OpenStack-Ansible LXC hosts¶
Ansible role that configures a host for running LXC containers.
To clone or view the source code for this repository, visit the role repository for lxc_hosts.
Default variables¶
# Validate certificates when downloading LXC templates
lxc_hosts_validate_certs: yes
# Set the package install state for distribution packages
# Options are 'present' and 'latest'
lxc_hosts_package_state: "latest"
# Define a list of extra distribuition packages to install onto the host
# at the discretion of the deployer
lxc_hosts_extra_distro_packages: []
# Define the total list of packages which to install onto the host combining
# distibution specific and deployers extra package lists
lxc_hosts_distro_packages: "{{ _lxc_hosts_distro_packages + lxc_hosts_extra_distro_packages }}"
# Mappings from Ansible reported architecture to distro release architecture
lxc_architecture_mapping:
x86_64: amd64
ppc64le: ppc64el
s390x: s390x
armv7l: armhf
aarch64: arm64
# Set the volume size for the machine image caches. We only use the
# most specific mountpoint from the hierarchy.
# NOTE: Size is set in Gigabytes.
lxc_host_machine_volume_size: |-
{%- set mounts = [] -%}
{%- set mount_points = ['/var/lib/machines', '/var/lib/', '/var', '/'] -%}
{%- for mount in mount_points -%}
{%- for dev in ansible_mounts -%}
{%- if mount == dev.mount -%}
{%- set _ = mounts.append(dev.size_total // (1024 ** 3)) -%}
{%- endif -%}
{%- endfor -%}
{%- endfor -%}
{{ mounts[0] }}
# Enable or Disable the BTRFS quota system for the "/var/lib/machines" mount
# point. More information on the BTRFS quota system can be found here:
# * https://btrfs.wiki.kernel.org/index.php/Quota_support
lxc_host_machine_quota_disabled: false
# Set the default qgroup limits used for file system quotas. The default is
# "none". See the following documentation for more information:
# * https://btrfs.wiki.kernel.org/index.php/Manpage/btrfs-qgroup
lxc_host_machine_qgroup_space_limit: none
lxc_host_machine_qgroup_compression_limit: none
# DefaultTasksMax systemd value. It's not recommended to change this value as it
# could prevent new processes from starting on busy containers.
lxc_default_tasks_max: 8192
# lxc container rootfs directory and cache path
lxc_container_directory: "/var/lib/lxc"
lxc_container_cache_path: "/var/cache/lxc/download"
# The container backing store can be set to 'overlayfs' to use overlayfs
# This should only be done for production use with a linux kernel > 3.14
# which is when overlayfs was merged into the mainline kernel
# lxc_container_backing_store: overlayfs
# The container backing method can be set to 'copy-on-write' to use LVM
# snapshot-backed containers when the container backing store is set to
# 'lvm'.
# lxc_container_backing_method: copy-on-write
# The cache map is used as a basic instruction set when prep'ing the base
# container image. If the cache map is overridden, the following fields are
# required:
# lxc_cache_map:
# distro: name of the distro
# arch: "CPU architecture"
# release: version of the release
# copy_from_host: [] # List of files to copy into the container
lxc_cache_map: "{{ _lxc_cache_map }}"
# When using a base container to snapshot from for the overlayfs or LVM
# copy-on-write backing stored, the base container can be set.
lxc_container_base_name: "{{ lxc_cache_map.distro }}-{{ lxc_cache_map.release }}-{{ lxc_cache_map.arch }}"
# Set the default zfs root name
lxc_container_zfs_root_name: "pool/lxc"
# lxc container net network
lxc_net_bridge: lxcbr0
lxc_net_bridge_port: none
lxc_net_address: 10.0.3.1
lxc_net_netmask: 255.255.255.0
lxc_net_cidr: 24
lxc_net_gateway: null ## if null, no gateway will be on the LXC bridge. lxc_net_nat must be "false" to use a gateway.
#lxc_net_mtu: 1500 ##setting this variable will add mtu configuration for the lxc config and network bridge
# lxc container nat enabled
lxc_net_nat: true ## If "true", nat rules will be created with the lxc network.
# Enable iptables for lxc network
lxc_net_manage_iptables: true ## If "true" iptables rules will be added when the bridge is up and deleted when bridge is down
# lxc container dhcp settings
lxc_net_dhcp_range: 10.0.3.2,10.0.3.253
lxc_net_dhcp_max: 253
lxc_net_dhcp_config: ''
lxc_net_dnsmasq_user: lxc-dnsmasq
lxc_net_domain: ''
# lxc network ipv6 settings
lxc_net6_address: null ## ie. fd05:ffb8:32b4:1212::1
lxc_net6_netmask: null ## ie. 64
lxc_net6_nat: false
# System control kernel tuning
lxc_kernel_options:
- { key: 'fs.inotify.max_user_instances', value: 1024 }
lxc_cache_sshd_configuration:
- { regexp: "^PermitRootLogin", line: "PermitRootLogin prohibit-password" }
- { regexp: "^TCPKeepAlive", line: "TCPKeepAlive yes" }
- { regexp: "^UseDNS", line: "UseDNS no" }
- { regexp: "^X11Forwarding", line: "X11Forwarding no" }
- { regexp: "^PasswordAuthentication", line: "PasswordAuthentication no" }
# The compression ratio used when creating the container cache rootfs archive
lxc_image_compression_ratio: 0
# A list of files may be copied into the container image cache from the
# deployment host during its preparation.
# Example:
# lxc_container_cache_files:
# - src: "/etc/openstack_deploy/files/etc/issue"
# dest: "/etc/issue"
lxc_container_cache_files: []
# A list of files may be copied into the container image cache from the
# LXC host during its preparation.
# Example:
# lxc_container_cache_files_from_host:
# - "/etc/apt/sources.list.d/myrepo.list"
lxc_container_cache_files_from_host: []
# LXC container shutdown delay before force-killing running container
lxc_container_shutdown_delay: 60
# DNS servers to use during cache preparation
lxc_cache_prep_dns:
- "{{ lxc_net_address }}"
# Custom shell commands to run before/after the LXC cache prep process has taken
# place.
lxc_cache_prep_pre_commands: '## pre command skipped ##'
lxc_cache_prep_post_commands: '## post command skipped ##'
# User defined variable pointing to a specific variable file used when setting
# up the base container image. Deployers can use the provided container variable
# files by simply inputting the file name
# "{{ ansible_distribution }}-{{ ansible_distribution_version }}-container.yml"
# or by providing the full path to a local file containing all of the variables
# needed to prepare a container. built-in supported values are:
# [redhat-7.yml, suse-42.yml, ubuntu-16.04.yml, ubuntu-18.04.yml]
#lxc_user_defined_container: null
# Full path to the base image prep script. By default this will use the
# named script for a given OS within the "templates/prep-scripts" directory.
# If a deployer wishes to override this script with something else they can
# do so by defining a user variable with the full path to the local script
# which will be templated onto the deployment targets.
lxc_cache_prep_template: "{{ _lxc_cache_prep_template }}"
## Define a list of extra distribuition packages to install in the container
# cache at the discretion of the deployer
lxc_cache_extra_distro_packages: []
# List of packages to be installed into the base container cache
# Combines the distribution specific list with deployers extra list
lxc_cache_distro_packages: "{{ _lxc_cache_distro_packages + lxc_cache_extra_distro_packages }}"
# The maximum amount of time (in seconds) to wait until failing the cache
# preparation process. This is necessary to mitigate the issue that can
# arise where the cache prep hangs and never fails.
# The value is specified in seconds, with the default being 20 minutes.
lxc_cache_prep_timeout: "{{ _lxc_cache_prep_timeout | default(1200) }}"
# Set the server to download LXC images from.
lxc_image_cache_server_mirrors:
- https://images.linuxcontainers.org
# URL for the image to build our containers
lxc_hosts_container_image_url: "{{ _lxc_hosts_container_image_url | default('') }}"
# If enabled the image will be fetched from the legacy [images.linuxcontainers.org].
lxc_hosts_container_image_download_legacy: "{{ _lxc_hosts_container_image_download_legacy | default(false) }}"
# Local path to cached image
lxc_image_cache_path: "/var/lib/machines/{{ lxc_container_base_name }}"
# Mode to pull image. This is used to pull the image from a remote source.
# Valid options are [import-tar, import-raw]
lxc_image_cache_pull_mode: "import-tar"
# Set this option to true to pull a new cached image.
lxc_image_cache_refresh: false
# The keyservers to use when validating GPG keys for the downloaded cache
lxc_image_cache_primary_keyserver: hkp://p80.pool.sks-keyservers.net:80
lxc_image_cache_secondary_keyserver: hkp://keyserver.ubuntu.com:80
## Default download template options
## This can be customized to use a local build server and options.
## By default these options will be fulfilled by the distro specific
## variable files found in vars/
# lxc_cache_download_template_options: >
# --dist NAME_OF_DISTRO
# --release DISTRO_RELEASE
# --arch CONTAINER_ARCH
# --force-cache
# --server SERVER_TO_GET_IMAGES_FROM
lxc_cache_default_variant: default
lxc_cache_download_template_extra_options: ""
lxc_cache_download_template_options: >-
--dist {{ lxc_cache_map.distro }}
--release {{ lxc_cache_map.release }}
--arch {{ lxc_cache_map.arch }}
--force-cache
--server localhost
--variant {{ lxc_cache_default_variant }}
{{ lxc_cache_download_template_extra_options }}
# Locales to populate in the LXC base cache
lxc_cache_locales: "{{ _lxc_cache_locales | default(['en_US.UTF-8']) }}"
# Centos EPEL repository options
lxc_centos_epel_mirror: "{{ centos_epel_mirror | default('http://download.fedoraproject.org/pub/epel') }}"
lxc_centos_epel_key: "{{ centos_epel_key | default('http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7') }}"
# LXC must be installed from a COPR repository on CentOS 7 since the version
# provided in EPEL is much too old (1.x).
lxc_centos_package_baseurl: https://copr-be.cloud.fedoraproject.org/results/thm/lxc2.0/epel-7-x86_64/
lxc_centos_package_key: https://copr-be.cloud.fedoraproject.org/results/thm/lxc2.0/pubkey.gpg
## Set default mirror for openSUSE repositories
# NOTE(hwoarang): Ensure that the full path to the 'opensuse' directory is used.
# Additionally, set 'lxc_hosts_opensuse_mirror_obs_url' to a mirror which also mirrors
# the OBS repositories. If you want to use the same mirror in both cases, then leave the
# 'lxc_hosts_opensuse_mirror_obs_url' to its default value.
lxc_hosts_opensuse_mirror_url: "{{ opensuse_mirror | default('http://download.opensuse.org') }}"
lxc_hosts_opensuse_mirror_obs_url: "{{ lxc_hosts_opensuse_mirror_url }}"
## A list of 'legacy' lxc configuration keys and their corresponding new
## keys. Use this map to substitute keys suitable for other/newer lxc versions
lxc_template_config_key_mapping:
3:
fstab: lxc.mount.fstab
rootfs: lxc.rootfs.path
rootfs_backend: lxc.rootfs.backend
uts_name: lxc.uts.name
2:
fstab: lxc.mount.fstab
rootfs: lxc.rootfs
rootfs_backend: lxc.rootfs.backend
uts_name: lxc.utsname
Dependencies¶
This role needs pip >= 7.1 installed on the target host.
Example playbook¶
---
- name: Basic LXC host setup
hosts: "hosts"
user: root
roles:
- { role: "lxc_hosts" }