--- # Copyright 2015, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: Perform basic LXC host setup hosts: localhost connection: local pre_tasks: - name: Ensure root's new public ssh key is in authorized_keys authorized_key: user: root key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}" manage_dir: no - set_fact: lxc_container_ssh_key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}" - name: Check if this is an OpenStack-CI nodepool instance stat: path: /etc/nodepool/provider register: nodepool - name: Set the files to copy into the container cache for OpenStack-CI instances set_fact: lxc_container_cache_files: - { src: '/etc/pip.conf', dest: '/etc/pip.conf' } - { src: '/etc/apt/apt.conf.d/99unauthenticated', dest: '/etc/apt/apt.conf.d/99unauthenticated' } when: nodepool.stat.exists | bool - name: Determine the existing Ubuntu repo configuration shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list' register: ubuntu_repo changed_when: false - name: Set apt repo facts based on discovered information set_fact: lxc_container_template_main_apt_repo: "{{ ubuntu_repo.stdout }}" lxc_container_template_security_apt_rep: "{{ ubuntu_repo.stdout }}" roles: - role: "lxc_hosts" lxc_net_address: 10.100.100.1 lxc_net_dhcp_range: 10.100.100.8,10.100.100.253 lxc_net_bridge: lxcbr0 lxc_kernel_options: - { key: 'fs.inotify.max_user_instances', value: 1024 } lxc_container_caches: - url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz" name: "trusty.tgz" sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c" chroot_path: trusty/rootfs-amd64 - role: "py_from_git" git_repo: "https://github.com/lxc/python2-lxc" git_dest: "/opt/lxc_python2" git_install_branch: "master" post_tasks: # THIS TASK IS ONLY BEING DONE BECAUSE THE TOX SHARED LXC LIB IS NOT USABLE ON A # HOST MACHINE THAT MAY NOT HAVE ACCESS TO THE VENV. - name: Ensure the lxc lib is on the host command: /usr/local/bin/pip install /opt/lxc_python2 # Inventory is being pre-loaded using a post tasks instead of through a dynamic # inventory system. While this is not a usual method for deployment it's being # done for functional testing. - name: Create container hosts add_host: groups: "{{ item.groups }}" hostname: "{{ item.name }}" inventory_hostname: "{{ item.name }}" ansible_ssh_host: "{{ item.address }}" ansible_become: true properties: service_name: "{{ item.service }}" container_networks: management_address: address: "{{ item.address }}" bridge: "lxcbr0" interface: "eth1" netmask: "255.255.252.0" type: "veth" physical_host: localhost container_name: "{{ item.name }}" with_items: - { name: "infra1", service: "infra1", address: "10.100.100.2", groups: "all,all_containers,rabbitmq_all,galera_all,service_all" } - { name: "openstack1", service: "openstack1", address: "10.100.100.3", groups: "all,all_containers,keystone_all,neutron_agent,neutron_dhcp_agent,neutron_linuxbridge_agent,neutron_metering_agent,neutron_l3_agent,neutron_lbaas_agent,neutron_metadata_agent,neutron_server,neutron_all" }