From 791b9e813ed29c1187803c53ad46e369b24eaad4 Mon Sep 17 00:00:00 2001 From: Jonathan Rosser Date: Wed, 17 Feb 2021 13:48:13 +0000 Subject: [PATCH] Optionally build container image as a local chroot This change uses dnf to build the container image for Centos-8 using dnf locally rather than rely on an external image that is downloaded and unpacked. The existing image prestage commands are made conditional, and an operating system specific command can be provided via role variables to build a chroot in /var/lib/machines. During the transition from Centos-8 to Centos-8-Stream, the vars files are separated, with vars/redhat.yml covering Stream, and vars/centos-8.3.yml covering legcay Centos-8. In addition, the systemd-logind service is masked from the base image. This is masked in the previously downloaded container base image, so we ensure that the same is done for locally built chroots. Depends-On: I31880ca995735b737d33532eaa4c29be02523117 Depends-On: I74f02669b013b8580d3469a8ffe214d88cd0f525 Change-Id: I1ddfe36259610b25e86b69d64d1d7f32a56c0e4d --- defaults/main.yml | 4 ++ tasks/lxc_cache_preparation_simple.yml | 53 +++++++++------------- tasks/main.yml | 3 ++ templates/prep-scripts/centos_8_prep.sh.j2 | 4 ++ vars/centos-8.3.yml | 51 +++++++++++++++++++++ vars/redhat.yml | 13 +----- 6 files changed, 84 insertions(+), 44 deletions(-) create mode 100644 vars/centos-8.3.yml diff --git a/defaults/main.yml b/defaults/main.yml index 702a60ff..932b8dbd 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -203,6 +203,10 @@ lxc_image_cache_server_mirrors: # URL for the image to build our containers lxc_hosts_container_image_url: "{{ _lxc_hosts_container_image_url | default('') }}" +# Command to build a chroot for the container rootfs rather than download +# Takes precedence over downloading a container image even if the download URLs are configured +lxc_hosts_container_build_command: "{{ _lxc_hosts_container_build_command | default ('') }}" + # If enabled the image will be fetched from the legacy [images.linuxcontainers.org]. lxc_hosts_container_image_download_legacy: false diff --git a/tasks/lxc_cache_preparation_simple.yml b/tasks/lxc_cache_preparation_simple.yml index 69bb835f..df9d2158 100644 --- a/tasks/lxc_cache_preparation_simple.yml +++ b/tasks/lxc_cache_preparation_simple.yml @@ -64,37 +64,26 @@ state: directory register: create_new_dir -- name: Wait for base image download - async_status: - jid: "{{ prestage_image.ansible_job_id }}" - register: _lxc_prestage_image_result - until: _lxc_prestage_image_result.finished - delay: 5 - retries: "{{ lxc_cache_prep_timeout | int // 5 }}" - -- name: Unpack base image - unarchive: - src: "/tmp/{{ cache_basename }}" - dest: "/var/lib/machines/{{ lxc_container_base_name }}" - remote_src: yes - extra_opts: "{{ _lxc_hosts_unarchive_extra_opts | default(omit) }}" - when: create_new_dir is changed - -# NOTE(jrosser) Centos 8.3 images ships as a nested tar file, these tasks unpack and remove -# the inner tar file -- name: Unpack nested tar file - unarchive: - src: "/var/lib/machines/{{ lxc_container_base_name }}/{{ _lxc_hosts_nested_tar_file }}" - dest: "/var/lib/machines/{{ lxc_container_base_name }}" - remote_src: yes +- name: Tasks for image download when: - - create_new_dir is changed - - _lxc_hosts_nested_tar_file is defined + - lxc_hosts_container_build_command | length == 0 + block: + - name: Wait for base image download + async_status: + jid: "{{ prestage_image.ansible_job_id }}" + register: _lxc_prestage_image_result + until: _lxc_prestage_image_result.finished + delay: 5 + retries: "{{ lxc_cache_prep_timeout | int // 5 }}" + + - name: Unpack base image + unarchive: + src: "/tmp/{{ cache_basename }}" + dest: "/var/lib/machines/{{ lxc_container_base_name }}" + remote_src: yes + when: create_new_dir is changed + +- name: Build the base image using a CLI tool + command: "{{ lxc_hosts_container_build_command }}" + when: lxc_hosts_container_build_command | length > 0 -- name: Remove nested tar file - file: - path: "/var/lib/machines/{{ lxc_container_base_name }}/{{ _lxc_hosts_nested_tar_file }}" - state: absent - when: - - create_new_dir is changed - - _lxc_hosts_nested_tar_file is defined diff --git a/tasks/main.yml b/tasks/main.yml index f4fcd3d9..6ef4c15d 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -62,7 +62,10 @@ tags: - lxc_hosts-install +# only prestage a downloaded image when not using a local command to build a chroot - include_tasks: lxc_cache_prestage.yml + when: + - lxc_hosts_container_build_command | length == 0 tags: - always - lxc_hosts-config diff --git a/templates/prep-scripts/centos_8_prep.sh.j2 b/templates/prep-scripts/centos_8_prep.sh.j2 index 3681d5ce..00ec437b 100644 --- a/templates/prep-scripts/centos_8_prep.sh.j2 +++ b/templates/prep-scripts/centos_8_prep.sh.j2 @@ -32,4 +32,8 @@ echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf systemctl enable systemd-networkd systemctl enable systemd-resolved +# Fully disable systemd-logind +systemctl disable systemd-logind +systemctl mask systemd-logind + {{ lxc_cache_prep_post_commands }} diff --git a/vars/centos-8.3.yml b/vars/centos-8.3.yml new file mode 100644 index 00000000..94f22ea3 --- /dev/null +++ b/vars/centos-8.3.yml @@ -0,0 +1,51 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE(jrosser) this file is for temporary support of Centos-8 (NOT stream) during the transition to stream + +_lxc_hosts_container_build_command: "dnf --assumeyes --installroot=/var/lib/machines/{{ lxc_container_base_name }} install --setopt=install_weak_deps=False --nodocs rootfiles coreutils dnf centos-linux-repos --releasever=8" + +_lxc_cache_map: + distro: centos + arch: "{{ lxc_architecture_mapping.get( ansible_facts['architecture'] ) }}" + release: 8 + copy_from_host: + - /etc/default/locale + - /etc/environment + - /etc/localtime + - /etc/locale.conf + - /etc/protocols + - /etc/pki/rpm-gpg/ + - /etc/yum/pluginconf.d/fastestmirror.conf + - /etc/yum.repos.d/ + +_lxc_cache_prep_template: "prep-scripts/centos_8_prep.sh.j2" + +_lxc_cache_distro_packages: + - ca-certificates + - iputils + - openssh-server + - policycoreutils + - procps + - python3 + - python3-libs + - rsync # os_keystone runs serial=1 and uses rsync before the distro packages have been installed on all keystone targets + - setup + - sudo + - systemd + - systemd-networkd + - systemd-resolvd + - systemd-sysv + - tzdata diff --git a/vars/redhat.yml b/vars/redhat.yml index 7cac309b..a4d3d016 100644 --- a/vars/redhat.yml +++ b/vars/redhat.yml @@ -13,18 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -_lxc_hosts_container_image_url: "https://cloud.centos.org/centos/8/x86_64/images/CentOS-8-Container-8.3.2011-20201204.2.x86_64.tar.xz" - -# the Centos 8.3 image contains a tar file inside the downloaded tar -_lxc_hosts_nested_tar_file: "layer.tar" - -# layer.tar is in a subdirectory named with a numerical hash, we must descend -# into that directory without knowing it's name, and extract just the inner -# tar file -_lxc_hosts_unarchive_extra_opts: - - --strip-components=1 - - --no-anchored - - "{{ _lxc_hosts_nested_tar_file }}" +_lxc_hosts_container_build_command: "dnf --assumeyes --installroot=/var/lib/machines/{{ lxc_container_base_name }} install --setopt=install_weak_deps=False --nodocs rootfiles coreutils dnf centos-stream-release centos-stream-repos --releasever=8" _lxc_cache_map: distro: centos