This has not had any practical use for several releases and mostly
carries copies of ansible facts. Remove the variable and use the
facts directly.
Change-Id: I1d2be9d07b38eaf2b737819c451a0d2339f723d0
Sometimes there could be intermittent issues on some of the
mirrors that would be picked while building the base image.
In order to increases chances of image to build, we add a retries
to increase chances to pick properly synced mirror.
Change-Id: I5546ee71cce4f4b40fbd1d38d5d49586606bbbda
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: If6171be3d649f6e7dd26decf1460d45775bd5f9e
Right now we write output of `date -d @{{ timestamp }} to
the expiry file, and then attempt to comapre with timestamp.
However, output of `date -d` is datetime and not timestamp,
so these 2 things can not be properly compared. So image cache
was valid forever.
Change-Id: I42f5b43f09d3c530813dd7fd334eafce7a5eaf39
This patch aims to handle creation of OVS bridge if
`lxc_net_bridge_type` is set to `openvswitch`. That will finalize path
when deployer prefers to have OVS as the only bridge provider and do not
use LXB for any bridges.
Change-Id: Idd7a6eecf718df7fd8b4ae008f7dc00e42e8c32c
This change adds a new role default option which will allow operators
to omit the deployment of specific lxc bridge network config. This
change is being implemented because, as an operator, I have a host
setup specifically built for OpenStack which includes an interface
config covering the lxc deployment. Currently when running a deployment
the role will attempt to deploy a new interface file which at best
conflicts with the host setup and at worst fails to run due to the
interface being in a state unknown to OSA.
The new config option `lxc_net_managed` is default **true** keeping
the existing expectations, but when set to **false** the role will
no longer deploy an interface file or attempt to bring up the interface
using the distro tools.
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
Change-Id: Icdf4a1f5ff98dc1b86c6a87ea4e606b7c74e1aac
We also leverage systemd-networkd for managing lxc-net and replace
using of custom service template for lxc-dnsmasq service with our
systemd-service role. These changes are quite tighten together, so
it's quite hard to split them in different patchsets.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/861350
Change-Id: I5ac99e2b6c6e6ccd9da18ae68e1f8801f95f4f4e
Since ansible 2.8 it's possible to provide policy_rc_d attribute to the
apt module in order to avoid service restart on installation/upgrade
Change-Id: I299605bb5735cd510a82490a710ef6fae98bfafa
This line snuck in with Icfa97babeb7034cab623aca883bb83d5a07f7233
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: Ifa5d05a70988962e2bce8538204ddd3131ad6003
As of today, each lxc-utils update would lead to restart of all
containers. At the same time this might be unwanted behaviour, as
if it's run without limit, all cluster members inside containers can
go down at the same time.
In order to prevent that, we place policy-rc.d file that will simply
quit with 101 code `action forbidden by policy` on service restart
attempt.
Change-Id: I9140b7ab9f9266fcf4fe800e4610497f2324df4e
Remove installation of aria2 everywhere as we no longer download
lxc images but build them locally.
Change-Id: I5eba0b1f08cfe23998cf1116bb017e8a8ef0bb72
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: Icfa97babeb7034cab623aca883bb83d5a07f7233
This patch switches the debian/ubuntu OS to build their lxc base
images locally using debootstrap rather than download a pre-built
lxc image. This unifies the approach with Centos-8 which is already
building a local image using dnf.
The LXC cache prestage tasks are removed, and all variables
associated with the download of the lxc image are removed from
defaults/main.yml.
A new variable lxc_apt_mirror is introduced, which is passed to
debootstrap to provide the apt source that the container rootfs
should be built from.
Depends-On: https://review.opendev.org/786396
Change-Id: Ia5a62cee7ab493857df16f7ae906796d22ba616c
This change uses dnf to build the container image for Centos-8
using dnf locally rather than rely on an external image that is
downloaded and unpacked.
The existing image prestage commands are made conditional, and
an operating system specific command can be provided via role
variables to build a chroot in /var/lib/machines.
During the transition from Centos-8 to Centos-8-Stream, the
vars files are separated, with vars/redhat.yml covering Stream,
and vars/centos-8.3.yml covering legcay Centos-8.
In addition, the systemd-logind service is masked from the base
image. This is masked in the previously downloaded container base
image, so we ensure that the same is done for locally built chroots.
Depends-On: I31880ca995735b737d33532eaa4c29be02523117
Depends-On: I74f02669b013b8580d3469a8ffe214d88cd0f525
Change-Id: I1ddfe36259610b25e86b69d64d1d7f32a56c0e4d
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I79f68c467d48b9b50143fd3a11e176f91804e805
The same can be achieved with two ternary operators. Much
less code and duplication.
Default lxc_container_backing_store to 'dir' to match the
lxc_container_create role and further simplify the code.
Change-Id: I59bbbcd8a66970a4fb30339aed457b50fb4dad50
This was a single task in a task file which can be included with the
rest of the post installation tasks
Change-Id: Ic9e0e4fe28aeb3d22e9b06371ee01f923fcd26d9
Openstack-Ansible does not maintain support for deploying on gentoo
so we can simplify this ansible role
Change-Id: If2a63a2743714745e0f0b0eea2ee3d5b8d4c9a35
These tasks are duplicated in both lxc_cache_preparation_simple.yml
and lxc_volume.yml, so we remove one of the duplicate set of tasks.
Change-Id: I5e5ea241308a11b79864885584944037dfecc6bc
If we build a local chroot then the lxc_cache_prestage.yml tasks
are no longer required, but the cache facts are still used later in
the role. Move the settings of the facts closer to where the facts
are used.
Change-Id: Ie0bcf56f0ac12f5a5472f539824221f2d8f3c769
Building a chroot using dnf fails if the yum repo config does not
contain the url of the gpg key. This key url is present in the other
repo config files on a centos-8 stream system.
Change-Id: I97ad5d9f210a17a6a19f31c7e6cadee595dc7dca
This requires extra ansible tasks to unpack the nested tar file
structure of the 8.3 container image.
Depends-On: I31880ca995735b737d33532eaa4c29be02523117
Change-Id: I443f5b9ecef1c142dcbcac91a0f36cb28035f3f6
lxc_hosts_container_image_url is string, so can't be passed through bool
filter as it will always result as false.
Change-Id: I0f12760840d81c9d73118d63bc0927eab78b9df2
Closes-Bug: #1908544
For running bigger amount of ansible forks, we need to increase
ssh MaxSessions parameter for lxc hosts, since
all connections to lxc containers occur through hosts
Depends-On: https://review.opendev.org/758399
Change-Id: Ib3e850ba79658a42995cd782a11342aca6858342