From 32d0a30c353e156282e2fe8b4765e91370a8fb59 Mon Sep 17 00:00:00 2001 From: Matthew Thode Date: Fri, 5 Oct 2018 21:44:47 -0500 Subject: [PATCH] add gentoo support Change-Id: Ieb1df06e6581601215851d78fb932a9d1e99e183 --- defaults/main.yml | 6 +- handlers/main.yml | 19 ++++++ tasks/lxc_cache_preparation.yml | 4 +- tasks/lxc_cache_preparation_systemd_new.yml | 9 +++ tasks/lxc_cache_prestage.yml | 2 +- tasks/lxc_install_portage.yml | 47 +++++++++++++ tasks/lxc_net.yml | 8 +++ tasks/lxc_pre_install.yml | 15 +++++ templates/lxc-networkd-bridge.netdev.j2 | 10 +++ templates/lxc-networkd-bridge.network.j2 | 10 +++ .../prep-scripts/_container_sys_setup.sh.j2 | 5 +- .../prep-scripts/gentoo_systemd_prep.sh.j2 | 67 +++++++++++++++++++ vars/gentoo-host.yml | 49 ++++++++++++++ vars/gentoo.yml | 47 +++++++++++++ 14 files changed, 291 insertions(+), 7 deletions(-) create mode 100644 tasks/lxc_install_portage.yml create mode 100644 templates/lxc-networkd-bridge.netdev.j2 create mode 100644 templates/lxc-networkd-bridge.network.j2 create mode 100644 templates/prep-scripts/gentoo_systemd_prep.sh.j2 create mode 100644 vars/gentoo-host.yml create mode 100644 vars/gentoo.yml diff --git a/defaults/main.yml b/defaults/main.yml index dd9659ad..1df3936a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -103,6 +103,7 @@ lxc_net_bridge: lxcbr0 lxc_net_bridge_port: none lxc_net_address: 10.0.3.1 lxc_net_netmask: 255.255.255.0 +lxc_net_cidr: 24 lxc_net_gateway: null ## if null, no gateway will be on the LXC bridge. lxc_net_nat must be "false" to use a gateway. #lxc_net_mtu: 1500 ##setting this variable will add mtu configuration for the lxc config and network bridge @@ -193,7 +194,7 @@ lxc_cache_distro_packages: "{{ _lxc_cache_distro_packages + lxc_cache_extra_dist # preparation process. This is necessary to mitigate the issue that can # arise where the cache prep hangs and never fails. # The value is specified in seconds, with the default being 20 minutes. -lxc_cache_prep_timeout: 1200 +lxc_cache_prep_timeout: "{{ _lxc_cache_prep_timeout | default(1200) }}" # Set the server to download LXC images from. lxc_image_cache_server_mirrors: @@ -241,8 +242,7 @@ lxc_cache_download_template_options: >- {{ lxc_cache_download_template_extra_options }} # Locales to populate in the LXC base cache -lxc_cache_locales: - - en_US.UTF-8 +lxc_cache_locales: "{{ _lxc_cache_locales | default(['en_US.UTF-8']) }}" # LXC must be installed from a COPR repository on CentOS 7 since the version # provided in EPEL is much too old (1.x). diff --git a/handlers/main.yml b/handlers/main.yml index 322f7ae5..8d365f5f 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -27,6 +27,11 @@ - name: Init reload command: "initctl reload-configuration" +- name: Restart importd + systemd: + name: "systemd-importd.service" + state: "restarted" + - name: Enable machines mount systemd: daemon_reload: yes @@ -59,10 +64,24 @@ shell: "ifdown {{ lxc_net_bridge }} || true" notify: - Bring bridge up + - Reload networkd - Veth check - name: Bring bridge up command: "ifup {{ lxc_net_bridge }}" + when: + - "ansible_distribution | lower != 'gentoo'" + +- name: Reload networkd + systemd: + name: "systemd-networkd" + state: "restarted" + enabled: "yes" + daemon_reload: "yes" + retries: 5 + delay: 5 + when: + - "ansible_distribution | lower == 'gentoo'" - name: Veth check command: "/usr/local/bin/lxc-veth-check" diff --git a/tasks/lxc_cache_preparation.yml b/tasks/lxc_cache_preparation.yml index f14ebddf..1dd44bdf 100644 --- a/tasks/lxc_cache_preparation.yml +++ b/tasks/lxc_cache_preparation.yml @@ -112,7 +112,7 @@ - name: Prepare cached image setup commands shell: "chroot {{ lxc_image_cache_path }} /opt/cache-prep-commands.sh > /var/log/lxc-cache-prep-commands.log 2>&1" changed_when: false - async: "{{ lxc_cache_prep_timeout }}" + async: "{{ lxc_cache_prep_timeout | int }}" poll: 0 register: _lxc_cache_prepare_commands @@ -135,7 +135,7 @@ register: _lxc_cache_prepare_commands_result until: _lxc_cache_prepare_commands_result.finished delay: 10 - retries: "{{ lxc_cache_prep_timeout // 10 }}" + retries: "{{ lxc_cache_prep_timeout | int // 10 }}" - name: Remove requiretty for sudo on centos template: diff --git a/tasks/lxc_cache_preparation_systemd_new.yml b/tasks/lxc_cache_preparation_systemd_new.yml index 37950b1c..f3266558 100644 --- a/tasks/lxc_cache_preparation_systemd_new.yml +++ b/tasks/lxc_cache_preparation_systemd_new.yml @@ -30,6 +30,15 @@ until: job_result.finished retries: 60 +- name: Ensure systemd-importd is enabled + systemd: + name: "systemd-importd" + state: "started" + enabled: "yes" + daemon_reload: "yes" + notify: + - Restart importd + - name: Retrieve base image command: >- machinectl diff --git a/tasks/lxc_cache_prestage.yml b/tasks/lxc_cache_prestage.yml index eda3ae38..6e88f1a0 100644 --- a/tasks/lxc_cache_prestage.yml +++ b/tasks/lxc_cache_prestage.yml @@ -58,7 +58,7 @@ args: warn: no register: prestage_image - async: "{{ lxc_cache_prep_timeout // 5 }}" + async: "{{ lxc_cache_prep_timeout | int // 5 }}" poll: 0 tags: - skip_ansible_lint diff --git a/tasks/lxc_install_portage.yml b/tasks/lxc_install_portage.yml new file mode 100644 index 00000000..62b32342 --- /dev/null +++ b/tasks/lxc_install_portage.yml @@ -0,0 +1,47 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Remove conflicting packages + portage: + package: "{{ lxc_hosts_remove_distro_packages }}" + state: absent + tags: + - lxc-ebuild-packages + +- name: Install gentoo packages + portage: + package: "{{ lxc_hosts_distro_packages }}" + state: "{{ lxc_hosts_package_state }}" + jobs: 4 + register: install_packages + until: install_packages is success + retries: 5 + delay: 2 + tags: + - lxc-ebuild-packages + +- name: Drop irqbalance config + template: + src: "irqbalance.j2" + dest: "{{ system_config_dir }}/irqbalance" + owner: "root" + group: "root" + mode: "0644" + notify: + - Restart irqbalance + tags: + - lxc-files + - lxc-irqbalance + - lxc_hosts-config diff --git a/tasks/lxc_net.yml b/tasks/lxc_net.yml index 9197d6bb..cb281f30 100644 --- a/tasks/lxc_net.yml +++ b/tasks/lxc_net.yml @@ -41,6 +41,7 @@ with_items: "{{ lxc_cached_network_interfaces }}" notify: - Restart bridge + - Reload networkd tags: - lxc-files - lxc-net @@ -66,6 +67,7 @@ - ansible_pkg_mgr == "zypper" notify: - Bring bridge up + - Reload networkd tags: - lxc-files - lxc-net @@ -88,11 +90,14 @@ # NOTE(mhayden): There are ifup hooks that handle the customized LXC container # networking. Starting lxc-net will trample over these hooks and cause # networking issues for containers. +# NOTE(prometheanfire): lxc-net is not installed on gentoo - name: Disable and stop lxc-net service: name: lxc-net enabled: no state: stopped + when: + - "ansible_distribution | lower != 'gentoo'" tags: - lxc-net @@ -101,6 +106,8 @@ src: /dev/null path: /etc/systemd/system/lxc-net.service state: link + when: + - "ansible_distribution | lower != 'gentoo'" tags: - lxc-files - lxc-net @@ -141,6 +148,7 @@ changed_when: bridge_check.state == 'absent' notify: - Bring bridge up + - Reload networkd tags: - lxc-bridge diff --git a/tasks/lxc_pre_install.yml b/tasks/lxc_pre_install.yml index d1b1bead..90ed4ba2 100644 --- a/tasks/lxc_pre_install.yml +++ b/tasks/lxc_pre_install.yml @@ -32,3 +32,18 @@ - "{{ lxc_container_cache_path }}" tags: - lxc-directories + +# NOTE(prometheanfire): only set the var on gentoo +- name: fetch latest Gentoo systemd image metadata + uri: + url: "http://distfiles.gentoo.org/releases/amd64/autobuilds/latest-stage4-amd64-systemd.txt" + return_content: yes + register: _gentoo_latest_stage4_systemd_metadata + when: + - ansible_distribution | lower == 'gentoo' + +- name: set _lxc_hosts_container_image_url fact for gentoo + set_fact: + _lxc_hosts_container_image_url: "http://distfiles.gentoo.org/releases/amd64/autobuilds/{{ _gentoo_latest_stage4_systemd_metadata.content.split('\n')[-2].split()[0] }}" + when: + - ansible_distribution | lower == 'gentoo' diff --git a/templates/lxc-networkd-bridge.netdev.j2 b/templates/lxc-networkd-bridge.netdev.j2 new file mode 100644 index 00000000..5d57e731 --- /dev/null +++ b/templates/lxc-networkd-bridge.netdev.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} +[NetDev] +Name={{ lxc_net_bridge }} +Kind=bridge + +[Bridge] +ForwardDelaySec=0 +HelloTimeSec=2 +MaxAgeSec=12 +STP=off diff --git a/templates/lxc-networkd-bridge.network.j2 b/templates/lxc-networkd-bridge.network.j2 new file mode 100644 index 00000000..cb6bbc6e --- /dev/null +++ b/templates/lxc-networkd-bridge.network.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} +[Match] +Name={{ lxc_net_bridge }} + +[Network] +Address={{ (lxc_net_address ~ '/' ~ lxc_net_netmask) | ipaddr('cidr') }} +{% if lxc_net_gateway is not none %} +Gateway={{ lxc_net_gateway }} +{% endif %} +ConfigureWithoutCarrier=yes diff --git a/templates/prep-scripts/_container_sys_setup.sh.j2 b/templates/prep-scripts/_container_sys_setup.sh.j2 index b95815d0..e1c14603 100644 --- a/templates/prep-scripts/_container_sys_setup.sh.j2 +++ b/templates/prep-scripts/_container_sys_setup.sh.j2 @@ -14,11 +14,14 @@ mkdir -p /root/.gnupg [ ! -e /dev/null ] && mknod -m 0666 /dev/null c 1 3 [ ! -e /dev/random ] && mknod -m 0666 /dev/random c 1 8 [ ! -e /dev/urandom ] && mknod -m 0666 /dev/urandom c 1 9 +ln -sf /proc/self/fd /dev/fd for i in {0..5}; do [ ! -e "/dev/pts/$i" ] && mknod -m 0666 "/dev/pts/$i" c 136 $i done -[ ! -e /dev/pts/ptmx ] && mknod -m 0666 /dev/pts/ptmx c 5 2 +# file check does not seem to work at all times +[ ! -e /dev/ptmx ] && mknod -m 0666 /dev/ptmx c 5 2 || true +[ ! -e /dev/pts/ptmx ] && mknod -m 0000 /dev/pts/ptmx c 5 2 # Create the directory where local facts will be stored mkdir -p /etc/ansible/facts.d diff --git a/templates/prep-scripts/gentoo_systemd_prep.sh.j2 b/templates/prep-scripts/gentoo_systemd_prep.sh.j2 new file mode 100644 index 00000000..3ec2d774 --- /dev/null +++ b/templates/prep-scripts/gentoo_systemd_prep.sh.j2 @@ -0,0 +1,67 @@ +#!/usr/bin/env bash +set -e -x + +{{ lxc_cache_prep_pre_commands }} + +{% include 'templates/prep-scripts/_container_sys_setup.sh.j2' %} + +mount -t proc proc /proc +mkdir /dev/shm +mount -t tmpfs none /dev/shm +chmod 1777 /dev/shm + +mkdir -p /etc/portage/repos.conf +echo -n '[DEFAULT] +main-repo = gentoo + +[gentoo] +sync-type = webrsync +sync-webrsync-verify-signature = true +sync-openpgp-key-refresh-retry-count = 0 +sync-openpgp-key-path = /usr/share/openpgp-keys/gentoo-release.asc +location = /usr/portage +auto-sync = true' > /etc/portage/repos.conf/repos.conf +emerge --sync +emerge -C app-emulation/lxc app-emulation/lxc-templates sys-fs/lxcfs || true + +## Update base distribution +# make world consistant +USE="-build" emerge -q --complete-graph=y --jobs=4 --update --newuse --deep --with-bdeps=y @world +# rebuild packages that might need it +USE="-build" emerge -q --jobs=4 --usepkg=n @preserved-rebuild +# remove unneeded packages +USE="-build" emerge --verbose=n --ask=n --depclean +# rebuild packages that might have somehow depended on the unneeded packages +USE="-build" emerge -q --jobs=4 --usepkg=n @preserved-rebuild +# update config files +etc-update --automode -5 + +emerge --jobs=4 {{ lxc_cache_distro_packages | join(' ') }} +eselect python set python2.7 +rm /etc/machine-id || true +rm /var/lib/dbus/machine-id || true +touch /etc/machine-id +rm /etc/sysctl.d/* || true +echo '' > /etc/sysctl.conf +mkdir -p /root/.ssh +chmod 700 /root/.ssh +eclean-dist +mkdir -p /var/backup +chage -I -1 -d -1 -m 0 -M 99999 -E -1 root +systemctl disable systemd-resolved.service || true +#systemctl mask systemd-resolved.service || true + +{% for locale in lxc_cache_locales %} +echo "{{ locale }}" >> /etc/locale.gen +{% if loop.first | bool %} +{% endif %} +{% endfor %} +locale-gen + +# Set the IP of the lxcbr0 interface as the DNS server +echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf +systemctl enable systemd-networkd +umount -f /dev/shm +rmdir /dev/shm +umount -f /proc +{{ lxc_cache_prep_post_commands }} diff --git a/vars/gentoo-host.yml b/vars/gentoo-host.yml new file mode 100644 index 00000000..89240e60 --- /dev/null +++ b/vars/gentoo-host.yml @@ -0,0 +1,49 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Required packages. +lxc_hosts_distro_packages: + - net-misc/aria2 + - net-misc/bridge-utils + - sys-fs/btrfs-progs + - app-admin/cgmanager + - sys-apps/dbus + - dev-util/debootstrap + - net-dns/dnsmasq + - dev-vcs/git + - sys-libs/libseccomp + - net-firewall/iptables + - sys-apps/irqbalance + - app-emulation/lxc + - app-emulation/lxc-templates + - dev-python/lxc-python2 + - dev-python/python3-lxc + - app-arch/xz-utils + - sys-apps/ethtool + +# Package to remove from the host +lxc_hosts_remove_distro_packages: + - dnsmasq + +lxc_xz_bin: xz + +system_config_dir: "/etc/conf.d" +systemd_utils_prefix: "/lib/systemd" + +lxc_cached_network_interfaces: + - src: "lxc-networkd-bridge.network.j2" + dest: "/etc/systemd/network/{{ lxc_net_bridge }}.network" + - src: "lxc-networkd-bridge.netdev.j2" + dest: "/etc/systemd/network/{{ lxc_net_bridge }}.netdev" diff --git a/vars/gentoo.yml b/vars/gentoo.yml new file mode 100644 index 00000000..87029b41 --- /dev/null +++ b/vars/gentoo.yml @@ -0,0 +1,47 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +_lxc_cache_map: + distro: gentoo + arch: "{{ lxc_architecture_mapping.get( ansible_architecture ) }}" + release: 17.0-systemd + copy_from_host: + - /etc/portage/make.conf + - /etc/portage/package.keywords/* + - /etc/portage/package.use/* + - /etc/environment + - /etc/localtime + - /etc/protocols + +_lxc_cache_prep_template: "prep-scripts/gentoo_systemd_prep.sh.j2" + +_lxc_cache_prep_timeout: 1800 +_lxc_cache_locales: + - "en_US.UTF-8 UTF-8" + +_lxc_cache_distro_packages: + - app-portage/gentoolkit + - app-misc/ca-certificates + - sys-process/cronie + - sys-apps/dbus + - sys-apps/iproute2 + - net-misc/iputils + - virtual/libffi + - dev-libs/openssl + - net-misc/openssh + - net-misc/rsync + - app-admin/sudo + - app-arch/tar + - net-misc/wget