From fea671ec1692617d0c64c8b3d27df530bf58c004 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Fri, 28 Nov 2014 12:19:16 -0600 Subject: [PATCH] Changed the container interaction process This changes the way that containers are interacted with. With this change, container actions are deletgated to the host instead of looping through the hacky mess that we were doing. This change will make it so that the entire container process is faster. This also removes the needs for the "/openstack/monitoring" directory which was held over cruft from long ago. This should address the race condition when delegating to a host and the monitoring directory attempts to be created at the same time on the same host. Closes-Bug: #1399427 Change-Id: Ifaa0fa5719f79180610b4a63d590ca8bc681f87d --- rpc_deployment/library/lxc | 2 +- .../playbooks/setup/containers-setup.yml | 10 +- .../playbooks/setup/destroy-containers.yml | 6 +- .../roles/container_create/tasks/main.yml | 2 +- .../roles/container_destroy/tasks/main.yml | 5 +- .../roles/container_restart/tasks/main.yml | 2 +- .../container_setup/tasks/container_setup.yml | 139 ++++++------------ .../roles/container_setup/tasks/main.yml | 2 +- .../vars/config_vars/container_interfaces.yml | 15 +- 9 files changed, 60 insertions(+), 123 deletions(-) diff --git a/rpc_deployment/library/lxc b/rpc_deployment/library/lxc index e455da1486..827a6da415 100644 --- a/rpc_deployment/library/lxc +++ b/rpc_deployment/library/lxc @@ -965,7 +965,7 @@ class LxcManagement(object): self.module.get_bin_path('lxc-stop', True), '--logfile /tmp/lxc-ansible-%s-stop.log' % name, '--logpriority INFO', - '--timeout 10', + '--timeout 120', '--name %s' % name ] diff --git a/rpc_deployment/playbooks/setup/containers-setup.yml b/rpc_deployment/playbooks/setup/containers-setup.yml index f3c48ae89f..5c95810bcc 100644 --- a/rpc_deployment/playbooks/setup/containers-setup.yml +++ b/rpc_deployment/playbooks/setup/containers-setup.yml @@ -13,16 +13,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -- hosts: "{{ host_group|default('hosts') }}" +- hosts: "{{ host_group|default('all_containers') }}" user: root + gather_facts: false roles: - container_setup vars_files: - vars/config_vars/container_interfaces.yml - vars: - default_container_groups: "{{ hostvars[inventory_hostname]['container_types'] }}" - container_groups: "{{ groups[container_group|default(default_container_groups)] | default('') }}" - required_container_config_options: - - "lxc.mount.entry=/openstack/log/{{ hostvars[item]['container_name'] }} var/log/{{ hostvars[item]['service_name'] }} none defaults,bind,rw 0 0" - - "lxc.mount.entry=/openstack/backup/{{ hostvars[item]['container_name'] }} var/backup none defaults,bind,rw 0 0" - - "lxc.mount.entry=/openstack/monitoring monitoring none defaults,bind,rw 0 0" diff --git a/rpc_deployment/playbooks/setup/destroy-containers.yml b/rpc_deployment/playbooks/setup/destroy-containers.yml index 732085bd83..7f8c49dc49 100644 --- a/rpc_deployment/playbooks/setup/destroy-containers.yml +++ b/rpc_deployment/playbooks/setup/destroy-containers.yml @@ -14,10 +14,8 @@ # limitations under the License. # This playbook destroys all known containers. -- hosts: "{{ host_group|default('hosts') }}" +- hosts: "{{ host_group|default('all_containers') }}" user: root + gather_facts: false roles: - container_destroy - vars: - default_container_groups: "{{ hostvars[inventory_hostname]['container_types'] }}" - container_groups: "{{ groups[container_group|default(default_container_groups)] }}" diff --git a/rpc_deployment/roles/container_create/tasks/main.yml b/rpc_deployment/roles/container_create/tasks/main.yml index 096b24edcc..f0bb841ab7 100644 --- a/rpc_deployment/roles/container_create/tasks/main.yml +++ b/rpc_deployment/roles/container_create/tasks/main.yml @@ -14,4 +14,4 @@ # limitations under the License. - include: container_create.yml - when: container_groups|length > 0 + diff --git a/rpc_deployment/roles/container_destroy/tasks/main.yml b/rpc_deployment/roles/container_destroy/tasks/main.yml index f34b49722d..cdde66d06b 100644 --- a/rpc_deployment/roles/container_destroy/tasks/main.yml +++ b/rpc_deployment/roles/container_destroy/tasks/main.yml @@ -17,6 +17,7 @@ - name: Destroy Containers lxc: - name: "{{ hostvars[item]['container_name'] }}" + name: "{{ container_name }}" command: "destroy" - with_items: container_groups + delegate_to: "{{ physical_host }}" + diff --git a/rpc_deployment/roles/container_restart/tasks/main.yml b/rpc_deployment/roles/container_restart/tasks/main.yml index becbd9e8d1..3162d35aea 100644 --- a/rpc_deployment/roles/container_restart/tasks/main.yml +++ b/rpc_deployment/roles/container_restart/tasks/main.yml @@ -14,4 +14,4 @@ # limitations under the License. - include: container_restart.yml - when: container_groups|length > 0 + diff --git a/rpc_deployment/roles/container_setup/tasks/container_setup.yml b/rpc_deployment/roles/container_setup/tasks/container_setup.yml index 252f5ef950..92d21f85b5 100644 --- a/rpc_deployment/roles/container_setup/tasks/container_setup.yml +++ b/rpc_deployment/roles/container_setup/tasks/container_setup.yml @@ -16,109 +16,54 @@ - name: Obtain the Systems SSH-Key set_fact: container_ssh_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" + delegate_to: "{{ physical_host }}" - name: Fail when empty or non-existent SSH pub key - fail: > - msg="Failing - ~/.ssh/id_rsa.pub file doesn't exist or is empty" + fail: msg="Failing - ~/.ssh/id_rsa.pub file doesn't exist or is empty" when: container_ssh_key == "" - -- name: Set the SSH key in place - lxc: > - name={{ hostvars[item]['container_name'] }} - command=attach - container_command=" - mkdir -p ~/.ssh/; - if [ ! -f \"~/.ssh/authorized_keys\" ];then - touch ~/.ssh/authorized_keys; - fi; - grep '{{ container_ssh_key }}' ~/.ssh/authorized_keys || - echo '{{ container_ssh_key }}' | tee -a ~/.ssh/authorized_keys; - " - with_items: container_groups - -- name: Set base network interface - lxc: > - name={{ hostvars[item]['container_name'] }} - command=attach - container_command=" - echo -e '{{ container_interface }}' | tee /etc/network/interfaces; - " - with_items: container_groups - -- name: Set management network interface - lxc: > - name={{ hostvars[item]['container_name'] }} - command=attach - container_command=" - echo -e '{{ management_interface }}' | tee /etc/network/interfaces.d/management.cfg; - " - with_items: container_groups - -- name: Ensure SSH is avail at boot - lxc: > - name={{ hostvars[item]['container_name'] }} - command=attach - container_command="update-rc.d ssh defaults" - with_items: container_groups - -- name: Ensure SSH is available for root - lxc: > - name={{ hostvars[item]['container_name'] }} - command=attach - container_command="sed -i 's/PermitRootLogin.*/PermitRootLogin\ yes/g' /etc/ssh/sshd_config" - with_items: container_groups - -- name: Ensure SSH started - lxc: > - name={{ hostvars[item]['container_name'] }} - command=attach - container_command="service ssh restart" - with_items: container_groups - -- name: Ensure required inner directories - lxc: > - name={{ hostvars[item.1]['container_name'] }} - command=attach - container_command="mkdir -p {{ item.0 }}" - with_nested: - - [ "/monitoring", "/etc/network/interfaces.d", "/var/backup" ] - - container_groups - -- name: Create Required local log directories - file: > - path="{{ item.0 }}/{{ hostvars[item.1]['container_name'] }}" - state=directory - with_nested: - - [ "/openstack/backup", "/openstack/log" ] - - container_groups + delegate_to: "{{ physical_host }}" - name: Create Required local monitoring directories - file: > - path={{ item }} - state=directory + file: + path: "{{ item }}" + state: "directory" with_items: - - "/openstack/monitoring" + - "/openstack/backup/{{ container_name }}" + - "/openstack/log/{{ container_name }}" + delegate_to: "{{ physical_host }}" -- name: Ensure required inner service directories - lxc: > - name={{ hostvars[item.1]['container_name'] }} - command=attach - container_command="mkdir -p {{ item.0 }}/{{ hostvars[item.1]['service_name'] }}" - with_nested: - - [ "/etc", "/var/log" ] - - container_groups - -- name: Ensure python2.7 installed - lxc: > - name={{ hostvars[item]['container_name'] }} - command=attach - container_command="apt-get -y install python2.7; rm /usr/bin/python; ln -s /usr/bin/python2.7 /usr/bin/python" - with_items: container_groups +- name: Basic Inner Container Setup + lxc: + name: "{{ container_name }}" + command: "attach" + container_command: | + mkdir -p ~/.ssh/ + if [ ! -f "~/.ssh/authorized_keys" ];then + touch ~/.ssh/authorized_keys + fi + grep '{{ container_ssh_key }}' ~/.ssh/authorized_keys || echo '{{ container_ssh_key }}' | tee -a ~/.ssh/authorized_keys + # Create internal directories + mkdir -p /monitoring + mkdir -p /etc/network/interfaces.d + mkdir -p /var/backup + mkdir -p '/var/log/{{ service_name }}' + mkdir -p '/etc/{{ service_name }}' + sed -i 's/PermitRootLogin.*/PermitRootLogin\ yes/g' /etc/ssh/sshd_config + service ssh restart + apt-get update + apt-get -y install python2.7 + rm /usr/bin/python + ln -s /usr/bin/python2.7 /usr/bin/python + echo -e '{{ default_interfaces }}' | tee /etc/network/interfaces + echo -e '{{ management_interface }}' | tee /etc/network/interfaces.d/management.cfg + delegate_to: "{{ physical_host }}" - name: Ensure Required container config options - lxc: > - name={{ hostvars[item]['container_name'] }} - command=config - options="{{ required_container_config_options }}" - state=running - with_items: container_groups + lxc: + name: "{{ container_name }}" + command: config + options: + - "lxc.mount.entry=/openstack/log/{{ container_name }} var/log/{{ service_name }} none defaults,bind,rw 0 0" + - "lxc.mount.entry=/openstack/backup/{{ container_name }} var/backup none defaults,bind,rw 0 0" + state: running + delegate_to: "{{ physical_host }}" diff --git a/rpc_deployment/roles/container_setup/tasks/main.yml b/rpc_deployment/roles/container_setup/tasks/main.yml index b330a5fb08..e5f599fb61 100644 --- a/rpc_deployment/roles/container_setup/tasks/main.yml +++ b/rpc_deployment/roles/container_setup/tasks/main.yml @@ -14,4 +14,4 @@ # limitations under the License. - include: container_setup.yml - when: container_groups|length > 0 + diff --git a/rpc_deployment/vars/config_vars/container_interfaces.yml b/rpc_deployment/vars/config_vars/container_interfaces.yml index 3ceaefa1e4..d5cab6a909 100644 --- a/rpc_deployment/vars/config_vars/container_interfaces.yml +++ b/rpc_deployment/vars/config_vars/container_interfaces.yml @@ -13,19 +13,18 @@ # See the License for the specific language governing permissions and # limitations under the License. -container_interface: | +default_interfaces: | # The loopback network interface auto lo iface lo inet loopback - + # LXC interface auto eth0 iface eth0 inet dhcp - + # Load any additional configs source /etc/network/interfaces.d/*.cfg - management_interface: | - auto {{ hostvars[item]['container_network']['container_interface'] }} - iface {{ hostvars[item]['container_network']['container_interface'] }} inet static - address {{ hostvars[item]['container_address'] }} - netmask {{ hostvars[item]['container_network']['container_netmask']|default(hostvars[item]['container_netmask']) }} + auto {{ container_network['container_interface'] }} + iface {{ container_network['container_interface'] }} inet static + address {{ container_address }} + netmask {{ container_network['container_netmask']|default(container_netmask) }}