openstack/openstack-ansible-lxc_hosts
Code Issues Proposed changes
Files
42545f1c3c7b41ee4db8b55024cfa39a50eb06ab
openstack-ansible-lxc_hosts/defaults/main.yml
Kevin Carter 42545f1c3c Use machinectl to manage image caches 
This change modifies the LXC image cache system to use machine control,
which is part of systemd, to manage images for us. This will give us
insight into the cached images which we had not had before all through
the `machinectl` cli utility. This change also modifies the image fetch
process allowing it to be faster and more transparent to the enduser.
Part of the slowness in image fetching and caching is that it happens on
every run even if it's not needed. This change will now check the cache
expiry and state of the image within `machinectl` and only run the cache
update when needed or instructed to do so.

Documentation on what can be done with the `machinectl` CLI utility can
be found here:
* https://www.freedesktop.org/software/systemd/man/machinectl.html

Change-Id: Ic7f8bf400ec5781b4be67539bc6c1523069d0ab2
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2017-04-15 05:33:10 +00:00

158 lines
6.2 KiB
YAML
Raw Blame History

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Environment to use when building LXC caches
# You can set http_proxy environment variables here for example
# if you would like to proxy all image downloads
lxc_cache_environment: {}
# Set the package install state for distribution and pip packages
# Options are 'present' and 'latest'
lxc_hosts_package_state: "latest"
lxc_hosts_pip_package_state: "latest"
# Mappings from Ansible reported architecture to distro release architecture
lxc_architecture_mapping:
x86_64: amd64
ppc64le: ppc64el
# lxc container rootfs directory and cache path
lxc_container_directory: "/var/lib/lxc"
lxc_container_cache_path: "/var/cache/lxc/download"
# The container backing store can be set to 'overlayfs' to use overlayfs
# This should only be done for production use with a linux kernel > 3.14
# which is when overlayfs was merged into the mainline kernel
# lxc_container_backing_store: overlayfs
# The container backing method can be set to 'copy-on-write' to use LVM
# snapshot-backed containers when the container backing store is set to
# 'lvm'.
# lxc_container_backing_method: copy-on-write
# When using a base container to snapshot from for the overlayfs or LVM
# copy-on-write backing stored, the base container can be set.
lxc_container_base_name: "{{ lxc_cache_map.distro }}-{{ lxc_cache_map.release }}-{{ lxc_cache_map.arch }}"
# lxc container net network
lxc_net_bridge: lxcbr0
lxc_net_bridge_port: none
lxc_net_address: 10.0.3.1
lxc_net_netmask: 255.255.255.0
lxc_net_gateway: null ## if null, no gateway will be on the LXC bridge. lxc_net_nat must be "false" to use a gateway.
#lxc_net_mtu: 1500 ##setting this variable will add mtu configuration for the lxc config and network bridge
# lxc container nat enabled
lxc_net_nat: true ## If "true", nat rules will be created with the lxc network.
# Enable iptables for lxc network
lxc_net_manage_iptables: true ## If "true" iptables rules will be added when the bridge is up and deleted when bridge is down
# lxc container dhcp settings
lxc_net_dhcp_range: 10.0.3.2,10.0.3.253
lxc_net_dhcp_max: 253
lxc_net_dhcp_config: ''
lxc_net_dnsmasq_user: lxc-dnsmasq
lxc_net_domain: ''
# lxc network ipv6 settings
lxc_net6_address: null ## ie. fd05:ffb8:32b4:1212::1
lxc_net6_netmask: null ## ie. 64
lxc_net6_nat: false
# lxc_container_net_link variable should be set to the lxc-net bridge.
lxc_container_net_link: "{{ lxc_net_bridge }}" ## name of the host bridge to attach to
lxc_container_net_type: veth ## lxc network interface type (veth, phys, vlan, macvlan, empty)
lxc_container_net_name: eth0 ## name of the interface inside the container.
# System control kernel tuning
lxc_kernel_options:
- { key: 'fs.inotify.max_user_instances', value: 1024 }
lxc_pip_packages:
- lxc-python2
lxc_cache_sshd_configuration:
- { regexp: "^PermitRootLogin", line: "PermitRootLogin yes" }
- { regexp: "^TCPKeepAlive", line: "TCPKeepAlive yes" }
- { regexp: "^UseDNS", line: "UseDNS no" }
- { regexp: "^X11Forwarding", line: "X11Forwarding no" }
- { regexp: "^PasswordAuthentication", line: "PasswordAuthentication no" }
# The compression ratio used when creating the container cache rootfs archive
lxc_image_compression_ratio: 0
# A list of files may be copied into the container image cache during its preparation.
# Example:
# lxc_container_cache_files:
# - src: "/etc/openstack_deploy/files/etc/issue"
# dest: "/etc/issue"
lxc_container_cache_files: []
# DNS servers to use during cache preparation
lxc_cache_prep_dns:
- "{{ lxc_net_address }}"
# Custom shell commands to run before/after the LXC cache prep process has taken
# place.
lxc_cache_prep_pre_commands: '## pre command skipped ##'
lxc_cache_prep_post_commands: '## post command skipped ##'
# The DNS name of the LXD server to source the base container cache from
lxc_image_cache_server: https://images.linuxcontainers.org
# Path to images on server
lxc_image_cache_server_path: "{{ lxc_image_cache_server }}/images/{{ lxc_cache_map.distro }}/{{ lxc_cache_map.release }}/{{ lxc_cache_map.arch }}/{{ lxc_cache_map.variant }}/"
# Local path to cached image
lxc_image_cache_path: "/var/lib/machines/{{ lxc_container_base_name }}"
# Mode to pull image. This is used to pull the image from a remote source.
# Valid options are [pull-tar, pull-raw]
lxc_image_cache_pull_mode: pull-tar
# Set this option to true to pull a new cached image.
lxc_image_cache_refresh: false
# The keyservers to use when validating GPG keys for the downloaded cache
lxc_image_cache_primary_keyserver: hkp://p80.pool.sks-keyservers.net:80
lxc_image_cache_secondary_keyserver: hkp://keyserver.ubuntu.com:80
## Default download template options
## This can be customized to use a local build server and options.
## By default these options will be fulfilled by the distro specific
## variable files found in vars/
# lxc_cache_download_template_options: >
# --dist NAME_OF_DISTRO
# --release DISTRO_RELEASE
# --arch CONTAINER_ARCH
# --force-cache
# --server SERVER_TO_GET_IMAGES_FROM
lxc_cache_default_variant: default
lxc_cache_download_template_extra_options: ""
lxc_cache_download_template_options: >
--dist {{ lxc_cache_map.distro }}
--release {{ lxc_cache_map.release }}
--arch {{ lxc_cache_map.arch }}
--force-cache
--server {{ lxc_image_cache_server }}
--variant {{ lxc_cache_default_variant }}
{{ lxc_cache_download_template_extra_options }}
# LXC must be installed from a COPR repository on CentOS 7 since the version
# provided in EPEL is much too old (1.x).
lxc_centos_package_baseurl: https://copr-be.cloud.fedoraproject.org/results/thm/lxc2.0/epel-7-x86_64/
lxc_centos_package_key: https://copr-be.cloud.fedoraproject.org/results/thm/lxc2.0/pubkey.gpg
View Git Blame Copy Permalink