Switch all base images to be built locally rather than downloaded

This patch switches the debian/ubuntu OS to build their lxc base
images locally using debootstrap rather than download a pre-built
lxc image. This unifies the approach with Centos-8 which is already
building a local image using dnf.

The LXC cache prestage tasks are removed, and all variables
associated with the download of the lxc image are removed from
defaults/main.yml.

A new variable lxc_apt_mirror is introduced, which is passed to
debootstrap to provide the apt source that the container rootfs
should be built from.

Depends-On: https://review.opendev.org/786396
Change-Id: Ia5a62cee7ab493857df16f7ae906796d22ba616c

defaults/main.yml

@@ -13,9 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# Validate certificates when downloading LXC templates
-lxc_hosts_validate_certs: yes
-
 # Set the package install state for distribution packages
 # Options are 'present' and 'latest'
 lxc_hosts_package_state: "latest"
@@ -196,34 +193,15 @@ lxc_cache_distro_packages: "{{ _lxc_cache_distro_packages + lxc_cache_extra_dist
 # The value is specified in seconds, with the default being 20 minutes.
 lxc_cache_prep_timeout: "{{ _lxc_cache_prep_timeout | default(1200) }}"
 
-# Set the server to download LXC images from.
-lxc_image_cache_server_mirrors:
-  - https://images.linuxcontainers.org
-
-# URL for the image to build our containers
-lxc_hosts_container_image_url: "{{ _lxc_hosts_container_image_url | default('') }}"
-
-# Command to build a chroot for the container rootfs rather than download
-# Takes precedence over downloading a container image even if the download URLs are configured
+# Command to build a chroot for the container rootfs
 lxc_hosts_container_build_command: "{{ _lxc_hosts_container_build_command | default ('') }}"
 
-# If enabled the image will be fetched from the legacy [images.linuxcontainers.org].
-lxc_hosts_container_image_download_legacy: false
-
 # Local path to cached image
 lxc_image_cache_path: "/var/lib/machines/{{ lxc_container_base_name }}"
 
-# Mode to pull image. This is used to pull the image from a remote source.
-#  Valid options are [import-tar, import-raw]
-lxc_image_cache_pull_mode: "import-tar"
-
 # Set this option to true to pull a new cached image.
 lxc_image_cache_refresh: false
 
-# The keyservers to use when validating GPG keys for the downloaded cache
-lxc_image_cache_primary_keyserver: hkp://p80.pool.sks-keyservers.net:80
-lxc_image_cache_secondary_keyserver: hkp://keyserver.ubuntu.com:80
-
 ## Default download template options
 ##  This can be customized to use a local build server and options.
 ##  By default these options will be fulfilled by the distro specific
@@ -257,3 +235,4 @@ lxc_centos_epel_key: "{{ centos_epel_key | default('http://download.fedoraprojec
 lxc_centos_package_baseurl: "{{ _lxc_centos_package_baseurl }}"
 lxc_centos_package_key: "{{ _lxc_centos_package_key }}"
 
+lxc_apt_mirror: "{{ ansible_facts['distribution'] == 'Ubuntu') | ternary('http://archive.ubuntu.com/ubuntu', 'http://deb.debian.org/debian') }}"

releasenotes/notes/lxc-image-local-build-c58b17050e343039.yaml

@@ -0,0 +1,11 @@
+---
+upgrade:
+  - |
+    All supported operating systems now build their LXC images locally on the
+    lxc container hosts rather than relying on external pre-built base images.
+    debootstrap and dnf are used on debian and Centos variants respectively.
+    All variables controlling the download of images have been removed from
+    the lxc_hosts role, and a new override, lxc_apt_mirror is added to allow
+    local mirrors to be specified for debootstrap. Centos systems will use
+    the mirror configuration already present on the host when building
+    the container rootfs with dnf.

tasks/lxc_cache.yml

@@ -36,6 +36,12 @@
   tags:
     - always
 
+- include_tasks: lxc_cache_rootfs.yml
+  when:
+    - lxc_image_cache_refresh | bool
+  tags:
+    - lxc_hosts-config
+
 - include_tasks: lxc_cache_preparation.yml
   when:
     - lxc_image_cache_refresh | bool

tasks/lxc_cache_preparation.yml

@@ -13,8 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-- include_tasks: lxc_cache_preparation_simple.yml
-
 # NOTE(cloudnull): We're using rsync  and an if block because we've no means
 #                  to loop over a block. Re-evaluate this task when/if this is
 #                  merged https://github.com/ansible/ansible/issues/13262

tasks/lxc_cache_prestage.yml

@@ -1,82 +0,0 @@
----
-# Copyright 2017, Rackspace US, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- name: Legacy image url fetch
-  block:
-    - name: Create legacy image URL fetch
-      template:
-        src: "lxc-image-fetch-url.py.j2"
-        dest: "/usr/local/bin/lxc-image-fetch-url"
-        owner: "root"
-        group: "root"
-        mode: "0755"
-
-    - name: Fetch legacy container image url
-      command: "/usr/local/bin/lxc-image-fetch-url {{ lxc_cache_map.distro }} {{ lxc_cache_map.release }} {{ lxc_cache_map.arch }} {{ lxc_cache_default_variant }}"
-      register: legacy_image_url
-      retries: 3
-      delay: 1
-      until: legacy_image_url is success
-
-    - name: Set LXC cache fact(s) (legacy)
-      set_fact:
-        lxc_hosts_container_image_url: "{{ legacy_image_url.stdout.strip() }}"
-  when:
-    - lxc_hosts_container_image_download_legacy | bool
-
-- name: Determine lxc_hosts_container_image_url when it is not explicitly set
-  set_fact:
-    lxc_hosts_container_image_url: "{{ _lxc_hosts_container_image_url_base ~ '/' ~ lookup('url', _lxc_hosts_container_image_url_base ~ '/' ~ _lxc_hosts_container_image_checksum_file) | regex_findall(_lxc_hosts_container_image_checksum_regexp) | max }}"
-  register: image_url
-  retries: 3
-  delay: 1
-  until: image_url is success
-  when:
-    - lxc_hosts_container_image_url | length == 0
-    - _lxc_hosts_container_image_url_base is defined
-    - _lxc_hosts_container_image_checksum_file is defined
-    - _lxc_hosts_container_image_checksum_regexp is defined
-
-- name: Set LXC cache basename
-  set_fact:
-    cache_basename: "{{ lxc_hosts_container_image_url | basename }}"
-
-- name: Create aria2c output script
-  template:
-    src: aria2c-download-helper.sh.j2
-    dest: /usr/local/bin/aria2c-download-helper.sh
-    owner: "root"
-    group: "root"
-    mode: "0755"
-
-- name: Pre-stage the LXC image on the system
-  shell: >
-    aria2c
-    --max-connection-per-server=4
-    --allow-overwrite=true
-    --dir=/tmp
-    --out={{ cache_basename }}
-    --check-certificate={{ (lxc_hosts_validate_certs | bool) | lower }}
-    --follow-metalink=mem
-    --on-download-complete=/usr/local/bin/aria2c-download-helper.sh
-    {{ lxc_hosts_container_image_url }}
-    > /var/log/aria2c-image-prestage.log 2>&1
-  args:
-    warn: no
-  register: prestage_image
-  async: "{{ lxc_cache_prep_timeout | int // 5 }}"
-  poll: 0
-  tags:
-    - skip_ansible_lint

tasks/main.yml

@@ -62,14 +62,6 @@
   tags:
     - lxc_hosts-install
 
-# only prestage a downloaded image when not using a local command to build a chroot
-- include_tasks: lxc_cache_prestage.yml
-  when:
-    - lxc_hosts_container_build_command | length == 0
-  tags:
-    - always
-    - lxc_hosts-config
-
 - include_tasks: lxc_post_install.yml
   tags:
     - lxc_hosts-config

vars/debian.yml

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-_lxc_hosts_container_image_url: "https://github.com/debuerreotype/docker-debian-artifacts/raw/dist-{{ lxc_cache_map.arch }}/{{ ansible_facts['distribution_release'] }}/rootfs.tar.xz"
+_lxc_hosts_container_build_command: "debootstrap --variant minbase {{ ansible_facts['distribution_release'] }} /var/lib/machines/{{ lxc_container_base_name }} "
 
 _lxc_cache_map:
   distro: debian

vars/ubuntu-18.04.yml

@@ -13,9 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-_lxc_hosts_container_image_url_base: "http://cdimage.ubuntu.com/ubuntu-base/releases/18.04/release"
-_lxc_hosts_container_image_checksum_file: SHA256SUMS
-_lxc_hosts_container_image_checksum_regexp: "ubuntu-base-18.04.[0-9]-base-{{ lxc_cache_map.arch }}.tar.gz"
+_lxc_hosts_container_build_command: "debootstrap --variant minbase {{ ansible_facts['distribution_release'] }} /var/lib/machines/{{ lxc_container_base_name }} "
 
 _lxc_cache_map:
   distro: ubuntu

vars/ubuntu-20.04.yml

@@ -13,9 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-_lxc_hosts_container_image_url_base: "http://cdimage.ubuntu.com/ubuntu-base/releases/20.04/release"
-_lxc_hosts_container_image_checksum_file: SHA256SUMS
-_lxc_hosts_container_image_checksum_regexp: "ubuntu-base-20.04.[0-9]-base-{{ lxc_cache_map.arch }}.tar.gz"
+_lxc_hosts_container_build_command: "debootstrap --variant minbase {{ ansible_facts['distribution_release'] }} /var/lib/machines/{{ lxc_container_base_name }} "
 
 _lxc_cache_map:
   distro: ubuntu