" + - "lxc.start.delay=15" + - "lxc.group=onboot" + - "lxc.group=openstack" + - "lxc.autodev=1" + - "lxc.pty.max=1024" + - "lxc.hook.autodev=/var/lib/lxc/{{ inventory_hostname }}/autodev" + +### REMOVE IN "S" +# DBUS is not guarenteeded to be part of the base image. This installs the +# requirement. Once DBUS is a built in dependency remove this. +# systemd-resolved is not setup in the base image, once we can ensure that all +# deployments have this service setup the systemd-resolved lines can be removed. +_lxc_container_extra_commands: | + apt-get update + apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes dbus + for action in disable mask; do + systemctl ${action} resolvconf.service || true + systemctl ${action} systemd-networkd-resolvconf-update.path || true + systemctl ${action} systemd-networkd-resolvconf-update.service || true + done diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 5be1a94..219721b 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -20,6 +20,13 @@ vars: tox_env: dir +- job: + name: openstack-ansible-dir-ubuntu-bionic + parent: openstack-ansible-functional + nodeset: ubuntu-bionic + vars: + tox_env: dir + - job: name: openstack-ansible-dir-centos-7 parent: openstack-ansible-functional diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index a82069e..55d2bc9 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -16,9 +16,10 @@ check: jobs: - openstack-ansible-linters - - openstack-ansible-dir-ubuntu-xenial - openstack-ansible-dir-centos-7 - openstack-ansible-dir-opensuse-423 + - openstack-ansible-dir-ubuntu-bionic + - openstack-ansible-dir-ubuntu-xenial - openstack-ansible-btrfs-ubuntu-xenial - openstack-ansible-btrfs-centos-7 - openstack-ansible-btrfs-opensuse-423 @@ -35,6 +36,7 @@ gate: jobs: - openstack-ansible-linters - - openstack-ansible-dir-ubuntu-xenial - openstack-ansible-dir-centos-7 - openstack-ansible-dir-opensuse-423 + - openstack-ansible-dir-ubuntu-bionic + - openstack-ansible-dir-ubuntu-xenial