Wait for systemd-tmpfiles-setup service to complete after container restart

There is a race condition between starting an lxc container and executing
the first ansible task. Ansible makes heavy use of /tmp and the first
task executed after 'lxc-start' will collide with systemd-tmpfiles-setup
which by default removes all content from /tmp, including the working
files of any ansible task which happens to be running. This causes a fatal
error for ansible which cannot be recovered with retries.

This patch adds a raw command to check the state of the tmpfiles-setup
service and wait until it has completed, avoiding the race confdition.

Co-Authored-By: Dmitriy Rabotyagov <noonedeadpunk@ya.ru>
Change-Id: I8111ae7548cddd71b0f384157e28ced40392401b

handlers/main.yml

@@ -48,6 +48,15 @@
   retries: 3
   listen: Lxc container restart
 
+- name: Wait for container tmpfiles-setup finish
+  raw: systemctl status systemd-tmpfiles-setup.service | grep Process | grep 'code=exited' >/dev/null
+  register: systemd_tmpfiles
+  until: systemd_tmpfiles.rc == 0
+  retries: 20
+  delay: 2
+  changed_when: false
+  listen: Lxc container restart
+
 - name: Flush addresses
   command: "ip addr flush {{ item.value.interface }}"
   with_dict: "{{ lxc_container_networks_combined }}"

tests/test-containers-functional.yml

@@ -150,7 +150,16 @@
 
 - name: Check if the sysctl was well applied
   hosts: container3
+  gather_facts: false
   tasks:
+    - name: Wait for container tmpfiles-setup finish
+      raw: systemctl status systemd-tmpfiles-setup.service | grep Process | grep 'code=exited' >/dev/null
+      register: systemd_tmpfiles
+      until: systemd_tmpfiles.rc == 0
+      retries: 20
+      delay: 2
+      changed_when: false
+
     - name: Check the sysctl is persistent
       command: sysctl -n net.ipv4.ip_nonlocal_bind
       register: nonlocalbind