Replace ifupdown with native ip-link

We also leverage systemd-networkd for managing lxc-net and replace using of custom service template for lxc-dnsmasq service with our systemd-service role. These changes are quite tighten together, so it's quite hard to split them in different patchsets. Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/861350 Change-Id: I5ac99e2b6c6e6ccd9da18ae68e1f8801f95f4f4e
2022-02-07 14:30:27 +02:00 · 2022-02-07 14:30:27 +02:00 · 3d8e3690ba
parent d1fe9f7bec
commit 3d8e3690ba
11 changed files with 70 additions and 175 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -39,17 +39,8 @@
    enabled: "yes"
    daemon_reload: yes

- name: Restart bridge
-  shell: "ifdown {{ lxc_net_bridge }} || true"
-  notify:
-    - Bring bridge up
-    - Veth check
-
 - name: Bring bridge up
-  command: "ifup {{ lxc_net_bridge }}"
-
- name: Veth check
-  command: "/usr/local/bin/lxc-veth-check"
+  command: "ip link set {{ lxc_net_bridge }} up"

 - name: Reload systemd units
  systemd:
--- a/tasks/lxc_net.yml
+++ b/tasks/lxc_net.yml
@ -32,67 +32,84 @@
    enabled: yes
  when: networkmanager_check.rc == 0

- name: Drop lxc net bridge
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: "root"
-    group: "root"
-    mode: "{{ item.mode | default('0644') }}"
-  with_items: "{{ lxc_cached_network_interfaces }}"
-  notify:
-    - Restart bridge
-  tags:
-    - lxc-files
-    - lxc-net
-    - lxc-bridge
-    - lxc-interfaces
+# NOTE(noonedeadpunk): Drop after AA release as this task is needed to cleanup older config
+- name: Delete previously provisioned lxc-net configuration
+  file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - /etc/network/interfaces.d/lxc-net-bridge.cfg
+    - "/etc/sysconfig/network-scripts/ifcfg-{{ lxc_net_bridge }}"
+    - "/etc/sysconfig/network-scripts/ifdown-post-{{ lxc_net_bridge }}"

-# NOTE(mhayden): There are ifup hooks that handle the customized LXC container
-# networking. Starting lxc-net will trample over these hooks and cause
-# networking issues for containers.
+# NOTE(mhayden): There are systemd services that act like ifup/ifdown hooks
+# and handle the customized LXC container networking. Starting lxc-net will
+# trample over these hooks and cause networking issues for containers.
 - name: Disable and stop lxc-net
  service:
    name: lxc-net
    enabled: no
    state: stopped
+    masked: true
  tags:
    - lxc-net

- name: Mask lxc-net systemd service
-  file:
-    src: /dev/null
-    path: /etc/systemd/system/lxc-net.service
-    state: link
-  tags:
-    - lxc-files
-    - lxc-net
+- name: Run the systemd-networkd role
+  include_role:
+    name: systemd_networkd
+  vars:
+    systemd_networkd_prefix: "lxc-net"
+    systemd_run_networkd: true
+    systemd_netdevs:
+      - NetDev:
+          Name: "{{ lxc_net_bridge }}"
+          Kind: bridge
+        Bridge:
+          ForwardDelaySec: 0
+          HelloTimeSec: 2
+          MaxAgeSec: 12
+          STP: off
+    systemd_networks:
+      - interface: "{{ lxc_net_bridge }}"
+        address: "{{ lxc_net_address }}"
+        netmask: "{{ lxc_net_netmask }}"
+        config_overrides:
+          Network:
+            ConfigureWithoutCarrier: yes
+            Gateway: "{{ lxc_net_gateway is not none | ternary(lxc_net_gateway, {}) }}"

-# All Debian based systems use the interfaces.d directory for extra network configs
-#  this check ensures the needed source line is in the base config file
- name: Ensure networking includes interfaces.d
-  lineinfile:
-    dest: "/etc/network/interfaces"
-    line: "source /etc/network/interfaces.d/*.cfg"
-    backup: "yes"
-  when:
-    - ansible_facts['os_family'] == "Debian"
-  tags:
-    - lxc-net
-    - lxc-interfaces
-
- name: Create systemd unit for dnsmasq
-  template:
-    src: lxc-dnsmasq-systemd-init.j2
-    dest: "/etc/systemd/system/lxc-dnsmasq.service"
-    owner: root
-    group: root
-    mode: '0644'
-  when:
-    - lxc_net_nat | bool
-  notify:
-    - Reload systemd units
-    - Restart dnsmasq
+- name: Run the systemd-service role
+  include_role:
+    name: systemd_service
+  vars:
+    systemd_service_enabled: true
+    systemd_slice_name: lxc-dnsmasq
+    systemd_services:
+      - service_name: lxc-dnsmasq
+        state: started
+        enabled: yes
+        execstartpres: |
+          {% set pres = ['-/usr/bin/pkill -u {{ lxc_net_dnsmasq_user }} "^dnsmasq"'] %}
+          {% if lxc_net_manage_iptables | bool %}
+          {%   set _ = pres.append('/usr/local/bin/lxc-system-manage iptables-create') %}
+          {% endif%}
+          {{ pres }}
+        execstarts:
+          - /usr/local/bin/lxc-system-manage dnsmasq-start
+        execstops:
+          - -/usr/local/bin/lxc-system-manage dnsmasq-stop
+        execstopposts: |
+          {% set posts = [] %}
+          {% if lxc_net_manage_iptables | bool %}
+          {%   set _ = posts.append('-/usr/local/bin/lxc-system-manage iptables-remove') %}
+          {% endif %}
+          {{ posts }}
+        config_overrides:
+          Unit:
+            Before: lxc.service
+          Service:
+            PIDFile: /run/lxc/dnsmasq.pid
+  when: lxc_net_nat | bool

 # Check that the container bridge exists, if not bring it up
 - name: Check Container Bridge exists
--- a/templates/lxc-dnsmasq-systemd-init.j2
+++ b/templates/lxc-dnsmasq-systemd-init.j2
@ -1,43 +0,0 @@
-# {{ ansible_managed }}
-
-[Unit]
-Description=lxc dnsmasq service
-After=network-online.target
-Before=lxc.service
-
-[Service]
-Type=simple
-User=root
-
-{% if lxc_net_manage_iptables | bool %}
-ExecStartPre=/usr/local/bin/lxc-system-manage iptables-create
-{% endif %}
-
-ExecStartPre=-/usr/bin/pkill -u {{ lxc_net_dnsmasq_user }} "^dnsmasq"
-
-ExecStart=/usr/local/bin/lxc-system-manage dnsmasq-start
-
-ExecStop=-/usr/local/bin/lxc-system-manage dnsmasq-stop
-
-{% if lxc_net_manage_iptables | bool %}
-ExecStopPost=-/usr/local/bin/lxc-system-manage iptables-remove
-{% endif %}
-
-PIDFile=/run/lxc/dnsmasq.pid
-
-# Give a reasonable amount of time for the server to start up/shut down
-TimeoutSec=120
-Restart=on-failure
-RestartSec=2
-
-# This creates a specific slice which all services will operate from
-#  The accounting options give us the ability to see resource usage through
-#  the `systemd-cgtop` command.
-Slice=lxc-dnsmasq.slice
-CPUAccounting=true
-BlockIOAccounting=true
-MemoryAccounting=false
-TasksAccounting=true
-
-[Install]
-WantedBy=multi-user.target
--- a/templates/lxc-net-bridge.cfg.j2
+++ b/templates/lxc-net-bridge.cfg.j2
@ -1,15 +0,0 @@
-# {{ ansible_managed }}
-
-auto {{ lxc_net_bridge }}
-iface {{ lxc_net_bridge }} inet static
-    address {{ lxc_net_address }}
-    netmask {{ lxc_net_netmask }}
-{% if lxc_net_gateway is not none %}
-    gateway {{ lxc_net_gateway }}
-{% endif %}
-    bridge_fd 0
-    bridge_maxwait 0
-    bridge_ports {{ lxc_net_bridge_port }}
-    bridge_hello 2
-    bridge_maxage 12
-    bridge_stp off
--- a/templates/lxc-net-redhat-bridge.cfg.j2
+++ b/templates/lxc-net-redhat-bridge.cfg.j2
@ -1,14 +0,0 @@
-# {{ ansible_managed }}
-
-DEVICE={{ lxc_net_bridge }}
-TYPE=Bridge
-IPADDR={{ lxc_net_address }}
-NETMASK={{ lxc_net_netmask }}
-{% if lxc_net_gateway is not none %}
-GATEWAY={{ lxc_net_gateway }}
-{% endif %}
-ONBOOT=yes
-BOOTPROTO=none
-NM_CONTROLLED={{ (networkmanager_check.rc == 0) | ternary('yes', 'no') }}
-DELAY=0
-STP=no
--- a/templates/lxc-net-redhat-postdown.cfg.j2
+++ b/templates/lxc-net-redhat-postdown.cfg.j2
@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-if [ "{{ item.interface }}" == "{{ lxc_net_bridge }}" ];then
-  if [ "{{ lxc_net_nat }}" == "True" ];then
-    /usr/local/bin/lxc-system-manage dnsmasq-stop
-    /usr/local/bin/lxc-system-manage iptables-remove
-  fi
-fi
--- a/templates/lxc-networkd-bridge.netdev.j2
+++ b/templates/lxc-networkd-bridge.netdev.j2
@ -1,10 +0,0 @@
-# {{ ansible_managed }}
-[NetDev]
-Name={{ lxc_net_bridge }}
-Kind=bridge
-
-[Bridge]
-ForwardDelaySec=0
-HelloTimeSec=2
-MaxAgeSec=12
-STP=off
--- a/templates/lxc-networkd-bridge.network.j2
+++ b/templates/lxc-networkd-bridge.network.j2
@ -1,10 +0,0 @@
-# {{ ansible_managed }}
-[Match]
-Name={{ lxc_net_bridge }}
-
-[Network]
-Address={{ (lxc_net_address ~ '/' ~ lxc_net_netmask) | ansible.utils.ipaddr('cidr') }}
-{% if lxc_net_gateway is not none %}
-Gateway={{ lxc_net_gateway }}
-{% endif %}
-ConfigureWithoutCarrier=yes
--- a/templates/lxc-system-manage.j2
+++ b/templates/lxc-system-manage.j2
@ -195,7 +195,7 @@ function start_networks {
    if [ -f "/sys/class/net/${LXC_BRIDGE}/bridge/bridge_id" ];then
        success "LXC container network is already online."
    else
-        if [ ! "$(ifup ${LXC_BRIDGE})" ];then
+        if [ ! "$(ip link set ${LXC_BRIDGE} up)" ];then
            info "Building the LXC container network."

            # Create lxc bridge
--- a/vars/debian-host.yml
+++ b/vars/debian-host.yml
@ -28,7 +28,6 @@ _lxc_hosts_distro_packages:
  - dnsmasq-base
  - git
  - gzip
-  - ifupdown
  - iptables
  - irqbalance
  - liblxc1
@ -49,7 +48,3 @@ lxc_xz_bin: xz

 system_config_dir: "/etc/default"
 systemd_utils_prefix: "/lib/systemd"
-
-lxc_cached_network_interfaces:
-  - src: "lxc-net-bridge.cfg.j2"
-    dest: "/etc/network/interfaces.d/lxc-net-bridge.cfg"
--- a/vars/redhat-host.yml
+++ b/vars/redhat-host.yml
@ -30,7 +30,6 @@ _lxc_hosts_distro_packages:
  - lxc-devel
  - lxc-libs
  - lxc-templates-extra # requires lxc-templates
-  - network-scripts
  - policycoreutils-python-utils
  - procps
  - python3-lxc
@ -39,11 +38,3 @@ _lxc_hosts_distro_packages:
  - xz

 lxc_xz_bin: xz
-
-lxc_cached_network_interfaces:
-  - src: "lxc-net-redhat-bridge.cfg.j2"
-    dest: "/etc/sysconfig/network-scripts/ifcfg-{{ lxc_net_bridge }}"
-  - src: "lxc-net-redhat-postdown.cfg.j2"
-    dest: "/etc/sysconfig/network-scripts/ifdown-post-{{ lxc_net_bridge }}"
-    mode: "0755"
-    interface: "${DEVICE}"