* Update openstack-ansible-lxc_hosts from branch 'master'
to 56d69ce9e86a3983999366a189fe97353943af3b
- Fix resolved config on Debian
Currently, file /etc/systemd/resolved.conf.d/openstack-ansible.conf has
incorrect format and is being ignored:
```
systemd-resolved[740]:
/etc/systemd/resolved.conf.d/openstack-ansible.conf:2:
Missing '=', ignoring line.
```
Change-Id: I23529b0dd032cbb6ba59acc3d3b668c06847da08
* Update openstack-ansible-lxc_hosts from branch 'master'
to bd011b0eeef76c450cf32cafc542948a769adcd1
- Fix permissions for base directories
With fixing linters [1] I have accidentally set incorrect mode for base directories
to 0644 while it should be 0755.
[1] https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/888180
Closes-Bug: #2047593
Change-Id: Ied402f4f22ac333573c7144877da669251eccf8c
* Update openstack-ansible-lxc_hosts from branch 'master'
to 3d6a3d812df8c2d494af58cfe8d5f4df085dcce1
- Merge "Stop installing openssh and rsync to containers"
- Stop installing openssh and rsync to containers
With fixing keystone role there should be no need in explicitly
installing rsync and openssh everywhere.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/889934
Change-Id: I25729462fa6be7953e8ef0687ec4580509c21aaf
* Update openstack-ansible-lxc_hosts from branch 'master'
to d57f9a8f47a4821c9d843c3007a931315a40e3fc
- Remove lxc_cache_map variable
This has not had any practical use for several releases and mostly
carries copies of ansible facts. Remove the variable and use the
facts directly.
Change-Id: I1d2be9d07b38eaf2b737819c451a0d2339f723d0
* Update openstack-ansible-lxc_hosts from branch 'master'
to a22ec2150f6b9300cbe0dd9f1acb84f034056bf4
- Remove old tasks and vars from image download process
These are leftover from when the role downloaded prebuilt LXC
iamges, but are no longer used.
Change-Id: I3689e18cbd62804d7a959beb8f58f91920beecd1
* Update openstack-ansible-lxc_hosts from branch 'master'
to 655818e0a0bfc5fc38477394f8609821eae8d067
- Remove old cleaup task
Change-Id: If065bbd51701591c5755278e86423ef46f01f893
* Update openstack-ansible-lxc_hosts from branch 'master'
to 39542e2c6594d3181108e383e59a423186d16c39
- Switch to native systemd-resolved from resolv.conf
Rather than edit resolv.conf, use the recommended method of
operation for systemd-resolved and configure the dns server
through a resolved drop-in.
Change-Id: I1b08a45ccced87ecd200f3e7294165e922df39ff
* Update openstack-ansible-lxc_hosts from branch 'master'
to 03dc91fa85d3c717ec0de00ba894999f62234193
- Add ca-certificates into debian base image during debootstrap.
debootstrap uses http for it's apt config so can function without
the certificates from ca-certificates being installed.
The debian bookworm cloud image defaults to using https for the
apt repo urls, so unless the ca-certificates package is present
no more apt operations can be done once the apt configuration is
synchronised from the host to the container image.
Installing ca-certificates during the initial debootstrap avoids
the issue of not being able to install ca-certificates due to failed
SSL verification.
Change-Id: Ia78429eaf4bd71a8f3509c4e484f7dd02574c6b1
* Update openstack-ansible-lxc_hosts from branch 'master'
to 2506f0080a34cf48069954e26dc5a2fab23a310f
- Sync additional apt config from the host to the container base image
Debian bookworm needs the sources.list.d and mirrors directory
syncing to the container image to result in a working apt config.
Change-Id: I0c62340e7868948d9c55c96559ddafadf8cb7db1
* Update openstack-ansible-lxc_hosts from branch 'master'
to 22b6df4193bf723dcbc6d5ce4efff326e4117e86
- Ensure systemd-resolved is present in debian container images
It is not present by default in the rootfs built by
debootstrap for debian bookworm
Change-Id: Ie7200d5c01948c885c3dd4e8103c8f0a65e26108
* Update openstack-ansible-lxc_hosts from branch 'master'
to 42cfa88bb56f1cb29bb07f499a58ff9d6631f6cc
- Fix linter error
Split long line
Change-Id: I2466a9959bc93da754e11d8b9c6fb5d90f64163f
* Update openstack-ansible-lxc_hosts from branch 'master'
to 2272de8f0c5977819ed38582c30cff68d6da7d5b
- Fix linters issues
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
This is a follow-up change to [1].
[1] https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/888180
Change-Id: I2564e3dcb2efad8f6a2ed21bec61668c1b6f6209
* Update openstack-ansible-lxc_hosts from branch 'master'
to 4686fac8623298bbbf7b3fc8254f308dacda1e38
- Add retries to LXC base build command
Sometimes there could be intermittent issues on some of the
mirrors that would be picked while building the base image.
In order to increases chances of image to build, we add a retries
to increase chances to pick properly synced mirror.
Change-Id: I5546ee71cce4f4b40fbd1d38d5d49586606bbbda
* Update openstack-ansible-lxc_hosts from branch 'master'
to a5589beb5f64e01fecffefbcd398a34f6566e101
- Fix linters issue and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: If6171be3d649f6e7dd26decf1460d45775bd5f9e
* Update openstack-ansible-lxc_hosts from branch 'master'
to a51291f87d44a126f432bafbfd68f6fe3cd1ba1d
- Refactor LXC image expiration
Right now we write output of `date -d @{{ timestamp }} to
the expiry file, and then attempt to comapre with timestamp.
However, output of `date -d` is datetime and not timestamp,
so these 2 things can not be properly compared. So image cache
was valid forever.
Change-Id: I42f5b43f09d3c530813dd7fd334eafce7a5eaf39
* Update openstack-ansible-lxc_hosts from branch 'master'
to 6edd7f802b42734dbc4605fcae6e4edd39fb940a
- Merge "Allow to create OVS bridge for lxcbr0"
- Allow to create OVS bridge for lxcbr0
This patch aims to handle creation of OVS bridge if
`lxc_net_bridge_type` is set to `openvswitch`. That will finalize path
when deployer prefers to have OVS as the only bridge provider and do not
use LXB for any bridges.
Change-Id: Idd7a6eecf718df7fd8b4ae008f7dc00e42e8c32c
* Update openstack-ansible-lxc_hosts from branch 'master'
to e519c6b3021757187f0df5eedbda3110b805feda
- Remove "warn" paramter from command module
This is removed in ansible 2.14.
Change-Id: I38e2fdbbd6dab744199407504911caecdbfc140f
* Update openstack-ansible-lxc_hosts from branch 'master'
to 97a3e26e01e246815e2e1eb04cccc8ae246ca04c
- Update tox.ini to work with 4.0
With tox release of 4.0, some parameters were deprecated and are ignored now
which causes tox failures. One of the most spread issues we have is using
`whitelist_externals` isntead of `allowlist_externals`
Change-Id: I4967f301398621ae6e7b47b22d9a4d52037f6a3b
* Update openstack-ansible-lxc_hosts from branch 'master'
to 5a36b5cd26e0885ae5fdbfdcc393853557e5fc65
- Merge "Ensure tar is installed on LXC host"
- Ensure tar is installed on LXC host
Tar is required for LXC to create base container using lxc-create. When
it's absent lxc-create exits with code 1 without any output on this
task [1]
[1] ef721dbf13/tasks/lxc_cache_create.yml (L71)
Change-Id: Ic54d160c7329aebb7769c407d3af7b0f66145bcc
* Update openstack-ansible-lxc_hosts from branch 'master'
to 8975a4df068416033fd89ba1019cef172293cf93
- Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I80855ac314edcb193375976c86ac6001fac83ff3
* Update openstack-ansible-lxc_hosts from branch 'master'
to ca12ef136a1574931b783f15a6a6bc9d31081b49
- Add git and libxml2 to container base image
These are needed universally in the service container images so
install them into the base image to save build time later.
Change-Id: Ia51329110ffa2c634799544ac6c7b7f2016369a5
* Update openstack-ansible-lxc_hosts from branch 'master'
to ef721dbf13db8f3578b45791ac67c4815bd8c59a
- Use correct apt repo when ubuntu architecture is not x86_64
All other architectures are at ports.ubuntu.com.
Change-Id: I0f2d433bc11bd28541b48bf6b6644d83d4d19c4d
* Update openstack-ansible-lxc_hosts from branch 'master'
to 9385ec8011b8af129eb3354f990695e67897943a
- Add option to disable lxc interface management
This change adds a new role default option which will allow operators
to omit the deployment of specific lxc bridge network config. This
change is being implemented because, as an operator, I have a host
setup specifically built for OpenStack which includes an interface
config covering the lxc deployment. Currently when running a deployment
the role will attempt to deploy a new interface file which at best
conflicts with the host setup and at worst fails to run due to the
interface being in a state unknown to OSA.
The new config option `lxc_net_managed` is default **true** keeping
the existing expectations, but when set to **false** the role will
no longer deploy an interface file or attempt to bring up the interface
using the distro tools.
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
Change-Id: Icdf4a1f5ff98dc1b86c6a87ea4e606b7c74e1aac
* Update openstack-ansible-lxc_hosts from branch 'master'
to 3d8e3690ba620d1724129f8ed1a6a040c5ccdac9
- Replace ifupdown with native ip-link
We also leverage systemd-networkd for managing lxc-net and replace
using of custom service template for lxc-dnsmasq service with our
systemd-service role. These changes are quite tighten together, so
it's quite hard to split them in different patchsets.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/861350
Change-Id: I5ac99e2b6c6e6ccd9da18ae68e1f8801f95f4f4e
* Update openstack-ansible-lxc_hosts from branch 'master'
to 3d25c4f72b724c497d44281ec9dc81b6de120258
- Cleanup unused templates
aria2c and systemd-proxy templates exists but they are not referenced
and used by playbooks nowadays. Thus, we can safely remove them
Change-Id: I5223138aa7e50c92531076fe7764f204bfec3e24
* Update openstack-ansible-lxc_hosts from branch 'master'
to a09612c1fbc4f2c93047ecea77c51b2ebb326496
- Use policy_rc_d attribute instead of copy
Since ansible 2.8 it's possible to provide policy_rc_d attribute to the
apt module in order to avoid service restart on installation/upgrade
Change-Id: I299605bb5735cd510a82490a710ef6fae98bfafa
* Update openstack-ansible-lxc_hosts from branch 'master'
to 028d3e530380d8ab045f060a4c4ee50478bc9d23
- Remove redundant vars line
This line snuck in with Icfa97babeb7034cab623aca883bb83d5a07f7233
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: Ifa5d05a70988962e2bce8538204ddd3131ad6003
* Update openstack-ansible-lxc_hosts from branch 'master'
to 0b35e65fd2750600e72eee2b83974a0fa48f61ca
- Define coherent safe default for package state
Instead of overriding this value everywhere, it's easier to
define it from the start to the value we want. In this case,
we want to define it to "present", while still being
overridable.
Change-Id: If9db9aec4b48d2118aae0f2ef611f0e044d63fb3
* Update openstack-ansible-lxc_hosts from branch 'master'
to f8594d335f0ec70768d7bccd9ba13d84a6f65151
- Prevent lxc.service from being restarted on package update
As of today, each lxc-utils update would lead to restart of all
containers. At the same time this might be unwanted behaviour, as
if it's run without limit, all cluster members inside containers can
go down at the same time.
In order to prevent that, we place policy-rc.d file that will simply
quit with 101 code `action forbidden by policy` on service restart
attempt.
Change-Id: I9140b7ab9f9266fcf4fe800e4610497f2324df4e
* Update openstack-ansible-lxc_hosts from branch 'master'
to 783076a508d64918eb474ea5069b1261efdbaf79
- Take account of lxc_apt_mirror in new debootstrap command
Without this change the mirror variable is ignored which can
cause issues on systems running behind a proxy.
Change-Id: I3e761c181c1bf3b736fff3bf9ac441e266bc4e2c
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/851233
* Update openstack-ansible-lxc_hosts from branch 'master'
to 844ebcdab63125f239733c2ef1023fade5543e68
- Merge "Switch sphinx language to en"
- Switch sphinx language to en
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: I5f7244ed81d9ab87e23654d881d976bc4faa2960
* Update openstack-ansible-lxc_hosts from branch 'master'
to 3b8d1459b934e40f7c2a9656b0d592a8c34dce8a
- Disable apt phased updates inside containers.
Inside a chroot, phased updates are disabled [1]. This means that
the container base image always gets the latest packages regardless
of what is happening with the phasing.
At runtime, the default in Ubuntu releases 21.04 and onward is to
obey the package phasing information. This means that packages
inside the OSA built container image can be newer than the installation
candidates once the container is running, leading to installation
errors. This is particularly sensitive with source packages such as
systemd where there is a very tight version coupling between
all components leading to only one valid installation candidate.
This patch creates apt config inside the container base image to
always install the latest package version regardless of phasing.
There does not seem to be any alternative, as phasing is always
disabled during the debootstrap.
[1] https://discourse.ubuntu.com/t/phased-updates-in-apt-in-21-04/20345
Change-Id: Ia558e3aa1447220016c53349cf9dac0b822d06f4
* Update openstack-ansible-lxc_hosts from branch 'master'
to fd23eeedfc2a28556278abc03f722ae17dd77990
- Add centos-9 support
Remove installation of aria2 everywhere as we no longer download
lxc images but build them locally.
Change-Id: I5eba0b1f08cfe23998cf1116bb017e8a8ef0bb72
* Update openstack-ansible-lxc_hosts from branch 'master'
to 3928a0b9146532b3d37149953228c10309a3e41e
- Clean up NFV OpenvSwitch repo for container build
NFV repo is supposed to be installed using system packages, as it should
also contain nfvsigdist variable for yum.
So avoid issue with yum update at this step we drop the repo that was
copied from host.
As alternative approach, we can drop copying yum.repos.d at all, but this
can lead to an unexpected results.
Change-Id: Ia5041c7d855a9e988afc4c2a0d16fdeb6a9c357f
* Update openstack-ansible-lxc_hosts from branch 'master'
to 4d4517f2af5e5e8fcf7214d270bc0b02bb3d6fb9
- Merge "Replace systemd-mount template with role"
- Replace systemd-mount template with role
To reduce role complexity we replace separatelly maintained template
with systemd_mount role that is widely used across OSA.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/836945
Change-Id: I23632f9c145be334b1d19067352f8b82114a1209
* Update openstack-ansible-lxc_hosts from branch 'master'
to 01a8891afc81477704889db561596a80ba564ca3
- Merge "systemd-resolved package is not available for redhat"
- systemd-resolved package is not available for redhat
Change-Id: Ib6134264e1a1d3a19b343b3c503da1602b68bc00
* Update openstack-ansible-lxc_hosts from branch 'master'
to 8626a26d9acf92759c7b0e7850e40df4fdf5c8e9
- Ensure systemd-udev is present in centos containers
This is needed to ensure that systemd-tmpfiles-setup service
is present, which is used to create /dev/fuse in centos containers
in other parts of the osa-gluster patch series.
Change-Id: I6a6401debad4937eb9f6a5be31c8cee42d7035cd
* Update openstack-ansible-lxc_hosts from branch 'master'
to f16e0c81125ee9dea60f01eee7d4fc5dd6dc44e2
- Merge "Clean up bionic variables"
- Clean up bionic variables
Since 18.04 is unsupported, we cleanup related variables and
preparation scripts.
Change-Id: I5d25d63a30f24ac5daf3268c03b3248415a42cc7
* Update openstack-ansible-lxc_hosts from branch 'master'
to b614fe16a4fb69d45c6826ded6ec0552b12e4222
- Generalise redhat variables to handle any distro and major release
Change-Id: I14fc02983efd807af97efe5689152d6562deafb9
* Update openstack-ansible-lxc_hosts from branch 'master'
to 94d2856291c31ace551eb4da7da4a4c48f6ec2a5
- Merge "Simplify installtion of libpython"
- Simplify installtion of libpython
We only support one version of Debian so can remove the logic that
supports older versions.
Change-Id: Icf3c21de86297c2de3fc043d4903452747710e39
* Update openstack-ansible-lxc_hosts from branch 'master'
to 9a4004169450a0bb68ffe0fec31e6887a9c075f3
- Ensure that the legacy network-scripts package is present
The lxc_hosts ansible role currently relies on the ifup / ifdown
commands.
Change-Id: I3adb4dd75198935c4656d0208043ad8051f29312
* Update openstack-ansible-lxc_hosts from branch 'master'
to 2bb97a64ac5d5ca0a8132003216fedd8ea288322
- Remove vars files for EOL version of centos-8
Change-Id: I57560b416b03afffe7498609490da04d1a851f11
* Update openstack-ansible-lxc_hosts from branch 'master'
to c844e21a6e561770858152a47f62d5ac9b955313
- Ansible systemd module can reload units without specifying a service
Remove an old workaround for ansible <2.4
Change-Id: Iafa0ae54538be2690a813c05fadb472c15a01b5a
Damian Dabrowski
OpenStack Release Bot