--- # Copyright 2016, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Usage: # This common task will update lxc containers to use the lxc-openstack # app-armor profile by default however this profile can be changed as needed. # This will also load in a list of bind mounts for a given container. To load # in a list of bind mounts the variable, "list_of_bind_mounts" must be used # containing at least one dictionary with the keys "bind_dir_path", # "relative_bind_dir_path", and "mount_path". # * bind_dir_path = Container path used in a bind mount # * mount_path = Local path on the physical host used for a bind mount # If extra container configurations are desirable set the # "extra_container_config" list to strings containing the options needed. - name: Set default bind mounts (bind var/log) set_fact: lxc_default_bind_mounts: '{{ lxc_default_bind_mounts | default([{"bind_dir_path": "/var/log", "mount_path": "/openstack/log/" ~ inventory_hostname}]) }}' when: - default_bind_mount_logs | bool tags: - common-lxc - name: Ensure mount directories exists file: path: "{{ item['mount_path'] }}" state: "directory" with_items: - "{{ lxc_default_bind_mounts | default([]) }}" - "{{ list_of_bind_mounts | default([]) }}" delegate_to: "{{ physical_host }}" tags: - common-lxc - name: Add bind mount configuration to container lineinfile: dest: "/var/lib/lxc/{{ inventory_hostname }}/config" line: "lxc.mount.entry = {{ item['mount_path'] }} {{ item['bind_dir_path'].lstrip('/') }} none bind,create=dir 0 0" insertbefore: "^lxc.mount.entry = .*\\s{{ item['bind_dir_path'].lstrip('/') | regex_replace('/', '\/') }}.*" backup: "true" with_items: - "{{ lxc_default_bind_mounts | default([]) }}" - "{{ list_of_bind_mounts | default([]) }}" delegate_to: "{{ physical_host }}" register: _mc tags: - common-lxc - name: Extra lxc config lineinfile: path: "/var/lib/lxc/{{ inventory_hostname }}/config" regexp: "^{{ item.split('=')[0] }} =" line: "{{ item.split('=')[0] }} = {{ item.split('=', 1)[1] }}" backup: "true" with_items: "{{ extra_container_config | default([]) }}" delegate_to: "{{ physical_host }}" register: _ec tags: - common-lxc - name: Extra lxc config no restart lineinfile: path: "/var/lib/lxc/{{ inventory_hostname }}/config" regexp: "^{{ item.split('=')[0] }} =" line: "{{ item.split('=')[0] }} = {{ item.split('=', 1)[1] }}" backup: "true" with_items: "{{ extra_container_config_no_restart | default(['lxc.start.order=100']) }}" delegate_to: "{{ physical_host }}" tags: - common-lxc - name: Check container state command: "lxc-info -n {{ inventory_hostname }} --state" changed_when: false delegate_to: "{{ physical_host }}" register: _lxc_container_state until: _lxc_container_state is success retries: 3 delay: 5 when: - (_mc is defined and _mc is changed) or (_ec is defined and _ec is changed) # Due to https://github.com/ansible/ansible-modules-extras/issues/2691 # this uses the LXC CLI tools to ensure that we get logging. # TODO(odyssey4me): revisit this once the bug is fixed and released # NOTE(cloudnull): The `lxc-stop` command will have an RC of 2 if the command # fails due to a container already being in a stopped state. - name: Lxc container restart command: > lxc-stop --name {{ inventory_hostname }} --logfile {{ lxc_container_log_path }}/lxc-{{ inventory_hostname }}.log --logpriority {{ (debug | bool) | ternary('DEBUG', 'INFO') }} delegate_to: "{{ physical_host }}" register: container_stop until: container_stop is success retries: 3 failed_when: - container_stop.rc not in [0, 2] when: - lxc_container_allow_restarts | default(True) | bool - (_mc is defined and _mc is changed) or (_ec is defined and _ec is changed) - _lxc_container_state.stdout.find('RUNNING') != -1 tags: - common-lxc # Due to https://github.com/ansible/ansible-modules-extras/issues/2691 # this uses the LXC CLI tools to ensure that we get logging. # TODO(odyssey4me): revisit this once the bug is fixed and released - name: Start Container command: > lxc-start --daemon --name {{ inventory_hostname }} --logfile {{ lxc_container_log_path }}/lxc-{{ inventory_hostname }}.log --logpriority {{ (debug | bool) | ternary('DEBUG', 'INFO') }} delegate_to: "{{ physical_host }}" register: container_start until: container_start is success retries: 3 when: - (_mc is defined and _mc is changed) or (_ec is defined and _ec is changed) tags: - common-lxc - name: Wait for container tmpfiles-setup finish raw: systemctl list-units systemd-tmpfiles-setup.service --no-legend | grep 'exited' >/dev/null register: systemd_tmpfiles until: systemd_tmpfiles.rc == 0 retries: 20 delay: 2 changed_when: false - name: Wait for container connectivity wait_for_connection: connect_timeout: "{{ lxc_container_wait_params.connect_timeout | default(omit) }}" delay: "{{ lxc_container_wait_params.delay | default(omit) }}" sleep: "{{ lxc_container_wait_params.sleep | default(omit) }}" timeout: "{{ lxc_container_wait_params.timeout | default(omit) }}" when: - (_mc is defined and _mc is changed) or (_ec is defined and _ec is changed) tags: - common-lxc