Added base-image building the the environment

This change adds the ability for the system to rebuild the lxc base image from an upstream LXC rootfs as created by "images.lxccontainers.org". The change creates the image and builds a base index with the repo servers. Once the image is created all subsequent container builds are built using a cached image from the server to the hosts. The cache will speed up container builds and consistency. This change is a gateway to being able to do to an image base deployment. Change-Id: I7489381249f98fe536ef0844468b743f93683db1 Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
cloudnull · Oct 6, 2015 · 749d306 · 749d306
1 parent c18c667
commit 749d306
Show file tree

Hide file tree

Showing 25 changed files with 533 additions and 199 deletions.
diff --git a/playbooks/inventory/group_vars/hosts.yml b/playbooks/inventory/group_vars/hosts.yml
@@ -35,15 +35,8 @@ rsyslog_server_storage_directory: /var/log/log-storage
 
 ## OpenStack source options
 # URL for the frozen internal openstack repo.
-openstack_repo_url: "http://{{ internal_lb_vip_address }}:{{ repo_server_port }}"
-
-
-## LXC options
-lxc_container_caches:
-  - url: "{{ repo_pip_default_index | netorigin }}/container_images/rpc-trusty-container.tgz"
-    name: "trusty.tgz"
-    sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c"
-    chroot_path: trusty/rootfs-amd64
+openstack_repo_uri: "{{ internal_lb_vip_address }}:{{ repo_server_port }}"
+openstack_repo_url: "http://{{ openstack_repo_uri }}"
 
 
 ## RabbitMQ

diff --git a/playbooks/lxc-containers-create.yml b/playbooks/lxc-containers-create.yml
@@ -14,23 +14,19 @@
 # limitations under the License.
 
 - name: Create container(s)
-  hosts: "{{ container_group|default('all_containers') }}"
+  hosts: "{{ container_group|default('all_containers') }}:!repo_container"
   max_fail_percentage: 20
   gather_facts: false
   user: root
   roles:
-    - { role: "lxc_container_create", tags: [ "lxc-container-create" ] }
-  post_tasks:
-    - name: Wait for ssh to be available
-      local_action:
-        module: wait_for
-        port: "{{ ansible_ssh_port | default('22') }}"
-        host: "{{ ansible_ssh_host | default(inventory_hostname) }}"
-        search_regex: OpenSSH
-        delay: 1
+    - role: "lxc_container_create"
+      lxc_container_image_server: "{{ openstack_repo_uri }}"
+      lxc_container_variant: "base-image"
+      lxc_container_release: "{{ properties.container_release|default('trusty') }}"
+      lxc_container_fs_size: "{{ properties.container_fs_size|default('5G') }}"
+      when: not is_metal | bool
       tags:
-        - lxc-container-wait-for-ssh
+        - "lxc-container-create"
   vars:
     ansible_hostname: "{{ container_name }}"
     is_metal: "{{ properties.is_metal|default(false) }}"
-    lxc_container_release: "{{ properties.container_release|default('trusty') }}"
diff --git a/playbooks/repo-install.yml b/playbooks/repo-install.yml
@@ -13,5 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- include: repo-server-container-create.yml
 - include: repo-server.yml
 - include: repo-build.yml
diff --git a/playbooks/repo-server-container-create.yml b/playbooks/repo-server-container-create.yml
@@ -0,0 +1,101 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Create container(s)
+  hosts: "repo-infra_hosts[0]"
+  max_fail_percentage: 20
+  gather_facts: false
+  user: root
+  roles:
+    - role: "lxc_image_cache"
+      lxc_image_compression: 0
+      lxc_image_cache_destroy: true
+      lxc_image_cache_index_create: false
+      lxc_image_cache_create: false
+      lxc_image_cache_host_preload: true
+      lxc_image_cache_base_container_destroy: false
+      lxc_image_pre_seed: true
+      lxc_image_tag: "repo-server"
+      tags:
+        - "lxc-image-index"
+  post_tasks:
+    - name: Create the root system user
+      user:
+        name: "root"
+        group: "root"
+        comment: "root"
+        shell: "/bin/bash"
+        system: "yes"
+        createhome: "yes"
+        home: "/root"
+        generate_ssh_key: "yes"
+      tags:
+        - repo-ssh-key
+
+    - name: Get public key contents and store as var
+      command: |
+        cat /root/.ssh/id_rsa.pub
+      register: pub_key
+      changed_when: false
+      tags:
+        - repo-ssh-key
+
+    - name: Register a fact for the nova pub key
+      set_fact:
+         repo_pubkey: "{{ pub_key.stdout }}"
+      tags:
+        - repo-ssh-key
+
+    - name: Create authorized keys file from host vars
+      authorized_key:
+        user: "root"
+        key: "{{ hostvars[item]['repo_pubkey'] }}"
+      with_items: groups['repo-infra_hosts']
+      tags:
+        - repo-ssh-key
+
+    - name: Sync the built base images to the repo hosts
+      synchronize:
+        src: "/var/cache/lxc"
+        mode: pull
+        dest: "/var/cache/lxc"
+        set_remote_user: False
+      delegate_to: "{{ groups['repo-infra_hosts'][0] }}"
+      with_items: groups['repo-infra_hosts']
+      when: item != groups['repo-infra_hosts'][0]
+      tags:
+        - base-lxc-cache
+  vars:
+    ansible_hostname: "{{ container_name }}"
+
+
+- name: Setup repo servers
+  hosts: repo_all
+  max_fail_percentage: 20
+  user: root
+  roles:
+    - role: "lxc_container_create"
+      lxc_container_fs_size: "{{ properties.container_fs_size|default('5G') }}"
+      lxc_container_template_options: >
+        --dist=ubuntu
+        --release=trusty
+        --arch=amd64
+        --variant=base-image
+        --no-validate
+        --force-cache
+      tags:
+        - "lxc-container-create"
+  tags:
+    - repo-infra-all
diff --git a/playbooks/repo-server.yml b/playbooks/repo-server.yml
@@ -51,7 +51,11 @@
       tags:
         - ssh-wait
   roles:
-    - { role: "repo_server", tags: [ "repo-server" ] }
+    - { role: "py_from_git", tags: [ "lxc-libs" ] }
+    - role: "repo_server"
+      repo_lxc_image_tag: "{{ openstack_release }}"
+      tags:
+        - "repo-server"
     - role: "rsyslog_client"
       rsyslog_client_log_rotate_file: repo_log_rotate
       rsyslog_client_log_dir: "/var/log/nginx"
@@ -66,3 +70,5 @@
     pip_no_index: false
     ansible_hostname: "{{ container_name }}"
     is_metal: "{{ properties.is_metal|default(false) }}"
+  vars_files:
+    - defaults/repo_packages/python2_lxc.yml
diff --git a/playbooks/roles/lxc_container_create/defaults/main.yml b/playbooks/roles/lxc_container_create/defaults/main.yml
@@ -16,7 +16,7 @@
 lxc_container_config: /etc/lxc/lxc-openstack.conf
 
 # Default container template to build from
-lxc_container_template: ubuntu
+lxc_container_template: download
 
 # lxc container rootfs directory and cache path
 lxc_container_directory: "/var/lib/lxc"
@@ -34,12 +34,18 @@ lxc_container_vg_name: lxc
 
 # Default image to build from
 lxc_container_release: trusty
-lxc_container_user_name: ubuntu
-lxc_container_user_password: "{{ lookup('pipe', 'date --rfc-3339=ns | sha512sum | base64 | head -c 32') }}"
+lxc_container_distro: ubuntu
+lxc_container_arch: amd64
+lxc_container_variant: default
+lxc_container_image_server: images.linuxcontainers.org
 lxc_container_template_options: >
-  --release {{ lxc_container_release }}
-  --user {{ lxc_container_user_name }}
-  --password {{ lxc_container_user_password }}
+  --dist={{ lxc_container_distro }}
+  --release={{ lxc_container_release }}
+  --arch={{ lxc_container_arch }}
+  --server={{ lxc_container_image_server }}
+  --variant={{ lxc_container_variant }}
+  --no-validate
+
 
 lxc_container_template_main_apt_repo: "https://mirror.rackspace.com/ubuntu"
 lxc_container_template_security_apt_repo: "https://mirror.rackspace.com/ubuntu"

diff --git a/playbooks/roles/lxc_container_create/tasks/container_create.yml b/playbooks/roles/lxc_container_create/tasks/container_create.yml
@@ -58,14 +58,14 @@
   lxc_container:
     name: "{{ inventory_hostname }}"
     container_log: "true"
-    config: "{{ properties.container_config|default(lxc_container_config) }}"
-    template: "{{ properties.container_template|default(lxc_container_template) }}"
+    config: "{{ lxc_container_config }}"
+    template: "{{ lxc_container_template }}"
     state: started
-    backing_store: "{{ properties.container_backing_store|default(lxc_container_backing_store) }}"
+    backing_store: "{{ lxc_container_backing_store }}"
     directory: "{{ lxc_container_rootfs_directory }}"
-    fs_size: "{{ properties.container_fs_size|default(lxc_container_fs_size) }}"
-    fs_type: "{{ properties.container_fs_type|default(lxc_container_fs_type) }}"
-    vg_name: "{{ properties.container_vg_name|default(lxc_container_vg_name) }}"
+    fs_size: "{{ lxc_container_fs_size }}"
+    fs_type: "{{ lxc_container_fs_type }}"
+    vg_name: "{{ lxc_container_vg_name }}"
     template_options: "{{ lxc_container_template_options }}"
     container_command: |
       if [ -f  "/usr/lib/systemd/system/poweroff.target" ];then
@@ -184,19 +184,6 @@
 # Flush the handlers to ensure the container and networking is online.
 - meta: flush_handlers
 
-# Resets the container user's password using lxc_container because Python2.7
-#  may not be installed at this point.
-- name: Force container user password set
-  lxc_container:
-    name: "{{ inventory_hostname }}"
-    container_command: |
-      getent passwd "{{ lxc_container_user_name }}" &&
-      echo "{{ lxc_container_user_name }}:{{ lxc_container_user_password }}" | chpasswd
-  delegate_to: "{{ physical_host }}"
-  no_log: True
-  tags:
-    - lxc-container-user-password-regen
-
 # Setup proxy configs, this is done here to ensure that we have our container proxy setup
 #  prior to running online commands. This is using lxc_container because python2.7 may not be
 #  installed at this point.
@@ -212,3 +199,27 @@
   delegate_to: "{{ physical_host }}"
   tags:
     - lxc-container-proxy
+
+- name: Obtain the system's ssh public key
+  set_fact:
+    lxc_container_ssh_key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
+  when:
+    - lxc_container_ssh_key is not defined
+  delegate_to: "{{ physical_host }}"
+  tags:
+    - lxc-container-post-build
+
+- name: LXC post build complete
+  lxc_container:
+    name: "{{ inventory_hostname }}"
+    container_command: |
+      if [ ! -d "/root/.ssh" ];then
+        mkdir /root/.ssh
+      fi
+      echo "{{ lxc_container_ssh_key }}" | tee /root/.ssh/authorized_keys
+      sed -i 's/127\.0\.1\.1.*/127\.0\.1\.1 {{ inventory_hostname | replace('_', '-') }}/g' /etc/hosts
+      echo "{{ inventory_hostname | replace('_', '-') }}" | tee /etc/hostname
+      hostname $(cat /etc/hostname)
+  delegate_to: "{{ physical_host }}"
+  tags:
+    - lxc-container-post-build
diff --git a/playbooks/roles/lxc_hosts/defaults/main.yml b/playbooks/roles/lxc_hosts/defaults/main.yml
@@ -44,19 +44,6 @@ lxc_kernel_options:
   - { key: 'fs.inotify.max_user_instances', value: 1024 }
   - { key: 'vm.swappiness', value: 10 }
 
-# Default image to build from
-lxc_container_release: trusty
-lxc_container_user_name: ubuntu
-lxc_container_user_password: "{{ lookup('pipe', 'date --rfc-3339=ns | sha512sum | base64 | head -c 32') }}"
-lxc_container_template_options: >
-  --release {{ lxc_container_release }}
-  --user {{ lxc_container_user_name }}
-  --password {{ lxc_container_user_password }}
-
-lxc_container_template_main_apt_repo: "https://mirror.rackspace.com/ubuntu"
-lxc_container_template_security_apt_repo: "https://mirror.rackspace.com/ubuntu"
-
-
 # Required apt packages.
 lxc_apt_packages:
   - apparmor-utils
@@ -72,25 +59,3 @@ lxc_apt_packages:
   - lxc-templates
   - python-dev
   - python3-lxc
-
-# Commands to run against cached LXC image
-lxc_cache_commands:
-  - apt-get update
-  - apt-get -y upgrade
-  - apt-get -y install python2.7
-  - rm -f /usr/bin/python
-  - ln -s /usr/bin/python2.7 /usr/bin/python
-
-lxc_cache_sshd_configuration:
-    - { regexp: "^PermitRootLogin",         line: "PermitRootLogin yes" }
-    - { regexp: "^TCPKeepAlive",            line: "TCPKeepAlive yes" }
-    - { regexp: "^UseDNS",                  line: "UseDNS no" }
-    - { regexp: "^X11Forwarding",           line: "X11Forwarding no" }
-    - { regexp: "^PasswordAuthentication",  line: "PasswordAuthentication no" }
-
-# Prebuilt images to deploy onto hosts for use in containers.
-# lxc_container_caches:
-#   - url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz"
-#     name: "trusty.tgz"
-#     sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c"
-#     chroot_path: trusty/rootfs-amd64
diff --git a/playbooks/roles/lxc_hosts/tasks/lxc_cache.yml b/playbooks/roles/lxc_hosts/tasks/lxc_cache.yml