Skip to content

Instantly share code, notes, and snippets.

@cloudnull

cloudnull/build-containers.yml

Last active August 29, 2015 14:10
Show Gist options
  • Save cloudnull/d8e088da95f52dc7e908 to your computer and use it in GitHub Desktop.
Save cloudnull/d8e088da95f52dc7e908 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
build-containers.yml
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: containers-create.yml
- include: containers-setup.yml
Raw
containers-create.yml
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: all_containers
gather_facts: false
user: root
tasks:
- name: Check Container Bridge exists
file:
state: "file"
path: "/sys/class/net/{{ management_bridge }}/bridge/bridge_id"
delegate_to: "{{ physical_host }}"
- name: Check for lxc volume group
shell: (which vgs > /dev/null && vgs | grep -o "lxc") || false
register: vg_result
failed_when: false
changed_when: vg_result.rc != 0
delegate_to: "{{ physical_host }}"
- name: Create Container Local
lxc: >
name={{ container_name }}
template={{ container_template }}
config={{ container_config }}
command=create
state=running
template_options="
--release {{ container_release }}
"
when: vg_result.rc == 1
delegate_to: "{{ physical_host }}"
- name: Create Container LVM
lxc: >
name={{ container_name }}
template={{ container_template }}
config={{ container_config }}
command=create
state=running
bdev=lvm
lvname={{ container_name }}
vgname=lxc
fstype={{ container_lvm_fstype }}
fssize={{ container_lvm_fssize }}
template_options="
--release {{ container_release }}
"
when: vg_result.rc == 0
delegate_to: "{{ physical_host }}"
Raw
containers-setup.yml
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: all_containers
gather_facts: false
user: root
tasks:
- name: Obtain the Systems SSH-Key
set_fact:
container_ssh_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
delegate_to: "{{ physical_host }}"
- name: Fail when empty or non-existent SSH pub key
fail: msg="Failing - ~/.ssh/id_rsa.pub file doesn't exist or is empty"
when: container_ssh_key == ""
delegate_to: "{{ physical_host }}"
- name: Create Required local monitoring directories
file:
path: "{{ item }}"
state: "directory"
with_items:
- "/openstack/monitoring"
- "/openstack/backup/{{ container_name }}"
- "/openstack/log/{{ container_name }}"
delegate_to: "{{ physical_host }}"
- name: Basic Inner Container Setup
lxc:
name: "{{ container_name }}"
command: "attach"
container_command: |
mkdir -p ~/.ssh/
if [ ! -f "~/.ssh/authorized_keys" ];then
touch ~/.ssh/authorized_keys
fi
grep '{{ container_ssh_key }}' ~/.ssh/authorized_keys || echo '{{ container_ssh_key }}' | tee -a ~/.ssh/authorized_keys
# Create internal directories
mkdir -p /monitoring
mkdir -p /etc/network/interfaces.d
mkdir -p /var/backup
mkdir -p '/var/log/{{ service_name }}'
mkdir -p '/etc/{{ service_name }}'
sed -i 's/PermitRootLogin.*/PermitRootLogin\ yes/g' /etc/ssh/sshd_config
service ssh restart
apt-get update
apt-get -y install python2.7
rm /usr/bin/python
ln -s /usr/bin/python2.7 /usr/bin/python
echo -e '{{ default_interfaces }}' | tee /etc/network/interfaces
echo -e '{{ management_interface }}' | tee /etc/network/interfaces.d/management.cfg
delegate_to: "{{ physical_host }}"
- name: Ensure Required container config options
lxc:
name: "{{ container_name }}"
command: config
options:
- "lxc.mount.entry=/openstack/log/{{ container_name }} var/log/{{ service_name }} none defaults,bind,rw 0 0"
- "lxc.mount.entry=/openstack/backup/{{ container_name }} var/backup none defaults,bind,rw 0 0"
- "lxc.mount.entry=/openstack/monitoring monitoring none defaults,bind,rw 0 0"
state: running
delegate_to: "{{ physical_host }}"
vars:
default_interfaces: |
# The loopback network interface
auto lo
iface lo inet loopback
# LXC interface
auto eth0
iface eth0 inet dhcp
# Load any additional configs
source /etc/network/interfaces.d/*.cfg
management_interface: |
auto {{ container_network['container_interface'] }}
iface {{ container_network['container_interface'] }} inet static
address {{ container_address }}
netmask {{ container_network['container_netmask']|default(container_netmask) }}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment