openstack/openstack-ansible-lxc_hosts
Code Issues Proposed changes

Move the image prep script into a template file

Browse Source 
This change moves the image prep scripts out of a ser of variables and
into an actual template. This change will reduce our overall memory
footprint by simply rendering a template instead of injecting content
into a file using the copy module. The result will be faster time to
execution and more understandable output, especially when running in
debug.

Change-Id: Ic90fa7c8fdec8ffd844070ee78d30bd63a33a2a9
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
Kevin Carter 2018-03-18 14:41:29 -05:00 committed by Jesse Pretorius (odyssey4me)
parent c7dcad5ada
commit 0d8fa41d32
9 changed files with 166 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
defaults/main.yml
View File

@ -127,6 +127,13 @@ lxc_cache_prep_dns:
lxc_cache_prep_pre_commands: '## pre command skipped ##'
lxc_cache_prep_post_commands: '## post command skipped ##'
# Full path to the base image prep script. By default this will use the
# named script for a given OS within the "templates/prep-scripts" directory.
# If a deployer wishes to override this script with something else they can
# do so by defining a user variable with the full path to the local script
# which will be templated onto the deployment targets.
lxc_cache_prep_template: "{{ _lxc_cache_prep_template }}"
# List of packages to be installed into the base container cache
lxc_cache_distro_packages: "{{ _lxc_cache_distro_packages }}"

10
releasenotes/notes/template-setup-70a3daadc2a9d93b.yaml Normal file
View File

@ -0,0 +1,10 @@
---
deprecations:
- The option ``cache_prep_commands`` from ``lxc_cache_map`` has been
removed. This option has been converted to a template file within
the **lxc_hosts** role. In order to set specific cache commands within
the template it is recommended that deployers set
``lxc_cache_prep_pre_commands`` or ``lxc_cache_prep_post_commands``. If the
entire prep script needs to be overridden deployers can set
``lxc_cache_prep_template`` to the full local path of the prep template and
the role will use this script irrespective of the base container type.

11
tasks/lxc_cache_preparation.yml
View File

@ -98,18 +98,15 @@
with_items: "{{ lxc_container_cache_files }}"
- name: Cached image preparation script
copy:
content: |
#!/usr/bin/env bash
set -e -x
{{ lxc_cache_map.cache_prep_commands }}
dest: "{{ lxc_image_cache_path }}/usr/local/bin/cache-prep-commands.sh"
template:
src: "{{ lxc_cache_prep_template }}"
dest: "{{ lxc_image_cache_path }}/opt/cache-prep-commands.sh"
mode: "0755"
# This task runs several commands against the cached image to speed up the
# lxc_container_create playbook.
- name: Prepare cached image setup commands
shell: "chroot {{ lxc_image_cache_path }} /usr/local/bin/cache-prep-commands.sh > /var/log/lxc-cache-prep-commands.log 2>&1"
shell: "chroot {{ lxc_image_cache_path }} /opt/cache-prep-commands.sh > /var/log/lxc-cache-prep-commands.log 2>&1"
changed_when: false
async: "{{ lxc_cache_prep_timeout }}"
poll: 0

43
templates/prep-scripts/centos_7_prep.sh.j2 Normal file
View File

@ -0,0 +1,43 @@
#!/usr/bin/env bash
set -e -x
{{ lxc_cache_prep_pre_commands }}
mkdir -p /etc/ansible/facts.d/
rm /etc/resolv.conf || true
{% for resolver in lxc_cache_prep_dns %}
echo "nameserver {{ resolver }}" >> /etc/resolv.conf
{% endfor %}
rpm --import /etc/pki/rpm-gpg/*
# The containers do not need the LXC repository (only hosts need it).
rm -f /etc/yum.repos.d/thm-lxc2.0*
# Prefer dnf over yum for CentOS.
which dnf &>/dev/null && RHT_PKG_MGR='dnf' || RHT_PKG_MGR='yum'
# Create yum/dnf transaction file and run it all at once
echo "update" > /tmp/package-transaction.txt
echo "install {{ lxc_cache_distro_packages | join(' ') }}" >> /tmp/package-transaction.txt
echo "run" >> /tmp/package-transaction.txt
$RHT_PKG_MGR -y shell /tmp/package-transaction.txt
yum-complete-transaction --cleanup-only
rm -f /tmp/package-transaction.txt
rm -f /usr/bin/python
ln -s /usr/bin/python2.7 /usr/bin/python
rm /etc/machine-id || true
rm /var/lib/dbus/machine-id || true
rm /etc/sysctl.d/* || true
echo '' > /etc/sysctl.conf
touch /etc/machine-id
yum clean all
mkdir -p /var/backup
chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
# Set the IP of the lxcbr0 interface as the DNS server
echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf
systemctl enable systemd-networkd
{{ lxc_cache_prep_post_commands }}

50
templates/prep-scripts/opensuse_leap_42_prep.sh.j2 Normal file
View File

@ -0,0 +1,50 @@
#!/usr/bin/env bash
set -e -x
{{ lxc_cache_prep_pre_commands }}
mkdir -p /etc/ansible/facts.d/
rm /etc/resolv.conf || true
{% for resolver in lxc_cache_prep_dns %}
echo "nameserver {{ resolver }}" >> /etc/resolv.conf
{% endfor %}
# We have (tried to!) copied repo-oss and repo-update from the host so wipe everything else.
find /etc/zypp/repos.d/ -type f ! -name "repo-oss.repo" -a ! -name "repo-update.repo" -delete
zypper lr | grep -q 'repo-oss' || zypper --quiet ar {{ lxc_hosts_opensuse_mirror_url }}/distribution/leap/{{ ansible_distribution_version }}/repo/oss repo-oss
zypper lr | grep -q 'repo-update' || zypper --quiet ar {{ lxc_hosts_opensuse_mirror_url }}/update/leap/{{ ansible_distribution_version }}/oss repo-update
# Disable recommended packages. Only update what's really needed
if ! fgrep -qx "solver.onlyRequires = true" /etc/zypp/zypp.conf; then
echo -e "\n\n## Disable recommended packages\nsolver.onlyRequires = true" >> /etc/zypp/zypp.conf
fi
# Update base distribution
zypper --gpg-auto-import-keys -n dup --force-resolution -l
zypper --gpg-auto-import-keys -n in --force-resolution -l {{ lxc_cache_distro_packages | join(' ') }}
mkdir -p /var/backup
chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
# NOTE(hwoarang): Enable sshd which has been explicitely disabled in
# https://github.com/lxc/lxc-ci/commit/8dc7105399350a59698538a12b6d5a1a880ef2ba
systemctl -q unmask sshd
systemctl -q enable sshd
rm /etc/machine-id || true
rm /var/lib/dbus/machine-id || true
touch /etc/machine-id
rm /etc/sysctl.d/* || true
echo '' > /etc/sysctl.conf
for action in disable mask; do
systemctl ${action} wicked.service || true
systemctl ${action} wickedd.service || true
systemctl ${action} wickedd-auto4.service || true
systemctl ${action} wickedd-dhcp4.service || true
systemctl ${action} wickedd-dhcp6.service || true
systemctl ${action} wickedd-nanny.service || true
done
# Set the IP of the lxcbr0 interface as the DNS server
echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf
systemctl enable systemd-networkd
{{ lxc_cache_prep_post_commands }}

46
templates/prep-scripts/ubuntu_16_prep.sh.j2 Normal file
View File

@ -0,0 +1,46 @@
#!/usr/bin/env bash
set -e -x
{{ lxc_cache_prep_pre_commands }}
mkdir -p /etc/ansible/facts.d/
rm /etc/resolv.conf || true
{% for resolver in lxc_cache_prep_dns %}
echo "nameserver {{ resolver }}" >> /etc/resolv.conf
{% endfor %}
apt-key add /root/repo.keys
rm /root/repo.keys
export DEBIAN_FRONTEND=noninteractive
apt-get remove -y --purge snap* lxc* lxd* resolvconf* || true
# Update base distribution
apt-get update
apt-get upgrade -y
apt-get install -y {{ lxc_cache_install_debconf }} {{ lxc_cache_distro_packages | join(' ') }}
apt-get upgrade -y {{ lxc_cache_install_debconf }}
rm -f /usr/bin/python
rm /etc/machine-id || true
rm /var/lib/dbus/machine-id || true
touch /etc/machine-id
rm /etc/sysctl.d/* || true
echo '' > /etc/sysctl.conf
ln -s /usr/bin/python2.7 /usr/bin/python
mkdir -p /root/.ssh
chmod 700 /root/.ssh
userdel --force --remove ubuntu || true
apt-get clean
mkdir -p /var/backup
mkdir -p /etc/network/interfaces.d
chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
for action in disable mask; do
systemctl ${action} resolvconf.service || true
systemctl ${action} systemd-networkd-resolvconf-update.path || true
systemctl ${action} systemd-networkd-resolvconf-update.service || true
done
# Set the IP of the lxcbr0 interface as the DNS server
echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf
systemctl enable systemd-networkd
{{ lxc_cache_prep_post_commands }}

41
vars/redhat-7.yml
View File

@ -55,45 +55,8 @@ lxc_cache_map:
- /etc/pki/rpm-gpg/
- /etc/yum/pluginconf.d/fastestmirror.conf
- /etc/yum.repos.d/
cache_prep_commands: |
{{ lxc_cache_prep_pre_commands }}
mkdir -p /etc/ansible/facts.d/
if [ -a /etc/resolv.conf ]; then
mv /etc/resolv.conf /etc/resolv.conf.org
fi
{% for resolver in lxc_cache_prep_dns %}
echo "nameserver {{ resolver }}" >> /etc/resolv.conf
{% endfor %}
rpm --import /etc/pki/rpm-gpg/*
# The containers do not need the LXC repository (only hosts need it).
rm -f /etc/yum.repos.d/thm-lxc2.0*
# Prefer dnf over yum for CentOS.
which dnf &>/dev/null && RHT_PKG_MGR='dnf' || RHT_PKG_MGR='yum'
# Create yum/dnf transaction file and run it all at once
echo "update" > /tmp/package-transaction.txt
echo "install {{ lxc_cache_distro_packages | join(' ') }}" >> /tmp/package-transaction.txt
echo "run" >> /tmp/package-transaction.txt
$RHT_PKG_MGR -y shell /tmp/package-transaction.txt
yum-complete-transaction --cleanup-only
rm -f /tmp/package-transaction.txt
rm -f /usr/bin/python
ln -s /usr/bin/python2.7 /usr/bin/python
rm /etc/machine-id || true
rm /var/lib/dbus/machine-id || true
rm /etc/sysctl.d/*
echo '' > /etc/sysctl.conf
touch /etc/machine-id
yum clean all
mkdir -p /var/backup
chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
if [ -a /etc/resolv.conf.org ]; then
mv /etc/resolv.conf.org /etc/resolv.conf
else
rm -f /etc/resolv.conf
fi
rm /etc/sysconfig/network-scripts/ifcfg-eth0
systemctl enable systemd-networkd
{{ lxc_cache_prep_post_commands }}
_lxc_cache_prep_template: "prep-scripts/centos_7_prep.sh.j2"
_lxc_cache_distro_packages:
- ca-certificates

46
vars/suse-42.yml
View File

@ -48,50 +48,8 @@ lxc_cache_map:
- /etc/localtime
- /etc/zypp/repos.d/repo-oss.repo
- /etc/zypp/repos.d/repo-update.repo
cache_prep_commands: |
{{ lxc_cache_prep_pre_commands }}
mkdir -p /etc/ansible/facts.d/
if [ -a /etc/resolv.conf ]; then
mv /etc/resolv.conf /etc/resolv.conf.org
fi
{% for resolver in lxc_cache_prep_dns %}
echo "nameserver {{ resolver }}" >> /etc/resolv.conf
{% endfor %}
# We have (tried to!) copied repo-oss and repo-update from the host so wipe everything else.
find /etc/zypp/repos.d/ -type f ! -name "repo-oss.repo" -a ! -name "repo-update.repo" -delete
zypper lr | grep -q 'repo-oss' || zypper --quiet ar {{ lxc_hosts_opensuse_mirror_url }}/distribution/leap/{{ ansible_distribution_version }}/repo/oss repo-oss
zypper lr | grep -q 'repo-update' || zypper --quiet ar {{ lxc_hosts_opensuse_mirror_url }}/update/leap/{{ ansible_distribution_version }}/oss repo-update
# Disable recommended packages. Only update what's really needed
if ! fgrep -qx "solver.onlyRequires = true" /etc/zypp/zypp.conf; then
echo -e "\n\n## Disable recommended packages\nsolver.onlyRequires = true" >> /etc/zypp/zypp.conf
fi
# Update base distribution
zypper --gpg-auto-import-keys -n dup --force-resolution -l
zypper --gpg-auto-import-keys -n in --force-resolution -l {{ lxc_cache_distro_packages | join(' ') }}
mkdir -p /var/backup
chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
# Set the IP of the lxcbr0 interface as the DNS server
echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf
# NOTE(hwoarang): Enable sshd which has been explicitely disabled in
# https://github.com/lxc/lxc-ci/commit/8dc7105399350a59698538a12b6d5a1a880ef2ba
systemctl -q unmask sshd
systemctl -q enable sshd
rm /etc/machine-id || true
rm /var/lib/dbus/machine-id || true
touch /etc/machine-id
rm /etc/sysctl.d/*
echo '' > /etc/sysctl.conf
for action in disable mask; do
systemctl ${action} wicked.service || true
systemctl ${action} wickedd.service || true
systemctl ${action} wickedd-auto4.service || true
systemctl ${action} wickedd-dhcp4.service || true
systemctl ${action} wickedd-dhcp6.service || true
systemctl ${action} wickedd-nanny.service || true
done
rm /etc/sysconfig/network/ifcfg-eth0
systemctl enable systemd-networkd
{{ lxc_cache_prep_post_commands }}
_lxc_cache_prep_template: "prep-scripts/opensuse_leap_42_prep.sh.j2"
_lxc_cache_distro_packages:
- ca-certificates-mozilla

47
vars/ubuntu-16.04.yml
View File

@ -61,56 +61,13 @@ lxc_cache_map:
- /etc/environment
- /etc/localtime
- /root/repo.keys
cache_prep_commands: |
{{ lxc_cache_prep_pre_commands }}
mkdir -p /etc/ansible/facts.d/
if [ -a /etc/resolv.conf ]; then
mv /etc/resolv.conf /etc/resolv.conf.org
fi
{% for resolver in lxc_cache_prep_dns %}
echo "nameserver {{ resolver }}" >> /etc/resolv.conf
{% endfor %}
apt-key add /root/repo.keys
rm /root/repo.keys
export DEBIAN_FRONTEND=noninteractive
apt-get remove -y --purge snap* lxc* lxd* resolvconf* || true
# Update base distribution
apt-get update
apt-get upgrade -y
apt-get install -y {{ lxc_cache_install_debconf }} {{ lxc_cache_distro_packages | join(' ') }}
apt-get upgrade -y {{ lxc_cache_install_debconf }}
rm -f /usr/bin/python
rm /etc/machine-id || true
rm /var/lib/dbus/machine-id || true
touch /etc/machine-id
rm /etc/sysctl.d/*
echo '' > /etc/sysctl.conf
ln -s /usr/bin/python2.7 /usr/bin/python
mkdir -p /root/.ssh
chmod 700 /root/.ssh
userdel --force --remove ubuntu || true
apt-get clean
mkdir -p /var/backup
mkdir -p /etc/network/interfaces.d
chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
if [ -a /etc/resolv.conf.org ]; then
mv /etc/resolv.conf.org /etc/resolv.conf
else
rm -f /etc/resolv.conf
fi
for action in disable mask; do
systemctl ${action} resolvconf.service || true
systemctl ${action} systemd-networkd-resolvconf-update.path || true
systemctl ${action} systemd-networkd-resolvconf-update.service || true
done
rm /etc/network/interfaces
systemctl enable systemd-networkd
{{ lxc_cache_prep_post_commands }}
# This forces any modified configurations to remain, and any unmodified configs to be replaced
# ref: http://serverfault.com/questions/259226/automatically-keep-current-version-of-config-files-when-apt-get-install
lxc_cache_install_debconf: '-o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes'
_lxc_cache_prep_template: "prep-scripts/ubuntu_16_prep.sh.j2"
_lxc_cache_distro_packages:
- apt-transport-https
- ca-certificates