Update the systemd-nspawn template for legacy systemd environments
The systemd-nspawn template has been updated to better support for modern systems. This was primarily done for better centos and suse support which have older versions of systemd. Change-Id: I4c01102dae8445317a3a891861f2cd4bef20492b Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
parent
0d48c2d6ec
commit
fd7bb01097
|
@ -282,6 +282,7 @@
|
||||||
src: "/var/run/systemd/resolve/resolv.conf"
|
src: "/var/run/systemd/resolve/resolv.conf"
|
||||||
dest: "/var/lib/machines/{{ inventory_hostname }}/etc/resolv.conf"
|
dest: "/var/lib/machines/{{ inventory_hostname }}/etc/resolv.conf"
|
||||||
force: true
|
force: true
|
||||||
|
follow: false
|
||||||
state: link
|
state: link
|
||||||
delegate_to: "{{ physical_host }}"
|
delegate_to: "{{ physical_host }}"
|
||||||
when:
|
when:
|
||||||
|
@ -322,7 +323,7 @@
|
||||||
daemon_reload: yes
|
daemon_reload: yes
|
||||||
name: "systemd-nspawn@{{ systemd_escape.stdout }}"
|
name: "systemd-nspawn@{{ systemd_escape.stdout }}"
|
||||||
state: "{{ ((machinectl_container_clone is changed or container_config_new is changed or container_config_old is changed) | default(false)) | ternary('restarted', 'started') }}"
|
state: "{{ ((machinectl_container_clone is changed or container_config_new is changed or container_config_old is changed) | default(false)) | ternary('restarted', 'started') }}"
|
||||||
enabled: "{{ (nspawn_systemd_version | int > 219) | ternary('true', 'false') }}"
|
enabled: true
|
||||||
register: machinectl_start
|
register: machinectl_start
|
||||||
retries: 5
|
retries: 5
|
||||||
delay: 2
|
delay: 2
|
||||||
|
|
|
@ -45,6 +45,11 @@ Documentation=man:systemd-nspawn(1)
|
||||||
PartOf=machines.target
|
PartOf=machines.target
|
||||||
Before=machines.target
|
Before=machines.target
|
||||||
After=network.target
|
After=network.target
|
||||||
|
After=network-online.target
|
||||||
|
After=systemd-networkd.service
|
||||||
|
After=systemd-resolved.service
|
||||||
|
After=nspawn-macvlan.service
|
||||||
|
Wants=network-online.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/usr/bin/systemd-nspawn --keep-unit --boot --link-journal=try-host --machine={{ systemd_escape.stdout }} {{ cli_switches | unique | join(' ') }}
|
ExecStart=/usr/bin/systemd-nspawn --keep-unit --boot --link-journal=try-host --machine={{ systemd_escape.stdout }} {{ cli_switches | unique | join(' ') }}
|
||||||
|
@ -54,7 +59,7 @@ RestartForceExitStatus=133
|
||||||
SuccessExitStatus=133
|
SuccessExitStatus=133
|
||||||
Slice=machine.slice
|
Slice=machine.slice
|
||||||
Delegate=yes
|
Delegate=yes
|
||||||
TasksMax=8192
|
TasksMax=16384
|
||||||
|
|
||||||
# Enforce a strict device policy, similar to the one nspawn configures
|
# Enforce a strict device policy, similar to the one nspawn configures
|
||||||
# when it allocates its own scope unit. Make sure to keep these
|
# when it allocates its own scope unit. Make sure to keep these
|
||||||
|
@ -76,5 +81,10 @@ DeviceAllow=/dev/loop-control rw
|
||||||
DeviceAllow=block-loop rw
|
DeviceAllow=block-loop rw
|
||||||
DeviceAllow=block-blkext rw
|
DeviceAllow=block-blkext rw
|
||||||
|
|
||||||
|
# nspawn can set up LUKS encrypted loopback files, in which case it needs
|
||||||
|
# access to /dev/mapper/control and the block devices /dev/mapper/*.
|
||||||
|
DeviceAllow=/dev/mapper/control rw
|
||||||
|
DeviceAllow=block-device-mapper rw
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=machines.target
|
||||||
|
|
Loading…
Reference in New Issue