Add Bionic testing
Now that bionic testing is added into the tests repos, we can start testing it in the repo. cgmanager isn't in bionic, and therefore is removed The service module isn't in bionic, and therefore it's been renamed to "systemd". The apparmor setup we were doing was breaking the apparmor profiles required. While this worked in xenial it breaks bionic. To fix this we're just disabling the apparmor profiles instead of trying to to augment them through block file changes. Depends-On: https://review.openstack.org/#/c/566959/ Change-Id: Ie4bca80d0dba7b0da0b5829b91cd6d815894aeaa Co-Authored-By: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
parent
7f04e633c0
commit
2910c5ad60
@ -150,7 +150,7 @@ lxc_cache_prep_post_commands: '## post command skipped ##'
|
||||
# "{{ ansible_distribution }}-{{ ansible_distribution_version }}-container.yml"
|
||||
# or by providing the full path to a local file containing all of the variables
|
||||
# needed to prepare a container. built-in supported values are:
|
||||
# [redhat-7.yml, suse-42.yml, ubuntu-16.04.yml]
|
||||
# [redhat-7.yml, suse-42.yml, ubuntu-16.04.yml, ubuntu-18.04.yml]
|
||||
lxc_user_defined_container: null
|
||||
|
||||
# Full path to the base image prep script. By default this will use the
|
||||
|
@ -14,23 +14,23 @@
|
||||
# limitations under the License.
|
||||
|
||||
- name: Start apparmor
|
||||
service:
|
||||
systemd:
|
||||
name: "apparmor"
|
||||
enabled: yes
|
||||
state: "started"
|
||||
|
||||
- name: Reload apparmor
|
||||
service:
|
||||
systemd:
|
||||
name: "apparmor"
|
||||
state: "reloaded"
|
||||
state: "restarted"
|
||||
|
||||
- name: Init reload
|
||||
command: "initctl reload-configuration"
|
||||
|
||||
- name: Restart dbus
|
||||
service:
|
||||
systemd:
|
||||
name: "dbus"
|
||||
state: "reloaded"
|
||||
state: "restarted"
|
||||
|
||||
- name: Restart machined
|
||||
systemd:
|
||||
@ -45,7 +45,7 @@
|
||||
state: "started"
|
||||
|
||||
- name: Restart irqbalance
|
||||
service:
|
||||
systemd:
|
||||
name: "irqbalance"
|
||||
state: "restarted"
|
||||
enabled: "yes"
|
||||
@ -81,12 +81,12 @@
|
||||
state: "absent"
|
||||
|
||||
- name: Restart dnsmasq
|
||||
service:
|
||||
systemd:
|
||||
name: "lxc-dnsmasq"
|
||||
state: "restarted"
|
||||
enabled: "yes"
|
||||
daemon_reload: yes
|
||||
register: _lxc_dnsmasq_service
|
||||
until: _lxc_dnsmasq_service | success
|
||||
register: _lxc_dnsmasq_systemd
|
||||
until: _lxc_dnsmasq_systemd | success
|
||||
retries: 5
|
||||
delay: 5
|
||||
|
@ -22,6 +22,7 @@ galaxy_info:
|
||||
platforms:
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- bionic
|
||||
- xenial
|
||||
- name: EL
|
||||
versions:
|
||||
|
@ -14,16 +14,18 @@
|
||||
|
||||
# NOTE(hwoarang) default dnsmasq profile is too restrictive so we
|
||||
# need to adjust it for neutron.
|
||||
- name: Relax dnsmasq apparmor profile
|
||||
blockinfile:
|
||||
- name: Check for apparmor profile
|
||||
stat:
|
||||
path: "/etc/apparmor.d/local/usr.sbin.dnsmasq"
|
||||
block: |-
|
||||
/etc/neutron/** r,
|
||||
/openstack/log/** rw,
|
||||
/var/log/neutron/** rw,
|
||||
/var/lib/neutron/** rw,
|
||||
capability chown,
|
||||
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
||||
register: sbin_dnsmasq
|
||||
|
||||
- name: Relax dnsmasq apparmor profile
|
||||
file:
|
||||
src: "/etc/apparmor.d/local/usr.sbin.dnsmasq"
|
||||
dest: "/etc/apparmor.d/disable/usr.sbin.dnsmasq"
|
||||
state: link
|
||||
when:
|
||||
- sbin_dnsmasq.stat.exists | bool
|
||||
notify:
|
||||
- Start apparmor
|
||||
- Reload apparmor
|
||||
@ -34,11 +36,18 @@
|
||||
|
||||
# NOTE(hwoarang) add attach_disconnected to ping profile to allow it to
|
||||
# work on overlayfs
|
||||
- name: Relax ping apparmor profile
|
||||
lineinfile:
|
||||
line: /{usr/,}bin/ping flags=(attach_disconnected) {
|
||||
- name: Check for apparmor profile
|
||||
stat:
|
||||
path: "/etc/apparmor.d/bin.ping"
|
||||
regexp: '^/\{usr/,\}bin/ping.*\{'
|
||||
register: bin_ping
|
||||
|
||||
- name: Relax ping apparmor profile
|
||||
file:
|
||||
src: "/etc/apparmor.d/bin.ping"
|
||||
dest: "/etc/apparmor.d/disable/usr.sbin.dnsmasq"
|
||||
state: link
|
||||
when:
|
||||
- bin_ping.stat.exists | bool
|
||||
notify:
|
||||
- Start apparmor
|
||||
- Reload apparmor
|
||||
@ -61,4 +70,3 @@
|
||||
- lxc-files
|
||||
- lxc-apparmor
|
||||
- lxc_hosts-config
|
||||
|
||||
|
53
templates/prep-scripts/ubuntu_18_prep.sh.j2
Normal file
53
templates/prep-scripts/ubuntu_18_prep.sh.j2
Normal file
@ -0,0 +1,53 @@
|
||||
#!/usr/bin/env bash
|
||||
# TODO(evrardjp): Make this script ubuntu version agnostic or
|
||||
# remove it if no change happens in bionic vs xenial
|
||||
set -e -x
|
||||
|
||||
{{ lxc_cache_prep_pre_commands }}
|
||||
|
||||
{% include 'templates/prep-scripts/_container_sys_setup.sh.j2' %}
|
||||
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
apt-get remove -y --purge snap* lxc* lxd* resolvconf* || true
|
||||
|
||||
# Update base distribution
|
||||
apt-get update
|
||||
apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes gnupg
|
||||
|
||||
apt-key add /root/repo.keys
|
||||
rm /root/repo.keys
|
||||
|
||||
apt-get upgrade -y
|
||||
apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes {{ lxc_cache_distro_packages | join(' ') }}
|
||||
apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes
|
||||
rm -f /usr/bin/python
|
||||
rm /etc/machine-id || true
|
||||
rm /var/lib/dbus/machine-id || true
|
||||
touch /etc/machine-id
|
||||
rm /etc/sysctl.d/* || true
|
||||
echo '' > /etc/sysctl.conf
|
||||
ln -s /usr/bin/python2.7 /usr/bin/python
|
||||
mkdir -p /root/.ssh
|
||||
chmod 700 /root/.ssh
|
||||
userdel --force --remove ubuntu || true
|
||||
apt-get clean
|
||||
mkdir -p /var/backup
|
||||
mkdir -p /etc/network/interfaces.d
|
||||
chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
|
||||
for action in disable mask; do
|
||||
systemctl ${action} resolvconf.service || true
|
||||
systemctl ${action} systemd-networkd-resolvconf-update.path || true
|
||||
systemctl ${action} systemd-networkd-resolvconf-update.service || true
|
||||
done
|
||||
|
||||
{% for locale in lxc_cache_locales %}
|
||||
locale-gen {{ locale }}
|
||||
{% if loop.first | bool %}
|
||||
update-locale LANG={{ locale }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
# Set the IP of the lxcbr0 interface as the DNS server
|
||||
echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf
|
||||
systemctl enable systemd-networkd
|
||||
{{ lxc_cache_prep_post_commands }}
|
57
vars/ubuntu-18.04-host.yml
Normal file
57
vars/ubuntu-18.04-host.yml
Normal file
@ -0,0 +1,57 @@
|
||||
---
|
||||
# Copyright 2016, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
## APT Cache Options
|
||||
cache_timeout: 600
|
||||
|
||||
# Required apt packages.
|
||||
lxc_hosts_distro_packages:
|
||||
- apparmor
|
||||
- apparmor-profiles
|
||||
- apparmor-utils
|
||||
- aria2
|
||||
- bridge-utils
|
||||
- btrfs-tools
|
||||
- cgroup-lite
|
||||
- dbus
|
||||
- debootstrap
|
||||
- dnsmasq-base
|
||||
- git
|
||||
- ifupdown
|
||||
- iptables
|
||||
- irqbalance
|
||||
- language-pack-en
|
||||
- liblxc1
|
||||
- lxc
|
||||
- lxc-dev
|
||||
- lxc-templates
|
||||
- python-dev
|
||||
- python-lxc
|
||||
- python3-lxc
|
||||
- systemd-container
|
||||
- pxz
|
||||
|
||||
# Package to remove from the host
|
||||
lxc_hosts_remove_distro_packages:
|
||||
- dnsmasq
|
||||
|
||||
lxc_xz_bin: pxz
|
||||
|
||||
system_config_dir: "/etc/default"
|
||||
systemd_utils_prefix: "/lib/systemd"
|
||||
|
||||
lxc_cached_network_interfaces:
|
||||
- src: "lxc-net-bridge.cfg.j2"
|
||||
dest: "/etc/network/interfaces.d/lxc-net-bridge.cfg"
|
56
vars/ubuntu-18.04.yml
Normal file
56
vars/ubuntu-18.04.yml
Normal file
@ -0,0 +1,56 @@
|
||||
---
|
||||
# Copyright 2016, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
_lxc_hosts_container_image_url: "http://cdimage.ubuntu.com/ubuntu-base/releases/18.04/release/ubuntu-base-18.04-base-{{ lxc_cache_map.arch }}.tar.gz"
|
||||
|
||||
_lxc_cache_map:
|
||||
distro: ubuntu
|
||||
arch: "{{ lxc_architecture_mapping.get( ansible_architecture ) }}"
|
||||
release: bionic
|
||||
copy_from_host:
|
||||
- /etc/apt/sources.list
|
||||
- /etc/apt/apt.conf.d/
|
||||
- /etc/apt/preferences.d/
|
||||
- /etc/environment
|
||||
- /etc/localtime
|
||||
- /root/repo.keys
|
||||
- /etc/protocols
|
||||
|
||||
_lxc_cache_prep_template: "prep-scripts/ubuntu_18_prep.sh.j2"
|
||||
|
||||
_lxc_cache_distro_packages:
|
||||
- apt-transport-https
|
||||
- ca-certificates
|
||||
- cron # bionic doesn't have cronie
|
||||
- dbus
|
||||
- debianutils # for 'which' executable
|
||||
- gcc
|
||||
- iproute2
|
||||
- iputils-ping
|
||||
- libffi-dev
|
||||
- libssl-dev
|
||||
- locales
|
||||
- netbase
|
||||
- openssh-server
|
||||
- openssl
|
||||
- python2.7
|
||||
- python-dev
|
||||
- python3-dev
|
||||
- rsync
|
||||
- sudo
|
||||
- systemd
|
||||
- systemd-sysv
|
||||
- tar
|
||||
- wget
|
@ -18,6 +18,7 @@
|
||||
- openstack-ansible-linters
|
||||
- openstack-ansible-functional-centos-7
|
||||
- openstack-ansible-functional-opensuse-423
|
||||
- openstack-ansible-functional-ubuntu-bionic
|
||||
- openstack-ansible-functional-ubuntu-xenial
|
||||
- openstack-ansible-lxc-dir-centos-7
|
||||
- openstack-ansible-lxc-dir-opensuse-423
|
||||
@ -40,4 +41,5 @@
|
||||
- openstack-ansible-linters
|
||||
- openstack-ansible-functional-centos-7
|
||||
- openstack-ansible-functional-opensuse-423
|
||||
- openstack-ansible-functional-ubuntu-bionic
|
||||
- openstack-ansible-functional-ubuntu-xenial
|
||||
|
Loading…
x
Reference in New Issue
Block a user