From fd9cda8df9b9f9e286624237d0fff639b5dc38e9 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Fri, 24 Nov 2017 21:18:53 -0600 Subject: [PATCH] Add nspawn container driver This change adds an nspawn container driver which will enable deployers to run clouds with systemd-nspawn instead of LXC. This adds "nspawn" to as an option to the `container_tech` variable. To support this change, The inventory generation tools have been updated to allow for a new group named `nspawn_hosts`. All of the container connectivity and setup are stored within the integrated repo under the new templates directory. The addition of "nspawn" container driver enables the ability for deployers to change, or mix container technologies within a single deployment without needing to change our well defined network topology or storage layout. Depends-On: I13d05ba8bcfe785257a9cf98dbdb6024ec937816 Change-Id: I41cfec63c423cd56a91c25dabae9aa1031c27e03 Signed-off-by: Kevin Carter --- ansible-role-requirements.yml | 11 ++ .../openstack_user_config.yml.aio.j2 | 3 + .../openstack_user_config.yml.example | 32 ++++- .../openstack_user_config.yml.prod.example | 6 + inventory/group_vars/all/all.yml | 3 +- inventory/group_vars/all_containers.yml | 1 - osa_toolkit/generate.py | 41 ++++-- .../os-nspawn-container-setup.yml | 134 ++++++++++++++++++ playbooks/containers-deploy.yml | 6 +- playbooks/containers-lxc-create.yml | 20 ++- playbooks/containers-lxc-destroy.yml | 16 ++- playbooks/containers-nspawn-create.yml | 57 ++++++++ playbooks/containers-nspawn-destroy.yml | 103 ++++++++++++++ playbooks/containers-nspawn-host.yml | 24 ++++ .../add-nspawn-driver-ac2aa38f04a7505a.yaml | 16 +++ scripts/openstack-ansible.rc | 1 + scripts/scripts-library.sh | 22 +++ tests/roles/bootstrap-host/defaults/main.yml | 6 +- .../templates/user_variables.aio.yml.j2 | 3 - tests/test_inventory.py | 1 + tests/vars/bootstrap-aio-vars.yml | 11 ++ zuul.d/jobs.yaml | 19 +++ zuul.d/project.yaml | 2 + 23 files changed, 513 insertions(+), 25 deletions(-) create mode 100644 playbooks/common-tasks/os-nspawn-container-setup.yml create mode 100644 playbooks/containers-nspawn-create.yml create mode 100644 playbooks/containers-nspawn-destroy.yml create mode 100644 playbooks/containers-nspawn-host.yml create mode 100644 releasenotes/notes/add-nspawn-driver-ac2aa38f04a7505a.yaml diff --git a/ansible-role-requirements.yml b/ansible-role-requirements.yml index aee9864291..7723310629 100644 --- a/ansible-role-requirements.yml +++ b/ansible-role-requirements.yml @@ -194,3 +194,14 @@ scm: git src: https://github.com/logan2211/ansible-haproxy-endpoints version: 49901861b16b8afaa9bccdbc649ac956610ff22b + +# Once the initial commit for nspawn has been merged we can work on porting +# these roles over into the openstack-ansible namspace. +- name: nspawn_container_create + src: https://github.com/cloudnull/ansible-nspawn_container_create + scm: git + version: master +- name: nspawn_host + src: https://github.com/cloudnull/ansible-nspawn_host + scm: git + version: master diff --git a/etc/openstack_deploy/openstack_user_config.yml.aio.j2 b/etc/openstack_deploy/openstack_user_config.yml.aio.j2 index 4edfc671fc..bd4f5b7fb9 100644 --- a/etc/openstack_deploy/openstack_user_config.yml.aio.j2 +++ b/etc/openstack_deploy/openstack_user_config.yml.aio.j2 @@ -120,6 +120,9 @@ global_overrides: shared-infra_hosts: aio1: ip: 172.29.236.100 + container_vars: + # Optional | container_tech for a target host, default is "lxc". + container_tech: "{{ container_tech }}" repo-infra_hosts: aio1: diff --git a/etc/openstack_deploy/openstack_user_config.yml.example b/etc/openstack_deploy/openstack_user_config.yml.example index c56fc4767b..d50d6e242b 100644 --- a/etc/openstack_deploy/openstack_user_config.yml.example +++ b/etc/openstack_deploy/openstack_user_config.yml.example @@ -325,6 +325,37 @@ # infra3: # ip: 172.29.236.103 # +# List of target hosts on which to deploy shared infrastructure services +# and define the the container_tech for a specific infra node. If this setting +# is omitted the inventory generation system will default to "lxc". Accpetable +# options are "lxc" and "nspawn". +# +# Level: (required, string) +# Hostname of a target host. +# +# Option: ip (required, string) +# IP address of this target host, typically the IP address assigned to +# the management bridge. +# +# Level: container_vars (required) +# Contains storage options for this target host. +# +# Example: +# +# Define three shared infrastructure hosts with different "container_tech": +# +# shared-infra_hosts: +# infra1: +# ip: 172.29.236.101 +# container_vars: +# container_tech: nspawn +# infra2: +# ip: 172.29.236.102 +# container_vars: +# container_tech: lxc +# infra3: +# ip: 172.29.236.103 +# # -------- # # Level: repo-infra_hosts (required) @@ -764,4 +795,3 @@ # address is ``193.0.14.129``. To change this default, # set the ``keepalived_ping_address`` variable in the # ``user_variables.yml`` file. - diff --git a/etc/openstack_deploy/openstack_user_config.yml.prod.example b/etc/openstack_deploy/openstack_user_config.yml.prod.example index 14b9df81a0..a49ea6ee20 100644 --- a/etc/openstack_deploy/openstack_user_config.yml.prod.example +++ b/etc/openstack_deploy/openstack_user_config.yml.prod.example @@ -81,8 +81,14 @@ global_overrides: shared-infra_hosts: infra1: ip: 172.29.236.11 + container_vars: + # Optional | Example setting the container_tech for a target host. + container_tech: lxc infra2: ip: 172.29.236.12 + container_vars: + # Optional | Example setting the container_tech for a target host. + container_tech: nspawn infra3: ip: 172.29.236.13 diff --git a/inventory/group_vars/all/all.yml b/inventory/group_vars/all/all.yml index 67a8772614..0cbf871efe 100644 --- a/inventory/group_vars/all/all.yml +++ b/inventory/group_vars/all/all.yml @@ -66,7 +66,8 @@ service_region: RegionOne ## OpenStack Domain openstack_domain: openstack.local -lxc_container_domain: "{{ openstack_domain }}" +lxc_container_domain: "{{ container_domain }}" +container_domain: "{{ openstack_domain }}" ## DHCP Domain Name dhcp_domain: openstacklocal diff --git a/inventory/group_vars/all_containers.yml b/inventory/group_vars/all_containers.yml index e158d7b0d7..c7a3a82e20 100644 --- a/inventory/group_vars/all_containers.yml +++ b/inventory/group_vars/all_containers.yml @@ -28,4 +28,3 @@ lxc_container_wait_params: delay: 3 # Wait 60 seconds for the container to respond timeout: 60 - diff --git a/osa_toolkit/generate.py b/osa_toolkit/generate.py index 7adcca90a8..0a4171716f 100755 --- a/osa_toolkit/generate.py +++ b/osa_toolkit/generate.py @@ -114,8 +114,9 @@ class MissingStaticRouteInfo(Exception): class LxcHostsDefined(Exception): def __init__(self): - self.message = ("The group 'lxc_hosts' must not be defined in config;" - " it will be dynamically generated.") + self.message = ("The group 'lxc_hosts' or 'nspawn_hosts' must not" + " be defined in config; it will be dynamically " + " generated.") def __str__(self): return self.message @@ -754,9 +755,10 @@ def populate_lxc_hosts(inventory): :param inventory: The dictionary containing the Ansible inventory """ - host_nodes = _find_lxc_hosts(inventory) - inventory['lxc_hosts'] = {'hosts': host_nodes} - logger.debug("Created lxc_hosts group.") + lxc_host_nodes, nspawn_host_nodes = _find_lxc_hosts(inventory) + inventory['nspawn_hosts'] = {'hosts': nspawn_host_nodes} + inventory['lxc_hosts'] = {'hosts': lxc_host_nodes} + logger.debug("Created lxc_hosts and nspawn_hosts group.") def _find_lxc_hosts(inventory): @@ -773,16 +775,33 @@ def _find_lxc_hosts(inventory): :returns: List of hostnames that are LXC hosts :rtype: list """ - host_nodes = [] + lxc_host_nodes = [] + nspawn_host_nodes = [] for host, hostvars in inventory['_meta']['hostvars'].items(): physical_host = hostvars.get('physical_host', None) + container_tech = hostvars.get('container_tech', 'lxc') + hostvars['container_tech'] = container_tech # We want this node's "parent", so append the physical host if not host == physical_host: - appended = du.append_if(array=host_nodes, item=physical_host) + if container_tech == 'lxc': + appended = du.append_if( + array=lxc_host_nodes, + item=physical_host + ) + elif container_tech == 'nspawn': + appended = du.append_if( + array=nspawn_host_nodes, + item=physical_host + ) + else: + appended = None + if appended: - logger.debug("%s added to lxc_hosts group", physical_host) - return host_nodes + logger.debug("%s added to lxc_hosts and nspawn_hosts group", + physical_host) + + return lxc_host_nodes, nspawn_host_nodes def _ensure_inventory_uptodate(inventory, container_skel): @@ -908,7 +927,9 @@ def _check_multiple_ips_to_host(config): def _check_lxc_hosts(config): if 'lxc_hosts' in config.keys(): raise LxcHostsDefined() - logger.debug("lxc_hosts group not defined") + elif 'nspawn_hosts' in config.keys(): + raise LxcHostsDefined() + logger.debug("lxc_hosts or nspawn_hosts group not defined") def _check_group_branches(config, physical_skel): diff --git a/playbooks/common-tasks/os-nspawn-container-setup.yml b/playbooks/common-tasks/os-nspawn-container-setup.yml new file mode 100644 index 0000000000..790a4c87c6 --- /dev/null +++ b/playbooks/common-tasks/os-nspawn-container-setup.yml @@ -0,0 +1,134 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Pull systemd version + command: "systemctl --version" + changed_when: false + register: systemd_version + delegate_to: "{{ physical_host }}" + tags: + - skip_ansible_lint + - always + +- name: Set facts + set_fact: + nspawn_systemd_version: "{{ systemd_version.stdout_lines[0].split()[-1] }}" + tags: + - always + +- name: Escape quote container name + command: "systemd-escape {{ inventory_hostname }}" + changed_when: false + register: systemd_escape + delegate_to: "{{ physical_host }}" + tags: + - skip_ansible_lint + - always + +- name: Ensure mount directories exists (container) + file: + path: "{{ item['mount_path'] }}" + state: "directory" + with_items: + - "{{ list_of_bind_mounts | default([]) }}" + delegate_to: "{{ physical_host }}" + when: + - not is_metal | bool + tags: + - common-nspawn + +- name: Ensure mount directories exists (physical host) + file: + path: "{{ item['bind_dir_path'] }}" + state: "directory" + with_items: + - "{{ list_of_bind_mounts | default([]) }}" + when: + - not is_metal | bool + tags: + - common-nspawn + +- name: Create container bind mount config + lineinfile: + dest: "/etc/systemd/nspawn/{{ inventory_hostname }}.nspawn" + line: "Bind={{ item['mount_path'] }}:{{ item['bind_dir_path'] }}" + insertafter: "^Bind" + backup: "true" + with_items: + - "{{ list_of_bind_mounts | default([]) }}" + delegate_to: "{{ physical_host }}" + register: _ec + when: + - not is_metal | bool + - nspawn_systemd_version | int > 219 + tags: + - common-nspawn + +- name: Create container bind mount config (old) + block: + - name: Get ExecStart from config + shell: >- + grep -w '^ExecStart=/usr/bin/systemd-nspawn' + /etc/systemd/system/systemd-nspawn@$(/usr/bin/systemd-escape {{ inventory_hostname }}).service + delegate_to: "{{ physical_host }}" + register: _ec_old_start + changed_when: false + + - name: set flag fact + set_fact: + nspawn_flags: "{{ _ec_old_start.stdout.split('ExecStart=/usr/bin/systemd-nspawn')[-1] }}" + nspawn_extra_flags: "{% for item in list_of_bind_mounts %} --bind={{ item['mount_path'] }}:{{ item['bind_dir_path'] }}{% endfor %}" + + - name: set flag list + set_fact: + nspawn_flag_list: "{{ nspawn_flags.split() | union(nspawn_extra_flags.split()) | unique }}" + + - name: Add line in container start config + lineinfile: + dest: "/etc/systemd/system/systemd-nspawn@{{ systemd_escape.stdout }}.service" + line: "ExecStart=/usr/bin/systemd-nspawn {{ nspawn_flag_list | join(' ') }}" + regexp: "^ExecStart" + backup: "true" + delegate_to: "{{ physical_host }}" + register: _ec + when: + - not is_metal | bool + - list_of_bind_mounts | default([]) + - nspawn_systemd_version | int < 220 + tags: + - common-nspawn + +- name: Restart container + systemd: + name: "systemd-nspawn@{{ systemd_escape.stdout }}" + state: restarted + register: _container_restart + until: _container_restart | success + retries: 3 + delay: 5 + delegate_to: "{{ physical_host }}" + when: + - _ec | changed + tags: + - common-nspawn + +- name: Wait for container connectivity + wait_for_connection: + delay: 3 + timeout: 60 + when: + - _container_restart | changed + tags: + - common-nspawn diff --git a/playbooks/containers-deploy.yml b/playbooks/containers-deploy.yml index a18fed638c..5adaecf6cf 100644 --- a/playbooks/containers-deploy.yml +++ b/playbooks/containers-deploy.yml @@ -13,5 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -- include: "containers-{{ container_tech | default('lxc') }}-host.yml" -- include: "containers-{{ container_tech | default('lxc') }}-create.yml" +- include: "containers-lxc-host.yml" +- include: "containers-lxc-create.yml" +- include: "containers-nspawn-host.yml" +- include: "containers-nspawn-create.yml" diff --git a/playbooks/containers-lxc-create.yml b/playbooks/containers-lxc-create.yml index 9b7ae59527..ab04220334 100644 --- a/playbooks/containers-lxc-create.yml +++ b/playbooks/containers-lxc-create.yml @@ -14,11 +14,25 @@ # limitations under the License. - name: Gather lxc container host facts - hosts: "{{ lxc_host_group | default('lxc_hosts')}}" + hosts: "{{ lxc_host_group | default('lxc_hosts') }}" gather_facts: "{{ osa_gather_facts | default(True) }}" +- name: Set lxc containers group + hosts: "{{ container_group | default('all_containers') }}" + gather_facts: false + tasks: + - name: Add hosts to dynamic inventory group + group_by: + key: lxc_containers + parents: all_lxc_containers + when: + - container_tech == 'lxc' + tags: + - always + - lxc-containers-create + - name: Create container(s) - hosts: "{{ container_group|default('all_containers') }}" + hosts: all_lxc_containers gather_facts: false max_fail_percentage: 20 user: root @@ -42,7 +56,7 @@ # TODO(evrardjp): Remove host_need_pip in the future # when the process building the repo is done before this step. - name: Configure containers default software, but don't run pip yet - hosts: "{{ container_group|default('all_containers') }}" + hosts: all_lxc_containers gather_facts: true user: root roles: diff --git a/playbooks/containers-lxc-destroy.yml b/playbooks/containers-lxc-destroy.yml index 2cbbaa0c34..5ebe594fcb 100644 --- a/playbooks/containers-lxc-destroy.yml +++ b/playbooks/containers-lxc-destroy.yml @@ -13,8 +13,22 @@ # See the License for the specific language governing permissions and # limitations under the License. +- name: Set lxc containers group + hosts: "{{ container_group | default('all_containers') }}" + gather_facts: false + tasks: + - name: Add hosts to dynamic inventory group + group_by: + key: lxc_containers + parents: all_lxc_containers + when: + - container_tech == 'lxc' + tags: + - always + - lxc-containers-create + - name: Destroy lxc containers - hosts: "{{ container_group|default('all_containers') }}" + hosts: all_lxc_containers gather_facts: false max_fail_percentage: 20 user: root diff --git a/playbooks/containers-nspawn-create.yml b/playbooks/containers-nspawn-create.yml new file mode 100644 index 0000000000..99b452d0c2 --- /dev/null +++ b/playbooks/containers-nspawn-create.yml @@ -0,0 +1,57 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather nspawn container host facts + hosts: "{{ nspawn_host_group | default('nspawn_hosts') }}" + gather_facts: true + +- name: Set nspawn containers group + hosts: "{{ container_group | default('all_containers') }}" + gather_facts: false + tasks: + - name: Add hosts to dynamic inventory group + group_by: + key: nspawn_containers + parents: all_nspawn_containers + when: + - container_tech == 'nspawn' + tags: + - always + - nspawn-containers-create + +- name: Create container(s) + hosts: all_nspawn_containers + gather_facts: false + user: root + roles: + - role: "nspawn_container_create" + environment: "{{ deployment_environment_variables | default({}) }}" + tags: + - nspawn-containers-create + +# TODO(evrardjp): Remove host_need_pip in the future +# when the process building the repo is done before this step. +- name: Configure containers default software, but don't run pip yet + hosts: all_nspawn_containers + gather_facts: true + user: root + roles: + - role: "openstack_hosts" + is_container: true + vars: + host_need_pip: False + environment: "{{ deployment_environment_variables | default({}) }}" + tags: + - nspawn-containers-create diff --git a/playbooks/containers-nspawn-destroy.yml b/playbooks/containers-nspawn-destroy.yml new file mode 100644 index 0000000000..fb4636f772 --- /dev/null +++ b/playbooks/containers-nspawn-destroy.yml @@ -0,0 +1,103 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Set nspawn containers group + hosts: "{{ container_group | default('all_containers') }}" + gather_facts: false + tasks: + - name: Add hosts to dynamic inventory group + group_by: + key: nspawn_containers + parents: all_nspawn_containers + when: + - container_tech == 'nspawn' + tags: + - always + - nspawn-containers-destroy + +- name: Destroy nspawn containers + hosts: all_nspawn_containers + gather_facts: false + max_fail_percentage: 20 + user: root + tasks: + - name: Get container status + command: machinectl status "{{ inventory_hostname }}" + register: machinectl_status + failed_when: false + delegate_to: "{{ physical_host }}" + + - name: Get container image status + command: machinectl image-status "{{ inventory_hostname }}" + register: machinectl_image_status + failed_when: false + delegate_to: "{{ physical_host }}" + + - name: Escape quote container name + command: "systemd-escape {{ inventory_hostname }}" + changed_when: false + register: systemd_escape + delegate_to: "{{ physical_host }}" + + - name: Disable container + systemd: + name: "systemd-nspawn@{{ systemd_escape.stdout }}" + state: stopped + enabled: false + failed_when: false + delegate_to: "{{ physical_host }}" + when: + - force_containers_destroy | bool + + - name: Halt container + command: "machinectl poweroff {{ inventory_hostname }}" + failed_when: false + delegate_to: "{{ physical_host }}" + when: + - machinectl_status.rc == 0 + - force_containers_destroy | bool + + - name: Remove container + command: "machinectl remove {{ inventory_hostname }}" + delegate_to: "{{ physical_host }}" + when: + - machinectl_image_status.rc == 0 + - force_containers_destroy | bool + + - name: Destroy container data + file: + path: "{{ item }}" + state: "absent" + with_items: + - "/openstack/{{ container_name }}" + - "/openstack/backup/{{ container_name }}" + - "/openstack/log/{{ container_name }}" + delegate_to: "{{ physical_host }}" + when: + - force_containers_destroy | bool + - force_containers_data_destroy | bool + vars_prompt: + - name: "force_containers_destroy" + prompt: "Are you sure you want to destroy the nspawn containers?" + default: "no" + private: no + when: force_containers_destroy is undefined + - name: "force_containers_data_destroy" + prompt: "Are you sure you want to destroy the nspawn container data?" + default: "no" + private: no + when: force_containers_data_destroy is undefined + tags: + - nspawn-containers-destroy diff --git a/playbooks/containers-nspawn-host.yml b/playbooks/containers-nspawn-host.yml new file mode 100644 index 0000000000..4631891a0f --- /dev/null +++ b/playbooks/containers-nspawn-host.yml @@ -0,0 +1,24 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Additional nspawn host setup + hosts: "{{ nspawn_host_group | default('nspawn_hosts') }}" + gather_facts: true + user: root + roles: + - role: "nspawn_host" + environment: "{{ deployment_environment_variables | default({}) }}" + tags: + - nspawn-hosts diff --git a/releasenotes/notes/add-nspawn-driver-ac2aa38f04a7505a.yaml b/releasenotes/notes/add-nspawn-driver-ac2aa38f04a7505a.yaml new file mode 100644 index 0000000000..3c080efd44 --- /dev/null +++ b/releasenotes/notes/add-nspawn-driver-ac2aa38f04a7505a.yaml @@ -0,0 +1,16 @@ +--- +features: + - Deployers can now set the ``container_tech`` to **nspawn** when deploying + OSA within containers. When making the decision to deploy container types + the deployer only needs to define the desired ``container_tech`` and + continue the deployment as normal. + - The addition of the ``container_tech`` option and the inclusion of + **nspawn** support deployers now have the availability to define a desired + containerization strategy globally or on specific hosts. + - When using the **nspawn** driver containers will connect to the system + bridges using a MACVLAN, more on this type of network setup can be seen + `here `_. + - When using the **nspawn** driver container networking is managed by + systemd-networkd both on the host and within the container. This gives us a + single interface to manage regardless of distro and allows systemd to + efficiently manage the resources. diff --git a/scripts/openstack-ansible.rc b/scripts/openstack-ansible.rc index 180bf249f3..20b8f7cf7c 100644 --- a/scripts/openstack-ansible.rc +++ b/scripts/openstack-ansible.rc @@ -47,6 +47,7 @@ export ANSIBLE_HOST_KEY_CHECKING="${ANSIBLE_HOST_KEY_CHECKING:-False}" export ANSIBLE_TIMEOUT="${ANSIBLE_TIMEOUT:-5}" export ANSIBLE_TRANSPORT="${ANSIBLE_TRANSPORT:-ssh}" export ANSIBLE_SSH_PIPELINING="${ANSIBLE_SSH_PIPELINING:-True}" +export ANSIBLE_SSH_RETRIES="${ANSIBLE_SSH_RETRIES:-3}" export ANSIBLE_PIPELINING="${ANSIBLE_SSH_PIPELINING}" export ANSIBLE_STRATEGY_PLUGINS="${ANSIBLE_STRATEGY_PLUGINS:-/etc/ansible/roles/plugins/strategy}" diff --git a/scripts/scripts-library.sh b/scripts/scripts-library.sh index c88178707a..a92fe06192 100755 --- a/scripts/scripts-library.sh +++ b/scripts/scripts-library.sh @@ -261,6 +261,20 @@ function get_instance_info { lxc-checkconfig > \ "/openstack/log/instance-info/host_lxc_config_info_${TS}.log" || true fi + if [ "$(which machinectl)" ]; then + machinectl list > \ + "/openstack/log/instance-info/host_nspawn_container_info_${TS}.log" || true + machinectl list-images > \ + "/openstack/log/instance-info/host_nspawn_container_image_info_${TS}.log" || true + fi + if [ "$(which networkctl)" ]; then + networkctl list > \ + "/openstack/log/instance-info/host_netowrkd_list_${TS}.log" || true + networkctl status >> \ + "/openstack/log/instance-info/host_netowrkd_status_${TS}.log" || true + networkctl lldp >> \ + "/openstack/log/instance-info/host_netowrkd_lldp_${TS}.log" || true + fi (iptables -vnL && iptables -t nat -vnL && iptables -t mangle -vnL) > \ "/openstack/log/instance-info/host_firewall_info_${TS}.log" || true if [ "$(which ansible)" ]; then @@ -271,6 +285,14 @@ function get_instance_info { get_repos_info > \ "/openstack/log/instance-info/host_repo_info_${TS}.log" || true + for i in nspawn-macvlan.service nspawn-networking.slice nspawn.slice; do + systemctl status ${i} > "/openstack/log/instance-info/${i}_${TS}.log" || true + journalctl -u ${i} >> "/openstack/log/instance-info/${i}_${TS}.log" || true + done + + ip route get 1 > "/openstack/log/instance-info/routes_${TS}.log" || true + ip link show > "/openstack/log/instance-info/links_${TS}.log" || true + determine_distro case ${DISTRO_ID} in centos|rhel|fedora|opensuse) diff --git a/tests/roles/bootstrap-host/defaults/main.yml b/tests/roles/bootstrap-host/defaults/main.yml index d29a10d568..7ae79efa0c 100644 --- a/tests/roles/bootstrap-host/defaults/main.yml +++ b/tests/roles/bootstrap-host/defaults/main.yml @@ -194,9 +194,6 @@ bridge_iptables_rules: | up /sbin/iptables -t nat -A POSTROUTING -o {{ bootstrap_host_public_interface }} -j MASQUERADE down /sbin/iptables -t nat -D POSTROUTING -o {{ bootstrap_host_public_interface }} -j MASQUERADE -# Set the container technology in service. Options are lxc. -container_tech: "lxc" - ## Extra storage # An AIO may optionally be built using a second storage device. If a # secondary disk device to use is not specified, then the AIO will be @@ -239,3 +236,6 @@ bootstrap_host_apt_components: # By default the address will be set to the ipv4 address of the # host's network interface that has the default route on it. #bootstrap_host_public_address: 0.0.0.0 + +# Set the container technology in service. Options are nspawn and lxc. +container_tech: "{{ ('nspawn' in bootstrap_host_scenario) | ternary('nspawn', 'lxc') }}" diff --git a/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2 b/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2 index f09d447614..dcd58f3366 100644 --- a/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2 +++ b/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2 @@ -204,6 +204,3 @@ nova_service_negate: {% if _pypi_mirror is defined and _pypi_mirror.stdout is defined %} repo_nginx_pypi_upstream: "{{ _pypi_mirror.stdout | netloc }}" {% endif %} - -# Set the container tech. Options are "lxc" -container_tech: "{{ container_tech }}" diff --git a/tests/test_inventory.py b/tests/test_inventory.py index d6229914c2..c5bdbc6bec 100644 --- a/tests/test_inventory.py +++ b/tests/test_inventory.py @@ -266,6 +266,7 @@ class TestAnsibleInventoryFormatConstraints(unittest.TestCase): 'mano_all', 'mano_containers', 'mano_hosts', + 'nspawn_hosts', 'octavia-infra_hosts', 'octavia_all', 'octavia-api', diff --git a/tests/vars/bootstrap-aio-vars.yml b/tests/vars/bootstrap-aio-vars.yml index cd4c4facdd..0b077e6789 100644 --- a/tests/vars/bootstrap-aio-vars.yml +++ b/tests/vars/bootstrap-aio-vars.yml @@ -33,6 +33,17 @@ confd_overrides: - name: neutron.yml.aio - name: nova.yml.aio - name: swift.yml.aio + aio_nspawn: + - name: haproxy.yml.aio + - name: cinder.yml.aio + - name: designate.yml.aio + - name: glance.yml.aio + - name: heat.yml.aio + - name: horizon.yml.aio + - name: keystone.yml.aio + - name: neutron.yml.aio + - name: nova.yml.aio + - name: swift.yml.aio ceph: - name: haproxy.yml.aio - name: ceph.yml.aio diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index d1eefb48a0..0209b0f3a8 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -83,6 +83,13 @@ action: upgrade scenario: aio +- job: + name: openstack-ansible-deploy-aio_nspawn-ubuntu-xenial + parent: openstack-ansible-deploy-aio_lxc-ubuntu-xenial + voting: false + vars: + scenario: aio_nspawn + - job: name: openstack-ansible-upgrade-ceph-ubuntu-xenial parent: openstack-ansible-deploy-aio_lxc-ubuntu-xenial @@ -127,6 +134,12 @@ action: upgrade scenario: aio +- job: + name: openstack-ansible-deploy-aio_nspawn-centos-7 + parent: openstack-ansible-deploy-aio_lxc-centos-7 + vars: + scenario: aio_nspawn + - job: name: openstack-ansible-upgrade-ceph-centos-7 parent: openstack-ansible-deploy-aio_lxc-centos-7 @@ -157,6 +170,12 @@ action: upgrade scenario: aio +- job: + name: openstack-ansible-deploy-aio_nspawn-opensuse-423 + parent: openstack-ansible-deploy-aio_lxc-opensuse-423 + vars: + scenario: aio_nspawn + # NOTE(cloudnull): META JOB MAP # In order to cater for the possibility that an external job was dependent on the old job name diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 42ccd44124..61df9ba832 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -24,10 +24,12 @@ - openstack-ansible-deploy-ceph-ubuntu-xenial - openstack-ansible-deploy-ceph-opensuse-423 - openstack-ansible-deploy-aio_metal-ubuntu-xenial + - openstack-ansible-deploy-aio_nspawn-ubuntu-xenial experimental: jobs: - openstack-ansible-deploy-octavia-ubuntu-xenial - openstack-ansible-deploy_with_ansible_devel-aio-ubuntu-xenial + - openstack-ansible-deploy-aio_nspawn-centos-7 gate: jobs: - openstack-ansible-linters