Merge "add gentoo support"

This commit is contained in:
Zuul 2019-02-23 04:35:29 +00:00 committed by Gerrit Code Review
commit 468cffb585
14 changed files with 291 additions and 7 deletions

View File

@ -103,6 +103,7 @@ lxc_net_bridge: lxcbr0
lxc_net_bridge_port: none
lxc_net_address: 10.0.3.1
lxc_net_netmask: 255.255.255.0
lxc_net_cidr: 24
lxc_net_gateway: null ## if null, no gateway will be on the LXC bridge. lxc_net_nat must be "false" to use a gateway.
#lxc_net_mtu: 1500 ##setting this variable will add mtu configuration for the lxc config and network bridge
@ -193,7 +194,7 @@ lxc_cache_distro_packages: "{{ _lxc_cache_distro_packages + lxc_cache_extra_dist
# preparation process. This is necessary to mitigate the issue that can
# arise where the cache prep hangs and never fails.
# The value is specified in seconds, with the default being 20 minutes.
lxc_cache_prep_timeout: 1200
lxc_cache_prep_timeout: "{{ _lxc_cache_prep_timeout | default(1200) }}"
# Set the server to download LXC images from.
lxc_image_cache_server_mirrors:
@ -241,8 +242,7 @@ lxc_cache_download_template_options: >-
{{ lxc_cache_download_template_extra_options }}
# Locales to populate in the LXC base cache
lxc_cache_locales:
- en_US.UTF-8
lxc_cache_locales: "{{ _lxc_cache_locales | default(['en_US.UTF-8']) }}"
# LXC must be installed from a COPR repository on CentOS 7 since the version
# provided in EPEL is much too old (1.x).

View File

@ -27,6 +27,11 @@
- name: Init reload
command: "initctl reload-configuration"
- name: Restart importd
systemd:
name: "systemd-importd.service"
state: "restarted"
- name: Enable machines mount
systemd:
daemon_reload: yes
@ -59,10 +64,24 @@
shell: "ifdown {{ lxc_net_bridge }} || true"
notify:
- Bring bridge up
- Reload networkd
- Veth check
- name: Bring bridge up
command: "ifup {{ lxc_net_bridge }}"
when:
- "ansible_distribution | lower != 'gentoo'"
- name: Reload networkd
systemd:
name: "systemd-networkd"
state: "restarted"
enabled: "yes"
daemon_reload: "yes"
retries: 5
delay: 5
when:
- "ansible_distribution | lower == 'gentoo'"
- name: Veth check
command: "/usr/local/bin/lxc-veth-check"

View File

@ -112,7 +112,7 @@
- name: Prepare cached image setup commands
shell: "chroot {{ lxc_image_cache_path }} /opt/cache-prep-commands.sh > /var/log/lxc-cache-prep-commands.log 2>&1"
changed_when: false
async: "{{ lxc_cache_prep_timeout }}"
async: "{{ lxc_cache_prep_timeout | int }}"
poll: 0
register: _lxc_cache_prepare_commands
@ -135,7 +135,7 @@
register: _lxc_cache_prepare_commands_result
until: _lxc_cache_prepare_commands_result.finished
delay: 10
retries: "{{ lxc_cache_prep_timeout // 10 }}"
retries: "{{ lxc_cache_prep_timeout | int // 10 }}"
- name: Remove requiretty for sudo on centos
template:

View File

@ -30,6 +30,15 @@
until: job_result.finished
retries: 60
- name: Ensure systemd-importd is enabled
systemd:
name: "systemd-importd"
state: "started"
enabled: "yes"
daemon_reload: "yes"
notify:
- Restart importd
- name: Retrieve base image
command: >-
machinectl

View File

@ -58,7 +58,7 @@
args:
warn: no
register: prestage_image
async: "{{ lxc_cache_prep_timeout // 5 }}"
async: "{{ lxc_cache_prep_timeout | int // 5 }}"
poll: 0
tags:
- skip_ansible_lint

View File

@ -0,0 +1,47 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Remove conflicting packages
portage:
package: "{{ lxc_hosts_remove_distro_packages }}"
state: absent
tags:
- lxc-ebuild-packages
- name: Install gentoo packages
portage:
package: "{{ lxc_hosts_distro_packages }}"
state: "{{ lxc_hosts_package_state }}"
jobs: 4
register: install_packages
until: install_packages is success
retries: 5
delay: 2
tags:
- lxc-ebuild-packages
- name: Drop irqbalance config
template:
src: "irqbalance.j2"
dest: "{{ system_config_dir }}/irqbalance"
owner: "root"
group: "root"
mode: "0644"
notify:
- Restart irqbalance
tags:
- lxc-files
- lxc-irqbalance
- lxc_hosts-config

View File

@ -41,6 +41,7 @@
with_items: "{{ lxc_cached_network_interfaces }}"
notify:
- Restart bridge
- Reload networkd
tags:
- lxc-files
- lxc-net
@ -66,6 +67,7 @@
- ansible_pkg_mgr == "zypper"
notify:
- Bring bridge up
- Reload networkd
tags:
- lxc-files
- lxc-net
@ -88,11 +90,14 @@
# NOTE(mhayden): There are ifup hooks that handle the customized LXC container
# networking. Starting lxc-net will trample over these hooks and cause
# networking issues for containers.
# NOTE(prometheanfire): lxc-net is not installed on gentoo
- name: Disable and stop lxc-net
service:
name: lxc-net
enabled: no
state: stopped
when:
- "ansible_distribution | lower != 'gentoo'"
tags:
- lxc-net
@ -101,6 +106,8 @@
src: /dev/null
path: /etc/systemd/system/lxc-net.service
state: link
when:
- "ansible_distribution | lower != 'gentoo'"
tags:
- lxc-files
- lxc-net
@ -141,6 +148,7 @@
changed_when: bridge_check.state == 'absent'
notify:
- Bring bridge up
- Reload networkd
tags:
- lxc-bridge

View File

@ -32,3 +32,18 @@
- "{{ lxc_container_cache_path }}"
tags:
- lxc-directories
# NOTE(prometheanfire): only set the var on gentoo
- name: fetch latest Gentoo systemd image metadata
uri:
url: "http://distfiles.gentoo.org/releases/amd64/autobuilds/latest-stage4-amd64-systemd.txt"
return_content: yes
register: _gentoo_latest_stage4_systemd_metadata
when:
- ansible_distribution | lower == 'gentoo'
- name: set _lxc_hosts_container_image_url fact for gentoo
set_fact:
_lxc_hosts_container_image_url: "http://distfiles.gentoo.org/releases/amd64/autobuilds/{{ _gentoo_latest_stage4_systemd_metadata.content.split('\n')[-2].split()[0] }}"
when:
- ansible_distribution | lower == 'gentoo'

View File

@ -0,0 +1,10 @@
# {{ ansible_managed }}
[NetDev]
Name={{ lxc_net_bridge }}
Kind=bridge
[Bridge]
ForwardDelaySec=0
HelloTimeSec=2
MaxAgeSec=12
STP=off

View File

@ -0,0 +1,10 @@
# {{ ansible_managed }}
[Match]
Name={{ lxc_net_bridge }}
[Network]
Address={{ (lxc_net_address ~ '/' ~ lxc_net_netmask) | ipaddr('cidr') }}
{% if lxc_net_gateway is not none %}
Gateway={{ lxc_net_gateway }}
{% endif %}
ConfigureWithoutCarrier=yes

View File

@ -14,11 +14,14 @@ mkdir -p /root/.gnupg
[ ! -e /dev/null ] && mknod -m 0666 /dev/null c 1 3
[ ! -e /dev/random ] && mknod -m 0666 /dev/random c 1 8
[ ! -e /dev/urandom ] && mknod -m 0666 /dev/urandom c 1 9
ln -sf /proc/self/fd /dev/fd
for i in {0..5}; do
[ ! -e "/dev/pts/$i" ] && mknod -m 0666 "/dev/pts/$i" c 136 $i
done
[ ! -e /dev/pts/ptmx ] && mknod -m 0666 /dev/pts/ptmx c 5 2
# file check does not seem to work at all times
[ ! -e /dev/ptmx ] && mknod -m 0666 /dev/ptmx c 5 2 || true
[ ! -e /dev/pts/ptmx ] && mknod -m 0000 /dev/pts/ptmx c 5 2
# Create the directory where local facts will be stored
mkdir -p /etc/ansible/facts.d

View File

@ -0,0 +1,67 @@
#!/usr/bin/env bash
set -e -x
{{ lxc_cache_prep_pre_commands }}
{% include 'templates/prep-scripts/_container_sys_setup.sh.j2' %}
mount -t proc proc /proc
mkdir /dev/shm
mount -t tmpfs none /dev/shm
chmod 1777 /dev/shm
mkdir -p /etc/portage/repos.conf
echo -n '[DEFAULT]
main-repo = gentoo
[gentoo]
sync-type = webrsync
sync-webrsync-verify-signature = true
sync-openpgp-key-refresh-retry-count = 0
sync-openpgp-key-path = /usr/share/openpgp-keys/gentoo-release.asc
location = /usr/portage
auto-sync = true' > /etc/portage/repos.conf/repos.conf
emerge --sync
emerge -C app-emulation/lxc app-emulation/lxc-templates sys-fs/lxcfs || true
## Update base distribution
# make world consistant
USE="-build" emerge -q --complete-graph=y --jobs=4 --update --newuse --deep --with-bdeps=y @world
# rebuild packages that might need it
USE="-build" emerge -q --jobs=4 --usepkg=n @preserved-rebuild
# remove unneeded packages
USE="-build" emerge --verbose=n --ask=n --depclean
# rebuild packages that might have somehow depended on the unneeded packages
USE="-build" emerge -q --jobs=4 --usepkg=n @preserved-rebuild
# update config files
etc-update --automode -5
emerge --jobs=4 {{ lxc_cache_distro_packages | join(' ') }}
eselect python set python2.7
rm /etc/machine-id || true
rm /var/lib/dbus/machine-id || true
touch /etc/machine-id
rm /etc/sysctl.d/* || true
echo '' > /etc/sysctl.conf
mkdir -p /root/.ssh
chmod 700 /root/.ssh
eclean-dist
mkdir -p /var/backup
chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
systemctl disable systemd-resolved.service || true
#systemctl mask systemd-resolved.service || true
{% for locale in lxc_cache_locales %}
echo "{{ locale }}" >> /etc/locale.gen
{% if loop.first | bool %}
{% endif %}
{% endfor %}
locale-gen
# Set the IP of the lxcbr0 interface as the DNS server
echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf
systemctl enable systemd-networkd
umount -f /dev/shm
rmdir /dev/shm
umount -f /proc
{{ lxc_cache_prep_post_commands }}

49
vars/gentoo-host.yml Normal file
View File

@ -0,0 +1,49 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Required packages.
lxc_hosts_distro_packages:
- net-misc/aria2
- net-misc/bridge-utils
- sys-fs/btrfs-progs
- app-admin/cgmanager
- sys-apps/dbus
- dev-util/debootstrap
- net-dns/dnsmasq
- dev-vcs/git
- sys-libs/libseccomp
- net-firewall/iptables
- sys-apps/irqbalance
- app-emulation/lxc
- app-emulation/lxc-templates
- dev-python/lxc-python2
- dev-python/python3-lxc
- app-arch/xz-utils
- sys-apps/ethtool
# Package to remove from the host
lxc_hosts_remove_distro_packages:
- dnsmasq
lxc_xz_bin: xz
system_config_dir: "/etc/conf.d"
systemd_utils_prefix: "/lib/systemd"
lxc_cached_network_interfaces:
- src: "lxc-networkd-bridge.network.j2"
dest: "/etc/systemd/network/{{ lxc_net_bridge }}.network"
- src: "lxc-networkd-bridge.netdev.j2"
dest: "/etc/systemd/network/{{ lxc_net_bridge }}.netdev"

47
vars/gentoo.yml Normal file
View File

@ -0,0 +1,47 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
_lxc_cache_map:
distro: gentoo
arch: "{{ lxc_architecture_mapping.get( ansible_architecture ) }}"
release: 17.0-systemd
copy_from_host:
- /etc/portage/make.conf
- /etc/portage/package.keywords/*
- /etc/portage/package.use/*
- /etc/environment
- /etc/localtime
- /etc/protocols
_lxc_cache_prep_template: "prep-scripts/gentoo_systemd_prep.sh.j2"
_lxc_cache_prep_timeout: 1800
_lxc_cache_locales:
- "en_US.UTF-8 UTF-8"
_lxc_cache_distro_packages:
- app-portage/gentoolkit
- app-misc/ca-certificates
- sys-process/cronie
- sys-apps/dbus
- sys-apps/iproute2
- net-misc/iputils
- virtual/libffi
- dev-libs/openssl
- net-misc/openssh
- net-misc/rsync
- app-admin/sudo
- app-arch/tar
- net-misc/wget