With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I6a9986cd948dbeaf2847ea4dd04deed974f80d20
For consistency reasons we try to leverage our systemd_service role as
much as we can. Instead of maintaining separate systemd unit templates
the role can be leveraged for same purposes and reduce complexity in
this role.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/865952
Change-Id: I59e6504240eafdb5f0d010ff8a051078e25b1281
For consistency reasons instead of placing a template for
systemd-networkd we better use systemd_networkd role that is present
for a while.
Change-Id: I1e9deaa2892a8fa7eb171acaf75441d7efeac297
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I2defac928ff0081b262ba31bdb9981274f13b32b
Precess column was present only for CentOS 8 and is not applicable for
other distros. In the meanwhile Active column is present in all distros.
Change-Id: I13605f21497c7eb8e2dd569ab90e2466bce8ac3e
There is a race condition between starting an lxc container and executing
the first ansible task. Ansible makes heavy use of /tmp and the first
task executed after 'lxc-start' will collide with systemd-tmpfiles-setup
which by default removes all content from /tmp, including the working
files of any ansible task which happens to be running. This causes a fatal
error for ansible which cannot be recovered with retries.
This patch adds a raw command to check the state of the tmpfiles-setup
service and wait until it has completed, avoiding the race confdition.
Co-Authored-By: Dmitriy Rabotyagov <noonedeadpunk@ya.ru>
Change-Id: I8111ae7548cddd71b0f384157e28ced40392401b
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.
This should fix it.
Change-Id: Ie89ff6580bec52b598776c479a909c9a99c005b0
This change sets the hostname of containers using the hostnamectl
command which has several enhancements over legacy method. By using
hostnamectl the command will validate the hostname for correctness
ensuring the container hostnames are conforming the the RFC.
The old methods have been removed and the command has been made part of
the handlers and will be run after the activation of dbus.
Change-Id: I158a5deb0685d2dcd436d7dd92caecb9966a025e
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
With the implementation of networkd the ENI scripts and config files for
the default interfaces shipped with the lxc container images we use is
no longer useful. These old files can cause conflicts in networking
should the old scripts and networkd get confused especially when it
comes to an interface that is setup for DHCP. This change simply defines
the default interfaces for both suse and ubuntu and ensures they're
deleted.
The interface flush handler has been set to failed when false because on
initial container create the eth0 device may not exist until
systemd-networkd is restarted for the first time.
Change-Id: I70abb5ec4226a81a065e495e19f5e7e0c569e1b0
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This patch changes the flush routes handler to flush the entire
interface config from the interface. This is needed because
systemd-networkd does not restore the route of non-DHCP interfaces
when flushing routes and restarting systemd-networks.
Change-Id: I17748b0dd2307fd9bee705140c67883140090298
Signed-off-by: Major Hayden <major@mhtx.net>
Unify container network interfaces using Systemd Networkd for ubuntu,
centos, and openSUSE. This change allows the role to use a single way to
configure container networks.
Care has been taken to ensure we're able to cleanly upgrade to the new
capabilities within existing environments without breaking any feature
compatibility or causing any container restarts.
It's also worth noting that all of the pre/post networking up/down
script options have been converted to systemd "oneshot" services. This
retains the ability to run adhoc scripts post network availability
while also opening up this capability, which used to be ubuntu only,
to all of our supported operating systems.
> Our usage of `lxc-attach` was removed in favor of `nsenter` to fix a
issue where multiple `lxc-attach` commands issued to a single physical
host could result in a hang.
> Scripts that were being generated inline have been placed into
template files. This solves a long standing memory consumption issue
when creating lots of containers. The old shell tasks will now be
executed from a generated script. While this should also help with
debugging, the main driver is to ensure better system stability.
> A lot of cleanup has been done throughout the task files and
templates. In the process of updating the role to use unified
networking a lot of duplicate tasks, scripts, and processes have
consolidated.
> Handlers have been added for network connection wait conditions and
to various service restarts.
> The OSA plugins have been added to this role as a dependency. We
rely on the connection plugins throughout the stack however we were
doing a lot of workarounds to cater to the possibility of a deployer
running this role without them. This change simply adds the plugins
as a known dependency which allows for a more streamlined setup.
Change-Id: I5d3ddcfa11d575648a69a04f2fb30236c2c89da3
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The handler would try and stop a container before restarting it however
if the container was already stopped the handler would fail instead of
simply moving on to the next task. This change makes the "stop" portion
of the task detect the return status code of "2" when restarting the
container. If the return code is "2" we know that the container is
already stopped and that no change has occurred.
For the sake of consistency and to ensure the greatest chance for
success the test task that stops a container has also been given the
same setup.
Change-Id: Ia4856f36b2d106d987e3c774f31493e25a23d4b5
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
openSUSE is now using lxc-2.X.X from the OBS repository in the
lxc_hosts role so there is no need to have the lxc-1.X.X workarounds
anymore.
Change-Id: I6d6df4e15adca696e95ef680fd43c9e013765a4e
It appears that lxc-1.1.5 is very slow when stopping a container. As a
result of which we pass the timeout (-t) option on openSUSE whilst this
is being investigated on the distribution level. This can also be
removed when lxc-2.X.X becomes the default option on openSUSE.
Link: https://bugzilla.opensuse.org/show_bug.cgi?id=1054609
Change-Id: I02299cb17477f63970e11ce3c8455cb12773a541
Adding a retry to the container start/stop handlers will allow a restart
to be attempted more than once in the event the system isn't ready for
some reason.
Change-Id: Ie1dabf9a3b513b732025201ad3b0af593c4832dd
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This changes allows a deployer to disable a container restart
by setting the option ``lxc_container_allow_restarts`` to ``false``.
Forward port based on:
- https://review.openstack.org/344834
- https://review.openstack.org/346064
Change-Id: I2c681d7e0681f8586286dc9f371d7b5e231bda68
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The change moves the role out from the main repo lxc_container_create
repository and into its own standalone repository.
Items within this change:
* The role has been updated to ensure it runs standalone.
* Tests added to the role within tox.
* Functional tests added to the role that can either be run
via the run_tests.sh script or using tox.
* dev requirements have been updated for testing usecases.
* Docs added to both the README.rst file as well as the docs
folder.
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Dmitriy Rabotyagov