From d520e804625dfaa8fa2cf735e50542e02f7610f4 Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin.carter@rackspace.com>
Date: Fri, 18 May 2018 13:41:33 -0500
Subject: [PATCH] Make host copying more selective

The host copy process was taking too much, this makes that process more
selective.

Change-Id: Ic25559d9b68b6208ffdbed020cc79bd6b3d52fdd
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
 defaults/main.yml                             |  6 ++++++
 handlers/main.yml                             |  5 +++++
 tasks/nspawn_cache.yml                        | 19 +++++++++++++++++--
 .../prep-scripts/nspawn_centos_prep.sh.j2     |  2 +-
 .../prep-scripts/nspawn_opensuse_prep.sh.j2   |  2 +-
 .../prep-scripts/nspawn_ubuntu_prep.sh.j2     |  7 +++++++
 tests/test.yml                                |  1 +
 vars/redhat-7.yml                             |  1 +
 vars/suse-42.yml                              |  3 ++-
 vars/ubuntu-16.04.yml                         |  3 +++
 vars/ubuntu-18.04.yml                         |  3 +++
 11 files changed, 47 insertions(+), 5 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index e829ea2..160204f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -131,6 +131,12 @@ nspawn_copy_from_host: "{{ nspawn_default_copy_from_host | union(_nspawn_copy_fr
 #    - /etc/apt/preferences.d/
 nspawn_container_cache_files_from_host: []
 
+# Default list of packages to install within the build container cache. These
+# packages are installed first, before running anything else within the image.
+#  nspawn_container_distro_required_packages:
+#    - gnupg
+nspawn_container_distro_required_packages: "{{ _nspawn_container_distro_required_packages | default([]) }}"
+
 # Default list of packages to install within the build container cache.
 #  nspawn_container_distro_packages:
 #    - curl
diff --git a/handlers/main.yml b/handlers/main.yml
index cd1b352..7991de2 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -56,3 +56,8 @@
 - name: Reload systemd-daemon
   systemd:
     daemon_reload: true
+
+- name: Remove generated apt keys
+  file:
+    path: /root/repo.keys
+    state: absent
diff --git a/tasks/nspawn_cache.yml b/tasks/nspawn_cache.yml
index b8379c1..a320bdb 100644
--- a/tasks/nspawn_cache.yml
+++ b/tasks/nspawn_cache.yml
@@ -66,18 +66,33 @@
   when:
     - nspawn_image_cache_refresh | bool
 
+- block:
+    - name: Generate apt keys from host for the container cache
+      command: "apt-key exportall"
+      changed_when: false
+      register: _apt_exportall
+
+    - name: Write exported keys to file
+      copy:
+        content: "{{ _apt_exportall.stdout }}"
+        dest: "/var/lib/machines/{{ nspawn_container_base_name }}/root/repo.keys"
+      notify:
+        - Remove generated apt keys
+  when:
+    - ansible_pkg_mgr == 'apt'
+
 - name: Cached image preparation script
   template:
     src: "prep-scripts/nspawn_{{ nspawn_cache_map.distro }}_prep.sh.j2"
     dest: "/var/lib/machines/{{ nspawn_container_base_name }}/usr/local/bin/cache-prep-commands.sh"
     mode: "0755"
 
-# This task runs several commands against the cached image to speed up the
-# nspawn_container_create playbook.
 - name: Prepare cached image setup commands
   shell: "chroot /var/lib/machines/{{ nspawn_container_base_name }} /usr/local/bin/cache-prep-commands.sh > /var/log/nspawn-cache-prep-commands.log 2>&1"
   changed_when: false
 
+# This task runs several commands against the cached image to speed up the
+# nspawn_container_create playbook.
 - name: Sync files from the host into the container cache
   shell: |
     if [[ -e "{{ item }}" ]]; then
diff --git a/templates/prep-scripts/nspawn_centos_prep.sh.j2 b/templates/prep-scripts/nspawn_centos_prep.sh.j2
index 8dd92ee..861b752 100644
--- a/templates/prep-scripts/nspawn_centos_prep.sh.j2
+++ b/templates/prep-scripts/nspawn_centos_prep.sh.j2
@@ -27,7 +27,7 @@ rpm --import /etc/pki/rpm-gpg/*
 which dnf &>/dev/null && RHT_PKG_MGR='dnf' || RHT_PKG_MGR='yum'
 # Create yum/dnf transaction file and run it all at once
 echo "update" > /tmp/package-transaction.txt
-echo "install {{ nspawn_container_distro_packages | join(' ') }}" >> /tmp/package-transaction.txt
+echo "install {{ (nspawn_container_distro_packages | union(nspawn_container_distro_required_packages) | unique) | join(' ') }}" >> /tmp/package-transaction.txt
 echo "run" >> /tmp/package-transaction.txt
 $RHT_PKG_MGR -y shell /tmp/package-transaction.txt
 yum-complete-transaction --cleanup-only
diff --git a/templates/prep-scripts/nspawn_opensuse_prep.sh.j2 b/templates/prep-scripts/nspawn_opensuse_prep.sh.j2
index d7be5a2..90d5bf2 100644
--- a/templates/prep-scripts/nspawn_opensuse_prep.sh.j2
+++ b/templates/prep-scripts/nspawn_opensuse_prep.sh.j2
@@ -34,7 +34,7 @@ fi
 
 # Key import
 zypper --gpg-auto-import-keys -n dup --force-resolution -l
-zypper --gpg-auto-import-keys -n in --force-resolution -l {{ nspawn_container_distro_packages | join(' ') }}
+zypper --gpg-auto-import-keys -n in --force-resolution -l {{ (nspawn_container_distro_packages | union(nspawn_container_distro_required_packages) | unique) | join(' ') }}
 
 rm -f /usr/bin/python || true
 ln -s /usr/bin/python2.7 /usr/bin/python
diff --git a/templates/prep-scripts/nspawn_ubuntu_prep.sh.j2 b/templates/prep-scripts/nspawn_ubuntu_prep.sh.j2
index 9f7ea08..f65477d 100644
--- a/templates/prep-scripts/nspawn_ubuntu_prep.sh.j2
+++ b/templates/prep-scripts/nspawn_ubuntu_prep.sh.j2
@@ -24,8 +24,15 @@ set -e
 
 # Update base distribution
 export DEBIAN_FRONTEND=noninteractive
+
 apt-get remove -y --purge snap* nspawn* lxd* resolvconf || true
 apt-get update
+apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes {{ nspawn_container_distro_required_packages | join(' ') }}
+
+if [[ -f "/root/repo.keys" ]]; then
+  apt-key add /root/repo.keys
+fi
+
 apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes {{ nspawn_container_distro_packages | join(' ') }}
 apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes
 apt-get clean
diff --git a/tests/test.yml b/tests/test.yml
index cedead5..c2e0bff 100644
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -18,6 +18,7 @@
   connection: local
   become: true
   vars:
+    bridges: []
     nspawn_networks:
       nspawn_address:
         bridge: "nspawn0"
diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml
index c7d860a..6efb1f8 100644
--- a/vars/redhat-7.yml
+++ b/vars/redhat-7.yml
@@ -59,4 +59,5 @@ _nspawn_cache_map:
 
 _nspawn_copy_from_host:
   - /etc/pki/rpm-gpg/
+  - /etc/yum/pluginconf.d/fastestmirror.conf
   - /etc/yum.repos.d/
diff --git a/vars/suse-42.yml b/vars/suse-42.yml
index 63027af..58850ff 100644
--- a/vars/suse-42.yml
+++ b/vars/suse-42.yml
@@ -54,7 +54,8 @@ _nspawn_cache_map:
   release: "{{ hostvars[physical_host]['ansible_distribution_version'] }}"
 
 _nspawn_copy_from_host:
-  - /etc/zypp
+  - /etc/zypp/repos.d/repo-oss.repo
+  - /etc/zypp/repos.d/repo-update.repo
 
 ## Set default mirror for openSUSE repositories
 # NOTE(hwoarang): Ensure that the full path to the 'opensuse' directory is used.
diff --git a/vars/ubuntu-16.04.yml b/vars/ubuntu-16.04.yml
index 047adb8..63f90a4 100644
--- a/vars/ubuntu-16.04.yml
+++ b/vars/ubuntu-16.04.yml
@@ -28,6 +28,9 @@ _nspawn_hosts_distro_packages:
   - pxz
   - systemd-container
 
+_nspawn_container_distro_required_packages:
+  - gnupg
+
 _nspawn_container_distro_packages:
   - apt-transport-https
   - ca-certificates
diff --git a/vars/ubuntu-18.04.yml b/vars/ubuntu-18.04.yml
index f924b0a..1da12aa 100644
--- a/vars/ubuntu-18.04.yml
+++ b/vars/ubuntu-18.04.yml
@@ -28,6 +28,9 @@ _nspawn_hosts_distro_packages:
   - pxz
   - systemd-container
 
+_nspawn_container_distro_required_packages:
+  - gnupg
+
 _nspawn_container_distro_packages:
   - apt-transport-https
   - ca-certificates