diff --git a/meta/main.yml b/meta/main.yml index 7eec8df6..26c4dade 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -18,7 +18,9 @@ galaxy_info: description: Deployment of LXC hosts for use in Rackspace Private Cloud company: Rackspace license: Apache2 - min_ansible_version: 2.9 + role_name: lxc_hosts + namespace: openstack + min_ansible_version: "2.10" platforms: - name: Debian versions: @@ -28,8 +30,8 @@ galaxy_info: - jammy - name: EL versions: - - 9 - categories: + - "9" + galaxy_tags: - cloud - lxc - development diff --git a/tasks/lxc_cache.yml b/tasks/lxc_cache.yml index fef2eed6..f1951f53 100644 --- a/tasks/lxc_cache.yml +++ b/tasks/lxc_cache.yml @@ -15,7 +15,8 @@ - name: Set LXC cache fact(s) set_fact: - cache_path_fact: "{{ lxc_container_cache_path }}/{{ lxc_cache_map.distro }}/{{ lxc_cache_map.release }}/{{ lxc_cache_map.arch }}/{{ lxc_cache_default_variant }}" + cache_path_fact: >- + {{ lxc_container_cache_path }}/{{ lxc_cache_map.distro }}/{{ lxc_cache_map.release }}/{{ lxc_cache_map.arch }}/{{ lxc_cache_default_variant }} cache_time: "{{ now().timestamp() }}" - name: Retrieve the expiry object @@ -36,19 +37,22 @@ tags: - always -- include_tasks: lxc_cache_rootfs.yml +- name: Including lxc_cache_rootfs tasks + include_tasks: lxc_cache_rootfs.yml when: - lxc_image_cache_refresh | bool tags: - lxc_hosts-config -- include_tasks: lxc_cache_preparation.yml +- name: Including lxc_cache_preparation tasks + include_tasks: lxc_cache_preparation.yml when: - lxc_image_cache_refresh | bool tags: - lxc_hosts-config -- include_tasks: lxc_cache_create.yml +- name: Including lxc_cache_create tasks + include_tasks: lxc_cache_create.yml when: - lxc_image_cache_refresh | bool tags: diff --git a/tasks/lxc_cache_create.yml b/tasks/lxc_cache_create.yml index 050512f2..baafd8c4 100644 --- a/tasks/lxc_cache_create.yml +++ b/tasks/lxc_cache_create.yml @@ -52,13 +52,15 @@ copy: content: "{{ cache_time | int + lxc_image_cache_expiration | community.general.to_seconds | int }}" dest: "{{ cache_path_fact }}/expiry" + mode: "0644" - name: Set build ID copy: content: "{{ cache_time | int }}" dest: "{{ cache_path_fact }}/build_id" + mode: "0644" -- name: Create base container to use for {{ lxc_container_backing_store }}-backed containers +- name: Create base container to use for containers with {{ lxc_container_backing_store }} lxc_container: name: "{{ lxc_container_base_name }}" template: "download" diff --git a/tasks/lxc_cache_preparation.yml b/tasks/lxc_cache_preparation.yml index 58d1751c..cf165a38 100644 --- a/tasks/lxc_cache_preparation.yml +++ b/tasks/lxc_cache_preparation.yml @@ -34,6 +34,7 @@ file: dest: "{{ lxc_image_cache_path }}{{ item.dest | default(item.src) | dirname }}" state: directory + mode: "0755" with_items: "{{ lxc_container_cache_files }}" - name: Copy files from deployment host to the container cache @@ -49,6 +50,7 @@ file: dest: "{{ lxc_image_cache_path }}/opt" state: directory + mode: "0755" - name: Cached image preparation script template: @@ -75,6 +77,7 @@ dest: "{{ lxc_image_cache_path }}/root/.ssh/authorized_keys" line: "{{ lxc_container_ssh_key }}" create: true + mode: "0600" # NOTE(cloudnull): Wait for the cache preparation script has completed before # building the new RootFS diff --git a/tasks/lxc_cache_rootfs.yml b/tasks/lxc_cache_rootfs.yml index ca1784d3..1da72051 100644 --- a/tasks/lxc_cache_rootfs.yml +++ b/tasks/lxc_cache_rootfs.yml @@ -52,6 +52,7 @@ file: path: "/var/lib/machines/{{ lxc_container_base_name }}" state: directory + mode: "0755" register: create_new_dir - name: Tasks for image download @@ -76,4 +77,4 @@ - name: Build the base image using a CLI tool command: "{{ lxc_hosts_container_build_command }}" when: lxc_hosts_container_build_command | length > 0 - + changed_when: false diff --git a/tasks/lxc_install_dnf.yml b/tasks/lxc_install_dnf.yml index f8342d49..23c1f3a7 100644 --- a/tasks/lxc_install_dnf.yml +++ b/tasks/lxc_install_dnf.yml @@ -30,7 +30,6 @@ state: present - - name: Add GPG key for COPR LXC repo rpm_key: key: "{{ lxc_centos_package_key }}" @@ -43,8 +42,9 @@ - name: Download EPEL gpg keys get_url: - url: "{{ lxc_centos_epel_key }}" - dest: /etc/pki/rpm-gpg + url: "{{ lxc_centos_epel_key }}" + dest: /etc/pki/rpm-gpg + mode: "0640" register: _get_yum_keys until: _get_yum_keys is success retries: 5 diff --git a/tasks/lxc_net.yml b/tasks/lxc_net.yml index 1ba8578f..bcfc9369 100644 --- a/tasks/lxc_net.yml +++ b/tasks/lxc_net.yml @@ -46,7 +46,7 @@ # and handle the customized LXC container networking. Starting lxc-net will # trample over these hooks and cause networking issues for containers. - name: Disable and stop lxc-net - service: + systemd: name: lxc-net enabled: no state: stopped @@ -100,7 +100,7 @@ {% set pres = ['-/usr/bin/pkill -u {{ lxc_net_dnsmasq_user }} "^dnsmasq"'] %} {% if lxc_net_manage_iptables | bool %} {% set _ = pres.append('/usr/local/bin/lxc-system-manage iptables-create') %} - {% endif%} + {% endif %} {{ pres }} execstarts: - /usr/local/bin/lxc-system-manage dnsmasq-start @@ -132,4 +132,5 @@ - lxc-bridge # Ensure lxc networks are running as they're supposed to -- meta: flush_handlers +- name: Flush handlers + meta: flush_handlers diff --git a/tasks/lxc_post_install.yml b/tasks/lxc_post_install.yml index 31504a0d..9bed91f0 100644 --- a/tasks/lxc_post_install.yml +++ b/tasks/lxc_post_install.yml @@ -27,9 +27,9 @@ template: src: "{{ item.src }}" dest: "{{ item.dest }}" - owner: "{{ item.owner|default('root') }}" - group: "{{ item.group|default('root') }}" - mode: "{{ item.mode|default('0644') }}" + owner: "{{ item.owner | default('root') }}" + group: "{{ item.group | default('root') }}" + mode: "{{ item.mode | default('0644') }}" with_items: - { src: lxc-openstack.conf.j2, dest: "/etc/lxc/lxc-openstack.conf" } - { src: lxc-net.default.j2, dest: "{{ system_config_dir }}/lxc-net", mode: "0644" } @@ -78,8 +78,8 @@ sysctl: name: "{{ item.key }}" value: "{{ item.value }}" - sysctl_set: "{{ item.set|default('yes') }}" - state: "{{ item.state|default('present') }}" - reload: "{{ item.reload|default('yes') }}" + sysctl_set: "{{ item.set | default('yes') }}" + state: "{{ item.state | default('present') }}" + reload: "{{ item.reload | default('yes') }}" failed_when: false with_items: "{{ lxc_kernel_options }}" diff --git a/tasks/lxc_pre_install.yml b/tasks/lxc_pre_install.yml index d1b1bead..2e899ab6 100644 --- a/tasks/lxc_pre_install.yml +++ b/tasks/lxc_pre_install.yml @@ -19,6 +19,7 @@ state: "directory" owner: "root" group: "root" + mode: "0644" with_items: - /etc/lxc - /usr/local/bin diff --git a/tasks/main.yml b/tasks/main.yml index 64db2852..a4061793 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -62,25 +62,30 @@ tags: - always -- include_tasks: lxc_pre_install.yml +- name: Including lxc_pre_install tasks + include_tasks: lxc_pre_install.yml tags: - lxc_hosts-install -- include_tasks: "lxc_install_{{ ansible_facts['pkg_mgr'] }}.yml" +- name: Including lxc_install tasks" + include_tasks: "lxc_install_{{ ansible_facts['pkg_mgr'] }}.yml" tags: - lxc_hosts-install -- include_tasks: lxc_post_install.yml +- name: Including lxc_post_install tasks + include_tasks: lxc_post_install.yml tags: - lxc_hosts-config -- include_tasks: lxc_net.yml +- name: Including lxc_net tasks + include_tasks: lxc_net.yml when: - lxc_net_managed | bool tags: - lxc_hosts-config -- include_tasks: lxc_cache.yml +- name: Including lxc_cache tasks + include_tasks: lxc_cache.yml tags: - lxc_hosts-install - lxc_hosts-config diff --git a/vars/debian.yml b/vars/debian.yml index 5045c7b0..41b76be0 100644 --- a/vars/debian.yml +++ b/vars/debian.yml @@ -13,11 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. -_lxc_hosts_container_build_command: "debootstrap --variant minbase {{ ansible_facts['distribution_release'] }} /var/lib/machines/{{ lxc_container_base_name }} {{ lxc_apt_mirror }}" +_lxc_hosts_container_build_command: >- + debootstrap --variant minbase {{ ansible_facts['distribution_release'] }} /var/lib/machines/{{ lxc_container_base_name }} {{ lxc_apt_mirror }} _lxc_cache_map: distro: "{{ ansible_facts['distribution'] | lower }}" - arch: "{{ lxc_architecture_mapping.get( ansible_facts['architecture'] ) }}" + arch: "{{ lxc_architecture_mapping.get(ansible_facts['architecture']) }}" release: "{{ ansible_facts['distribution_major_version'] }}" copy_from_host: - /etc/apt/sources.list @@ -47,7 +48,7 @@ _lxc_cache_distro_packages: - netbase - openssh-server - python3 - - "{{ _lxc_cache_distro_libpython[ansible_facts['distribution_release'] | lower] }}" + - "{{ _lxc_cache_distro_libpython[ansible_facts['distribution_release'] | lower] }}" - rsync # os_keystone runs serial=1 and uses rsync before the distro packages have been installed on all keystone targets - sudo - systemd diff --git a/vars/redhat.yml b/vars/redhat.yml index 46a75497..aab795e9 100644 --- a/vars/redhat.yml +++ b/vars/redhat.yml @@ -17,13 +17,16 @@ _lxc_cache_core_repos_list: centos: "centos-stream-release centos-stream-repos" rocky: "rocky-release rocky-repos" -_lxc_cache_core_repos: "{{ _lxc_cache_core_repos_list.get( ansible_facts['distribution'] | lower ) }}" +_lxc_cache_core_repos: "{{ _lxc_cache_core_repos_list.get(ansible_facts['distribution'] | lower) }}" -_lxc_hosts_container_build_command: "dnf --assumeyes --installroot=/var/lib/machines/{{ lxc_container_base_name }} install --setopt=install_weak_deps=False --nodocs rootfiles coreutils dnf {{ _lxc_cache_core_repos }} --releasever={{ ansible_facts['distribution_major_version'] }}" +_lxc_hosts_container_build_command: >- + dnf --assumeyes --installroot=/var/lib/machines/{{ lxc_container_base_name }} install + --setopt=install_weak_deps=False --nodocs rootfiles coreutils dnf {{ _lxc_cache_core_repos }} + --releasever={{ ansible_facts['distribution_major_version'] }} _lxc_cache_map: distro: "{{ ansible_facts['distribution'] | lower }}" - arch: "{{ lxc_architecture_mapping.get( ansible_facts['architecture'] ) }}" + arch: "{{ lxc_architecture_mapping.get(ansible_facts['architecture']) }}" release: "{{ ansible_facts['distribution_major_version'] }}" copy_from_host: - /etc/default/locale