diff --git a/ansible-role-requirements.yml b/ansible-role-requirements.yml index aee9864291..7723310629 100644 --- a/ansible-role-requirements.yml +++ b/ansible-role-requirements.yml @@ -194,3 +194,14 @@ scm: git src: https://github.com/logan2211/ansible-haproxy-endpoints version: 49901861b16b8afaa9bccdbc649ac956610ff22b + +# Once the initial commit for nspawn has been merged we can work on porting +# these roles over into the openstack-ansible namspace. +- name: nspawn_container_create + src: https://github.com/cloudnull/ansible-nspawn_container_create + scm: git + version: master +- name: nspawn_host + src: https://github.com/cloudnull/ansible-nspawn_host + scm: git + version: master diff --git a/etc/openstack_deploy/openstack_user_config.yml.aio.j2 b/etc/openstack_deploy/openstack_user_config.yml.aio.j2 index 4edfc671fc..bd4f5b7fb9 100644 --- a/etc/openstack_deploy/openstack_user_config.yml.aio.j2 +++ b/etc/openstack_deploy/openstack_user_config.yml.aio.j2 @@ -120,6 +120,9 @@ global_overrides: shared-infra_hosts: aio1: ip: 172.29.236.100 + container_vars: + # Optional | container_tech for a target host, default is "lxc". + container_tech: "{{ container_tech }}" repo-infra_hosts: aio1: diff --git a/etc/openstack_deploy/openstack_user_config.yml.example b/etc/openstack_deploy/openstack_user_config.yml.example index c56fc4767b..d50d6e242b 100644 --- a/etc/openstack_deploy/openstack_user_config.yml.example +++ b/etc/openstack_deploy/openstack_user_config.yml.example @@ -325,6 +325,37 @@ # infra3: # ip: 172.29.236.103 # +# List of target hosts on which to deploy shared infrastructure services +# and define the the container_tech for a specific infra node. If this setting +# is omitted the inventory generation system will default to "lxc". Accpetable +# options are "lxc" and "nspawn". +# +# Level: (required, string) +# Hostname of a target host. +# +# Option: ip (required, string) +# IP address of this target host, typically the IP address assigned to +# the management bridge. +# +# Level: container_vars (required) +# Contains storage options for this target host. +# +# Example: +# +# Define three shared infrastructure hosts with different "container_tech": +# +# shared-infra_hosts: +# infra1: +# ip: 172.29.236.101 +# container_vars: +# container_tech: nspawn +# infra2: +# ip: 172.29.236.102 +# container_vars: +# container_tech: lxc +# infra3: +# ip: 172.29.236.103 +# # -------- # # Level: repo-infra_hosts (required) @@ -764,4 +795,3 @@ # address is ``193.0.14.129``. To change this default, # set the ``keepalived_ping_address`` variable in the # ``user_variables.yml`` file. - diff --git a/etc/openstack_deploy/openstack_user_config.yml.prod.example b/etc/openstack_deploy/openstack_user_config.yml.prod.example index 14b9df81a0..a49ea6ee20 100644 --- a/etc/openstack_deploy/openstack_user_config.yml.prod.example +++ b/etc/openstack_deploy/openstack_user_config.yml.prod.example @@ -81,8 +81,14 @@ global_overrides: shared-infra_hosts: infra1: ip: 172.29.236.11 + container_vars: + # Optional | Example setting the container_tech for a target host. + container_tech: lxc infra2: ip: 172.29.236.12 + container_vars: + # Optional | Example setting the container_tech for a target host. + container_tech: nspawn infra3: ip: 172.29.236.13 diff --git a/inventory/group_vars/all/all.yml b/inventory/group_vars/all/all.yml index 67a8772614..0cbf871efe 100644 --- a/inventory/group_vars/all/all.yml +++ b/inventory/group_vars/all/all.yml @@ -66,7 +66,8 @@ service_region: RegionOne ## OpenStack Domain openstack_domain: openstack.local -lxc_container_domain: "{{ openstack_domain }}" +lxc_container_domain: "{{ container_domain }}" +container_domain: "{{ openstack_domain }}" ## DHCP Domain Name dhcp_domain: openstacklocal diff --git a/inventory/group_vars/all_containers.yml b/inventory/group_vars/all_containers.yml index e158d7b0d7..c7a3a82e20 100644 --- a/inventory/group_vars/all_containers.yml +++ b/inventory/group_vars/all_containers.yml @@ -28,4 +28,3 @@ lxc_container_wait_params: delay: 3 # Wait 60 seconds for the container to respond timeout: 60 - diff --git a/osa_toolkit/generate.py b/osa_toolkit/generate.py index 7adcca90a8..0a4171716f 100755 --- a/osa_toolkit/generate.py +++ b/osa_toolkit/generate.py @@ -114,8 +114,9 @@ class MissingStaticRouteInfo(Exception): class LxcHostsDefined(Exception): def __init__(self): - self.message = ("The group 'lxc_hosts' must not be defined in config;" - " it will be dynamically generated.") + self.message = ("The group 'lxc_hosts' or 'nspawn_hosts' must not" + " be defined in config; it will be dynamically " + " generated.") def __str__(self): return self.message @@ -754,9 +755,10 @@ def populate_lxc_hosts(inventory): :param inventory: The dictionary containing the Ansible inventory """ - host_nodes = _find_lxc_hosts(inventory) - inventory['lxc_hosts'] = {'hosts': host_nodes} - logger.debug("Created lxc_hosts group.") + lxc_host_nodes, nspawn_host_nodes = _find_lxc_hosts(inventory) + inventory['nspawn_hosts'] = {'hosts': nspawn_host_nodes} + inventory['lxc_hosts'] = {'hosts': lxc_host_nodes} + logger.debug("Created lxc_hosts and nspawn_hosts group.") def _find_lxc_hosts(inventory): @@ -773,16 +775,33 @@ def _find_lxc_hosts(inventory): :returns: List of hostnames that are LXC hosts :rtype: list """ - host_nodes = [] + lxc_host_nodes = [] + nspawn_host_nodes = [] for host, hostvars in inventory['_meta']['hostvars'].items(): physical_host = hostvars.get('physical_host', None) + container_tech = hostvars.get('container_tech', 'lxc') + hostvars['container_tech'] = container_tech # We want this node's "parent", so append the physical host if not host == physical_host: - appended = du.append_if(array=host_nodes, item=physical_host) + if container_tech == 'lxc': + appended = du.append_if( + array=lxc_host_nodes, + item=physical_host + ) + elif container_tech == 'nspawn': + appended = du.append_if( + array=nspawn_host_nodes, + item=physical_host + ) + else: + appended = None + if appended: - logger.debug("%s added to lxc_hosts group", physical_host) - return host_nodes + logger.debug("%s added to lxc_hosts and nspawn_hosts group", + physical_host) + + return lxc_host_nodes, nspawn_host_nodes def _ensure_inventory_uptodate(inventory, container_skel): @@ -908,7 +927,9 @@ def _check_multiple_ips_to_host(config): def _check_lxc_hosts(config): if 'lxc_hosts' in config.keys(): raise LxcHostsDefined() - logger.debug("lxc_hosts group not defined") + elif 'nspawn_hosts' in config.keys(): + raise LxcHostsDefined() + logger.debug("lxc_hosts or nspawn_hosts group not defined") def _check_group_branches(config, physical_skel): diff --git a/playbooks/common-tasks/os-nspawn-container-setup.yml b/playbooks/common-tasks/os-nspawn-container-setup.yml new file mode 100644 index 0000000000..790a4c87c6 --- /dev/null +++ b/playbooks/common-tasks/os-nspawn-container-setup.yml @@ -0,0 +1,134 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Pull systemd version + command: "systemctl --version" + changed_when: false + register: systemd_version + delegate_to: "{{ physical_host }}" + tags: + - skip_ansible_lint + - always + +- name: Set facts + set_fact: + nspawn_systemd_version: "{{ systemd_version.stdout_lines[0].split()[-1] }}" + tags: + - always + +- name: Escape quote container name + command: "systemd-escape {{ inventory_hostname }}" + changed_when: false + register: systemd_escape + delegate_to: "{{ physical_host }}" + tags: + - skip_ansible_lint + - always + +- name: Ensure mount directories exists (container) + file: + path: "{{ item['mount_path'] }}" + state: "directory" + with_items: + - "{{ list_of_bind_mounts | default([]) }}" + delegate_to: "{{ physical_host }}" + when: + - not is_metal | bool + tags: + - common-nspawn + +- name: Ensure mount directories exists (physical host) + file: + path: "{{ item['bind_dir_path'] }}" + state: "directory" + with_items: + - "{{ list_of_bind_mounts | default([]) }}" + when: + - not is_metal | bool + tags: + - common-nspawn + +- name: Create container bind mount config + lineinfile: + dest: "/etc/systemd/nspawn/{{ inventory_hostname }}.nspawn" + line: "Bind={{ item['mount_path'] }}:{{ item['bind_dir_path'] }}" + insertafter: "^Bind" + backup: "true" + with_items: + - "{{ list_of_bind_mounts | default([]) }}" + delegate_to: "{{ physical_host }}" + register: _ec + when: + - not is_metal | bool + - nspawn_systemd_version | int > 219 + tags: + - common-nspawn + +- name: Create container bind mount config (old) + block: + - name: Get ExecStart from config + shell: >- + grep -w '^ExecStart=/usr/bin/systemd-nspawn' + /etc/systemd/system/systemd-nspawn@$(/usr/bin/systemd-escape {{ inventory_hostname }}).service + delegate_to: "{{ physical_host }}" + register: _ec_old_start + changed_when: false + + - name: set flag fact + set_fact: + nspawn_flags: "{{ _ec_old_start.stdout.split('ExecStart=/usr/bin/systemd-nspawn')[-1] }}" + nspawn_extra_flags: "{% for item in list_of_bind_mounts %} --bind={{ item['mount_path'] }}:{{ item['bind_dir_path'] }}{% endfor %}" + + - name: set flag list + set_fact: + nspawn_flag_list: "{{ nspawn_flags.split() | union(nspawn_extra_flags.split()) | unique }}" + + - name: Add line in container start config + lineinfile: + dest: "/etc/systemd/system/systemd-nspawn@{{ systemd_escape.stdout }}.service" + line: "ExecStart=/usr/bin/systemd-nspawn {{ nspawn_flag_list | join(' ') }}" + regexp: "^ExecStart" + backup: "true" + delegate_to: "{{ physical_host }}" + register: _ec + when: + - not is_metal | bool + - list_of_bind_mounts | default([]) + - nspawn_systemd_version | int < 220 + tags: + - common-nspawn + +- name: Restart container + systemd: + name: "systemd-nspawn@{{ systemd_escape.stdout }}" + state: restarted + register: _container_restart + until: _container_restart | success + retries: 3 + delay: 5 + delegate_to: "{{ physical_host }}" + when: + - _ec | changed + tags: + - common-nspawn + +- name: Wait for container connectivity + wait_for_connection: + delay: 3 + timeout: 60 + when: + - _container_restart | changed + tags: + - common-nspawn diff --git a/playbooks/containers-deploy.yml b/playbooks/containers-deploy.yml index a18fed638c..5adaecf6cf 100644 --- a/playbooks/containers-deploy.yml +++ b/playbooks/containers-deploy.yml @@ -13,5 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -- include: "containers-{{ container_tech | default('lxc') }}-host.yml" -- include: "containers-{{ container_tech | default('lxc') }}-create.yml" +- include: "containers-lxc-host.yml" +- include: "containers-lxc-create.yml" +- include: "containers-nspawn-host.yml" +- include: "containers-nspawn-create.yml" diff --git a/playbooks/containers-lxc-create.yml b/playbooks/containers-lxc-create.yml index 9b7ae59527..ab04220334 100644 --- a/playbooks/containers-lxc-create.yml +++ b/playbooks/containers-lxc-create.yml @@ -14,11 +14,25 @@ # limitations under the License. - name: Gather lxc container host facts - hosts: "{{ lxc_host_group | default('lxc_hosts')}}" + hosts: "{{ lxc_host_group | default('lxc_hosts') }}" gather_facts: "{{ osa_gather_facts | default(True) }}" +- name: Set lxc containers group + hosts: "{{ container_group | default('all_containers') }}" + gather_facts: false + tasks: + - name: Add hosts to dynamic inventory group + group_by: + key: lxc_containers + parents: all_lxc_containers + when: + - container_tech == 'lxc' + tags: + - always + - lxc-containers-create + - name: Create container(s) - hosts: "{{ container_group|default('all_containers') }}" + hosts: all_lxc_containers gather_facts: false max_fail_percentage: 20 user: root @@ -42,7 +56,7 @@ # TODO(evrardjp): Remove host_need_pip in the future # when the process building the repo is done before this step. - name: Configure containers default software, but don't run pip yet - hosts: "{{ container_group|default('all_containers') }}" + hosts: all_lxc_containers gather_facts: true user: root roles: diff --git a/playbooks/containers-lxc-destroy.yml b/playbooks/containers-lxc-destroy.yml index 2cbbaa0c34..5ebe594fcb 100644 --- a/playbooks/containers-lxc-destroy.yml +++ b/playbooks/containers-lxc-destroy.yml @@ -13,8 +13,22 @@ # See the License for the specific language governing permissions and # limitations under the License. +- name: Set lxc containers group + hosts: "{{ container_group | default('all_containers') }}" + gather_facts: false + tasks: + - name: Add hosts to dynamic inventory group + group_by: + key: lxc_containers + parents: all_lxc_containers + when: + - container_tech == 'lxc' + tags: + - always + - lxc-containers-create + - name: Destroy lxc containers - hosts: "{{ container_group|default('all_containers') }}" + hosts: all_lxc_containers gather_facts: false max_fail_percentage: 20 user: root diff --git a/playbooks/containers-nspawn-create.yml b/playbooks/containers-nspawn-create.yml new file mode 100644 index 0000000000..99b452d0c2 --- /dev/null +++ b/playbooks/containers-nspawn-create.yml @@ -0,0 +1,57 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather nspawn container host facts + hosts: "{{ nspawn_host_group | default('nspawn_hosts') }}" + gather_facts: true + +- name: Set nspawn containers group + hosts: "{{ container_group | default('all_containers') }}" + gather_facts: false + tasks: + - name: Add hosts to dynamic inventory group + group_by: + key: nspawn_containers + parents: all_nspawn_containers + when: + - container_tech == 'nspawn' + tags: + - always + - nspawn-containers-create + +- name: Create container(s) + hosts: all_nspawn_containers + gather_facts: false + user: root + roles: + - role: "nspawn_container_create" + environment: "{{ deployment_environment_variables | default({}) }}" + tags: + - nspawn-containers-create + +# TODO(evrardjp): Remove host_need_pip in the future +# when the process building the repo is done before this step. +- name: Configure containers default software, but don't run pip yet + hosts: all_nspawn_containers + gather_facts: true + user: root + roles: + - role: "openstack_hosts" + is_container: true + vars: + host_need_pip: False + environment: "{{ deployment_environment_variables | default({}) }}" + tags: + - nspawn-containers-create diff --git a/playbooks/containers-nspawn-destroy.yml b/playbooks/containers-nspawn-destroy.yml new file mode 100644 index 0000000000..fb4636f772 --- /dev/null +++ b/playbooks/containers-nspawn-destroy.yml @@ -0,0 +1,103 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Set nspawn containers group + hosts: "{{ container_group | default('all_containers') }}" + gather_facts: false + tasks: + - name: Add hosts to dynamic inventory group + group_by: + key: nspawn_containers + parents: all_nspawn_containers + when: + - container_tech == 'nspawn' + tags: + - always + - nspawn-containers-destroy + +- name: Destroy nspawn containers + hosts: all_nspawn_containers + gather_facts: false + max_fail_percentage: 20 + user: root + tasks: + - name: Get container status + command: machinectl status "{{ inventory_hostname }}" + register: machinectl_status + failed_when: false + delegate_to: "{{ physical_host }}" + + - name: Get container image status + command: machinectl image-status "{{ inventory_hostname }}" + register: machinectl_image_status + failed_when: false + delegate_to: "{{ physical_host }}" + + - name: Escape quote container name + command: "systemd-escape {{ inventory_hostname }}" + changed_when: false + register: systemd_escape + delegate_to: "{{ physical_host }}" + + - name: Disable container + systemd: + name: "systemd-nspawn@{{ systemd_escape.stdout }}" + state: stopped + enabled: false + failed_when: false + delegate_to: "{{ physical_host }}" + when: + - force_containers_destroy | bool + + - name: Halt container + command: "machinectl poweroff {{ inventory_hostname }}" + failed_when: false + delegate_to: "{{ physical_host }}" + when: + - machinectl_status.rc == 0 + - force_containers_destroy | bool + + - name: Remove container + command: "machinectl remove {{ inventory_hostname }}" + delegate_to: "{{ physical_host }}" + when: + - machinectl_image_status.rc == 0 + - force_containers_destroy | bool + + - name: Destroy container data + file: + path: "{{ item }}" + state: "absent" + with_items: + - "/openstack/{{ container_name }}" + - "/openstack/backup/{{ container_name }}" + - "/openstack/log/{{ container_name }}" + delegate_to: "{{ physical_host }}" + when: + - force_containers_destroy | bool + - force_containers_data_destroy | bool + vars_prompt: + - name: "force_containers_destroy" + prompt: "Are you sure you want to destroy the nspawn containers?" + default: "no" + private: no + when: force_containers_destroy is undefined + - name: "force_containers_data_destroy" + prompt: "Are you sure you want to destroy the nspawn container data?" + default: "no" + private: no + when: force_containers_data_destroy is undefined + tags: + - nspawn-containers-destroy diff --git a/playbooks/containers-nspawn-host.yml b/playbooks/containers-nspawn-host.yml new file mode 100644 index 0000000000..4631891a0f --- /dev/null +++ b/playbooks/containers-nspawn-host.yml @@ -0,0 +1,24 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Additional nspawn host setup + hosts: "{{ nspawn_host_group | default('nspawn_hosts') }}" + gather_facts: true + user: root + roles: + - role: "nspawn_host" + environment: "{{ deployment_environment_variables | default({}) }}" + tags: + - nspawn-hosts diff --git a/releasenotes/notes/add-nspawn-driver-ac2aa38f04a7505a.yaml b/releasenotes/notes/add-nspawn-driver-ac2aa38f04a7505a.yaml new file mode 100644 index 0000000000..3c080efd44 --- /dev/null +++ b/releasenotes/notes/add-nspawn-driver-ac2aa38f04a7505a.yaml @@ -0,0 +1,16 @@ +--- +features: + - Deployers can now set the ``container_tech`` to **nspawn** when deploying + OSA within containers. When making the decision to deploy container types + the deployer only needs to define the desired ``container_tech`` and + continue the deployment as normal. + - The addition of the ``container_tech`` option and the inclusion of + **nspawn** support deployers now have the availability to define a desired + containerization strategy globally or on specific hosts. + - When using the **nspawn** driver containers will connect to the system + bridges using a MACVLAN, more on this type of network setup can be seen + `here `_. + - When using the **nspawn** driver container networking is managed by + systemd-networkd both on the host and within the container. This gives us a + single interface to manage regardless of distro and allows systemd to + efficiently manage the resources. diff --git a/scripts/openstack-ansible.rc b/scripts/openstack-ansible.rc index 180bf249f3..20b8f7cf7c 100644 --- a/scripts/openstack-ansible.rc +++ b/scripts/openstack-ansible.rc @@ -47,6 +47,7 @@ export ANSIBLE_HOST_KEY_CHECKING="${ANSIBLE_HOST_KEY_CHECKING:-False}" export ANSIBLE_TIMEOUT="${ANSIBLE_TIMEOUT:-5}" export ANSIBLE_TRANSPORT="${ANSIBLE_TRANSPORT:-ssh}" export ANSIBLE_SSH_PIPELINING="${ANSIBLE_SSH_PIPELINING:-True}" +export ANSIBLE_SSH_RETRIES="${ANSIBLE_SSH_RETRIES:-3}" export ANSIBLE_PIPELINING="${ANSIBLE_SSH_PIPELINING}" export ANSIBLE_STRATEGY_PLUGINS="${ANSIBLE_STRATEGY_PLUGINS:-/etc/ansible/roles/plugins/strategy}" diff --git a/scripts/scripts-library.sh b/scripts/scripts-library.sh index c88178707a..a92fe06192 100755 --- a/scripts/scripts-library.sh +++ b/scripts/scripts-library.sh @@ -261,6 +261,20 @@ function get_instance_info { lxc-checkconfig > \ "/openstack/log/instance-info/host_lxc_config_info_${TS}.log" || true fi + if [ "$(which machinectl)" ]; then + machinectl list > \ + "/openstack/log/instance-info/host_nspawn_container_info_${TS}.log" || true + machinectl list-images > \ + "/openstack/log/instance-info/host_nspawn_container_image_info_${TS}.log" || true + fi + if [ "$(which networkctl)" ]; then + networkctl list > \ + "/openstack/log/instance-info/host_netowrkd_list_${TS}.log" || true + networkctl status >> \ + "/openstack/log/instance-info/host_netowrkd_status_${TS}.log" || true + networkctl lldp >> \ + "/openstack/log/instance-info/host_netowrkd_lldp_${TS}.log" || true + fi (iptables -vnL && iptables -t nat -vnL && iptables -t mangle -vnL) > \ "/openstack/log/instance-info/host_firewall_info_${TS}.log" || true if [ "$(which ansible)" ]; then @@ -271,6 +285,14 @@ function get_instance_info { get_repos_info > \ "/openstack/log/instance-info/host_repo_info_${TS}.log" || true + for i in nspawn-macvlan.service nspawn-networking.slice nspawn.slice; do + systemctl status ${i} > "/openstack/log/instance-info/${i}_${TS}.log" || true + journalctl -u ${i} >> "/openstack/log/instance-info/${i}_${TS}.log" || true + done + + ip route get 1 > "/openstack/log/instance-info/routes_${TS}.log" || true + ip link show > "/openstack/log/instance-info/links_${TS}.log" || true + determine_distro case ${DISTRO_ID} in centos|rhel|fedora|opensuse) diff --git a/tests/roles/bootstrap-host/defaults/main.yml b/tests/roles/bootstrap-host/defaults/main.yml index d29a10d568..7ae79efa0c 100644 --- a/tests/roles/bootstrap-host/defaults/main.yml +++ b/tests/roles/bootstrap-host/defaults/main.yml @@ -194,9 +194,6 @@ bridge_iptables_rules: | up /sbin/iptables -t nat -A POSTROUTING -o {{ bootstrap_host_public_interface }} -j MASQUERADE down /sbin/iptables -t nat -D POSTROUTING -o {{ bootstrap_host_public_interface }} -j MASQUERADE -# Set the container technology in service. Options are lxc. -container_tech: "lxc" - ## Extra storage # An AIO may optionally be built using a second storage device. If a # secondary disk device to use is not specified, then the AIO will be @@ -239,3 +236,6 @@ bootstrap_host_apt_components: # By default the address will be set to the ipv4 address of the # host's network interface that has the default route on it. #bootstrap_host_public_address: 0.0.0.0 + +# Set the container technology in service. Options are nspawn and lxc. +container_tech: "{{ ('nspawn' in bootstrap_host_scenario) | ternary('nspawn', 'lxc') }}" diff --git a/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2 b/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2 index f09d447614..dcd58f3366 100644 --- a/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2 +++ b/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2 @@ -204,6 +204,3 @@ nova_service_negate: {% if _pypi_mirror is defined and _pypi_mirror.stdout is defined %} repo_nginx_pypi_upstream: "{{ _pypi_mirror.stdout | netloc }}" {% endif %} - -# Set the container tech. Options are "lxc" -container_tech: "{{ container_tech }}" diff --git a/tests/test_inventory.py b/tests/test_inventory.py index 7037820e70..29b3e908e6 100644 --- a/tests/test_inventory.py +++ b/tests/test_inventory.py @@ -265,6 +265,7 @@ class TestAnsibleInventoryFormatConstraints(unittest.TestCase): 'mano_all', 'mano_containers', 'mano_hosts', + 'nspawn_hosts', 'octavia-infra_hosts', 'octavia_all', 'octavia-api', diff --git a/tests/vars/bootstrap-aio-vars.yml b/tests/vars/bootstrap-aio-vars.yml index cd4c4facdd..0b077e6789 100644 --- a/tests/vars/bootstrap-aio-vars.yml +++ b/tests/vars/bootstrap-aio-vars.yml @@ -33,6 +33,17 @@ confd_overrides: - name: neutron.yml.aio - name: nova.yml.aio - name: swift.yml.aio + aio_nspawn: + - name: haproxy.yml.aio + - name: cinder.yml.aio + - name: designate.yml.aio + - name: glance.yml.aio + - name: heat.yml.aio + - name: horizon.yml.aio + - name: keystone.yml.aio + - name: neutron.yml.aio + - name: nova.yml.aio + - name: swift.yml.aio ceph: - name: haproxy.yml.aio - name: ceph.yml.aio diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 5603efda75..14a5226ea0 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -79,6 +79,13 @@ action: upgrade scenario: aio +- job: + name: openstack-ansible-deploy-aio_nspawn-ubuntu-xenial + parent: openstack-ansible-deploy-aio_lxc-ubuntu-xenial + voting: false + vars: + scenario: aio_nspawn + - job: name: openstack-ansible-upgrade-ceph-ubuntu-xenial parent: openstack-ansible-deploy-aio_lxc-ubuntu-xenial @@ -123,6 +130,12 @@ action: upgrade scenario: aio +- job: + name: openstack-ansible-deploy-aio_nspawn-centos-7 + parent: openstack-ansible-deploy-aio_lxc-centos-7 + vars: + scenario: aio_nspawn + - job: name: openstack-ansible-upgrade-ceph-centos-7 parent: openstack-ansible-deploy-aio_lxc-centos-7 @@ -153,6 +166,12 @@ action: upgrade scenario: aio +- job: + name: openstack-ansible-deploy-aio_nspawn-opensuse-423 + parent: openstack-ansible-deploy-aio_lxc-opensuse-423 + vars: + scenario: aio_nspawn + # NOTE(cloudnull): META JOB MAP # In order to cater for the possibility that an external job was dependent on the old job name diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index fc3f8c5075..6c4f016126 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -24,10 +24,12 @@ - openstack-ansible-deploy-ceph-ubuntu-xenial - openstack-ansible-deploy-ceph-opensuse-423 - openstack-ansible-deploy-aio_metal-ubuntu-xenial + - openstack-ansible-deploy-aio_nspawn-ubuntu-xenial experimental: jobs: - openstack-ansible-deploy-octavia-ubuntu-xenial - openstack-ansible-deploy_with_ansible_devel-aio-ubuntu-xenial + - openstack-ansible-deploy-aio_nspawn-centos-7 gate: jobs: - openstack-ansible-linters