Resolve bad assumptions about the base OS

The change moves several tasks around and adds packages to the install process which were previously assumed to be present on the base OS. This also updates the lxc-net-bridge template to be more configurable to address issues where the base OS is more minimal than previously expected. Change-Id: I3c8225124a5f18db81259e1d52d0168ef52c3c17 Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-03-03 11:44:49 -06:00 · 2016-03-03 11:44:49 -06:00 · fe999d1715
commit fe999d1715
parent ef19d81a86
7 changed files with 93 additions and 66 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -64,6 +64,7 @@ lxc_container_template_apt_components:

 # Required apt packages.
 lxc_apt_packages:
+  - apparmor
  - apparmor-utils
  - bridge-utils
  - cgmanager
@ -71,6 +72,11 @@ lxc_apt_packages:
  - debootstrap
  - dnsmasq
  - git
+  - irqbalance
+  # Note (odyssey4me): This package is needed for the Ansible
+  # unarchive module to ensure that it can properly unarchive
+  # files/folders with unicode names
+  - language-pack-en
  - liblxc1
  - lxc
  - lxc-dev
--- a/other-requirements.txt
+++ b/other-requirements.txt
@ -9,3 +9,8 @@
 # is better to have this file empty, otherwise OpenStack-CI
 # will fall back to installing its default packages which
 # will potentially be detrimental to the tests executed.
+
+# OpenStack-CI's Jenkins needs curl
+# TODO(odyssey4me) remove this once https://review.openstack.org/288634 has merged
+# and the disk images are rebuilt and redeployed.
+curl
--- a/tasks/lxc_post_install.yml
+++ b/tasks/lxc_post_install.yml
@ -0,0 +1,70 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Ensure the lxc dnsmasq user exists
+  user:
+    name: "{{ lxc_net_dnsmasq_user }}"
+    comment: "LXC dnsmasq"
+    system: "yes"
+    shell: "/bin/false"
+    home: "/var/lib/lxc"
+  tags:
+    - lxc-dnsmasq-user
+
+- name: Drop base config file(s)
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "{{ item.owner|default('root') }}"
+    group: "{{ item.group|default('root') }}"
+    mode: "{{ item.mode|default('0644') }}"
+  with_items:
+    - { src: lxc-openstack.conf.j2, dest: "/etc/lxc/lxc-openstack.conf" }
+    - { src: lxc.default.j2, dest: "/etc/default/lxc-net", mode: "0644" }
+    - { src: lxc-system-manage.j2, dest: "/usr/local/bin/lxc-system-manage", mode: "0755" }
+    - { src: manual-init.override.j2, dest: "/etc/init/lxc-net.override" }
+  tags:
+    - lxc-files
+    - lxc-config
+
+- name: Drop irqbalance config
+  template:
+    src: "irqbalance.j2"
+    dest: "/etc/default/irqbalance"
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  notify:
+    - Restart irqbalance
+  tags:
+    - lxc-files
+    - lxc-irqbalance
+
+- name: Drop lxc-openstack app armor profile
+  template:
+    src: "lxc-openstack.apparmor.j2"
+    dest: "/etc/apparmor.d/lxc/lxc-openstack"
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  notify:
+    - Load lxc-openstack apparmor profile
+    - Restart apparmor
+  tags:
+    - lxc-files
+    - lxc-apparmor
+
+# Ensure apparmor reindex runs before other things that may fail
+- meta: flush_handlers
--- a/tasks/lxc_pre_install.yml
+++ b/tasks/lxc_pre_install.yml
@ -31,59 +31,3 @@
    - "{{ lxc_container_cache_path }}"
  tags:
    - lxc-directories
-
- name: Ensure the lxc dnsmasq user exists
-  user:
-    name: "{{ lxc_net_dnsmasq_user }}"
-    comment: "LXC dnsmasq"
-    system: "yes"
-    shell: "/bin/false"
-    home: "/var/lib/lxc"
-  tags:
-    - lxc-dnsmasq-user
-
- name: Drop base config file(s)
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: "{{ item.owner|default('root') }}"
-    group: "{{ item.group|default('root') }}"
-    mode: "{{ item.mode|default('0644') }}"
-  with_items:
-    - { src: lxc-openstack.conf.j2, dest: "/etc/lxc/lxc-openstack.conf" }
-    - { src: lxc.default.j2, dest: "/etc/default/lxc-net", mode: "0644" }
-    - { src: lxc-system-manage.j2, dest: "/usr/local/bin/lxc-system-manage", mode: "0755" }
-    - { src: manual-init.override.j2, dest: "/etc/init/lxc-net.override" }
-  tags:
-    - lxc-files
-    - lxc-config
-
- name: Drop irqbalance config
-  template:
-    src: "irqbalance.j2"
-    dest: "/etc/default/irqbalance"
-    owner: "root"
-    group: "root"
-    mode: "0644"
-  notify:
-    - Restart irqbalance
-  tags:
-    - lxc-files
-    - lxc-irqbalance
-
- name: Drop lxc-openstack app armor profile
-  template:
-    src: "lxc-openstack.apparmor.j2"
-    dest: "/etc/apparmor.d/lxc/lxc-openstack"
-    owner: "root"
-    group: "root"
-    mode: "0644"
-  notify:
-    - Load lxc-openstack apparmor profile
-    - Restart apparmor
-  tags:
-    - lxc-files
-    - lxc-apparmor
-
-# Ensure apparmor reindex runs before other things that may fail
- meta: flush_handlers
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -14,9 +14,10 @@
 # limitations under the License.

 - include: lxc_pre_install.yml
+- include: lxc_install.yml
+- include: lxc_post_install.yml
 - include: lxc_kernel_tuning.yml
 - include: lxc_net.yml
- include: lxc_install.yml
 - include: lxc_dnsmasq_cleanup.yml
 - include: lxc_cache.yml
 - include: lxc_cache_preparation.yml
--- a/templates/lxc-net-bridge.cfg.j2
+++ b/templates/lxc-net-bridge.cfg.j2
@ -4,22 +4,19 @@ auto {{ lxc_net_bridge }}
 iface {{ lxc_net_bridge }} inet static
    address {{ lxc_net_address }}
    netmask {{ lxc_net_netmask }}
-{% if lxc_net_nat == "true" %}
-{% if lxc_net_gateway != "none" %}
+{%- if lxc_net_gateway is not none %}
    gateway {{ lxc_net_gateway }}
-{% endif %}
-{% if lxc_net_mtu is defined %}
+{% endif -%}
+{%- if lxc_net_mtu is defined %}
    mtu {{ lxc_net_mtu }}
-{% endif %}
-    # nat rules start and stop
-    post-up /usr/local/bin/lxc-system-manage iptables-create
-    post-down /usr/local/bin/lxc-system-manage iptables-remove
-{% endif %}
+{% endif -%}
+{%- if lxc_net_nat | bool %}
    # dnsmasq start and stop
    post-up /usr/local/bin/lxc-system-manage dnsmasq-start || true
    post-up /usr/local/bin/lxc-system-manage iptables-create
    post-down /usr/local/bin/lxc-system-manage dnsmasq-stop
    post-down /usr/local/bin/lxc-system-manage iptables-remove
+{% endif -%}
    bridge_fd 0
    bridge_maxwait 0
    bridge_ports {{ lxc_net_bridge_port }}
--- a/tox.ini
+++ b/tox.ini
@ -15,6 +15,7 @@ whitelist_externals =
    bash
    git
    rm
+    wget
 setenv =
    VIRTUAL_ENV={envdir}
    ANSIBLE_HOST_KEY_CHECKING = False
@ -108,6 +109,9 @@ commands =
    rm -rf {homedir}/.ansible
    git clone https://git.openstack.org/openstack/openstack-ansible-plugins \
              {homedir}/.ansible/plugins
+    # This plugin makes the ansible-playbook output easier to read
+    wget -O {homedir}/.ansible/plugins/callback/human_log.py \
+      https://gist.githubusercontent.com/cliffano/9868180/raw/f360f306b3c6d689734a6aa8773a00edf16a0054/human_log.py
    ansible-galaxy install \
                   --role-file={toxinidir}/tests/ansible-role-requirements.yml \
                   --ignore-errors \