The private option on include role was never implemented and
will no longer be developed. This change removes the option
so ansible no longer raises a deprecation warning.
Change-Id: I1b7649481d2f9fbd25164a28cd10972a63143747
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
If a stock aa profile exists for dnsmasq (SUSE, Ubuntu) the nspawn
deployment will fail due to the profile being strict. This change
sets the profile to complain, which allows the deployment to
succeed. The new tasks will detect a stock dnsmasq aa profile and
set it to complain if found.
Change-Id: Ie565b683d2f06e47f7a46497ce3c38d604a0fed6
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
This change removes the assumption that ip and iptables are always in
the same location on any distro by setting the specific tool path per OS
package manager type.
This adapts the pattern set here:
fc9a2d03dc/tests/roles/bootstrap-host/defaults/main.yml (L106-L118)
Change-Id: If7ddd8f2afb8c990f2b5117947f103626663ad21
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The host only route was adding the cidr twice which is wrong. This
change adds the missing network filter to correct the issue.
Change-Id: Ic280db301ce44b98ac35c8911999dec5fa263a29
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The network rules used to be too broad and could result in conflict when
address space is more restricted. This change updates the network rule
set such that it will not only add address to a macvlan interface using
the `noprefixroute` option and setting the route to the local table
only. This limits the macvlan network scope to ensure we're not creating
conflicts while also not breaking inter host connectivity.
Change-Id: I9b27a006a5587150254b35288d8907ae32651b57
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The host only network function was adding a global network address and a
host only network address which would flip flop should networkd or the
nspawn-macvlan service be restarted. This change makes resolves the flip
flopping and adds an option to enable this functionality when required.
Change-Id: Ia856723580d345d01e0df06ac41adb9cb7fcdb24
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The variable `interface` is not defined in the `if` part of the
conditional, however, it is referenced later on.
Change-Id: I86ed0daabe369b984bf534d3bcf471c73c7795ce
Using the container_(extra)_networks hash a user can define a routed
interface for a network without an address. This change documents that
capability.
Change-Id: I93bdfde1aa5a9820d1853a779caf6670ee58d335
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This change moves the hidden `container_extra_networks` options to the
defaults file and adds a blerb regarding how this functions.
Change-Id: I4d7a9f05cf8382d0b83dd0ce574f7f4ba3783a63
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The macvlan primary interface will now allow deployers to run a fully
minimal network stack without any bridges or out-of-band configurations.
This capability has now been added to the defaults with documentation
regarding how its implemented.
Change-Id: I73e52ff9237dcc9c0d1bd156345d730454d28533
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
When running without bridges the local routing needs to be scoped to the
host. This change ensures that is the care.
When re-preping an environment the GPG setup will require aceess to fd's
which may not exist at the time the base cache is re-prep'd.
nspawn mtu settings will now follow the primary interface.
Change-Id: I74e9301a98cf92161feb31e6808e9e02a07f662c
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
With the use of nspawn containers and macvlans, without an intermediary
bridge, there's no way to send traffic from the host back to the
container without configuring VEPA and having 802.1qg enabled
switches. To enhance the usability of nspawn a local route is added to
macvlan devices when an interface address is detected. This allows
the host to route back to the containers without issues and will not
interfere with the main host route. To ensure there's absolutely no
conflict with host routes a metric has added to all routes added to the
local table.
Change-Id: Id4326c9783f46884d3f39692e691775ba1118b38
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
There are times when a deployer will need to reconfigure parts of
an environment and having a general purpose tag to run said operation
will be important especicially should the deployer be needing to
reconfigure systemd unit files in a downtime event. This change adds
a general purpose systemd tag where include_role and systemd is found
which will assit operators with day2 operational tasks.
Change-Id: I8a007c62e110c96fce4fc687258af0b4ef7b3ab1
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The macvlan setup was duplicating IP addresses from the host using the mv
interface. This caused all kinds of unexpected brokeness. This change
corrects the config so that the role is not longer overreaching.
The test setup to pin the image download url elsewhere has been removed
as it's now causing problems connecting to the index.
Change-Id: Ida9751f6ad94bf5e4b0dcd15a506e503350fdd9d
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
systemd networkd is a shared directory of networks that needs to be able
to co-exist with the host which may be using networkd on it's own. This
change adds an nspawn specific networkd prefix to the interface files to
ensure we're not creating interface file collisions.
Change-Id: I1a9e25f697b64e292261cf0abf8df61a97dd2730
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The combined networks variable will allow deployers to set basic
container networks, default nspawn networks, and any "extra" networks a
deployer may need outside of a standard build.
Change-Id: I5346fdf81967d6eb7f69e61a187166c076ca4b60
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This change adds a sort to the interface craetion process which will
key off the interface name and ensure we're not creating duplication
devices while also maintaining the sort order.
Change-Id: Iccedce916af0bcc6323b448229cd8958de40778c
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
While the start order of these services shouldn't have any conflicts
this change ensures it by forcing the various services to be part of one
another and have specific ordering.
Change-Id: Idf5de7d018a92d6df31b3277e46473698088bfd8
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Use the common roles throught this role to remove all of the boilerplate
code we had. The common modules do most of the heavy lifing.
Update to fix the resolve.conf issue with the image cache prep.
Add legacy image support and use smaller upstream images by default.
Now that suse supports systemd-networkd we can enable suse support in
nspawn.
Change-Id: I5f6ceb928f5c0902adf2e34f96a5998840400777
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>