From 786c4fcf186f968d4d80de8a84e24d43d4190561 Mon Sep 17 00:00:00 2001 From: Jonathan Rosser Date: Thu, 4 Mar 2021 14:36:30 +0000 Subject: [PATCH] Switch all base images to be built locally rather than downloaded This patch switches the debian/ubuntu OS to build their lxc base images locally using debootstrap rather than download a pre-built lxc image. This unifies the approach with Centos-8 which is already building a local image using dnf. The LXC cache prestage tasks are removed, and all variables associated with the download of the lxc image are removed from defaults/main.yml. A new variable lxc_apt_mirror is introduced, which is passed to debootstrap to provide the apt source that the container rootfs should be built from. Depends-On: https://review.opendev.org/786396 Change-Id: Ia5a62cee7ab493857df16f7ae906796d22ba616c --- defaults/main.yml | 25 +----- ...xc-image-local-build-c58b17050e343039.yaml | 11 +++ tasks/lxc_cache.yml | 6 ++ tasks/lxc_cache_preparation.yml | 2 - tasks/lxc_cache_prestage.yml | 82 ------------------- ...ration_simple.yml => lxc_cache_rootfs.yml} | 0 tasks/main.yml | 8 -- vars/debian.yml | 2 +- vars/ubuntu-18.04.yml | 4 +- vars/ubuntu-20.04.yml | 4 +- 10 files changed, 22 insertions(+), 122 deletions(-) create mode 100644 releasenotes/notes/lxc-image-local-build-c58b17050e343039.yaml delete mode 100644 tasks/lxc_cache_prestage.yml rename tasks/{lxc_cache_preparation_simple.yml => lxc_cache_rootfs.yml} (100%) diff --git a/defaults/main.yml b/defaults/main.yml index 932b8dbd..5d915f48 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -13,9 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Validate certificates when downloading LXC templates -lxc_hosts_validate_certs: yes - # Set the package install state for distribution packages # Options are 'present' and 'latest' lxc_hosts_package_state: "latest" @@ -196,34 +193,15 @@ lxc_cache_distro_packages: "{{ _lxc_cache_distro_packages + lxc_cache_extra_dist # The value is specified in seconds, with the default being 20 minutes. lxc_cache_prep_timeout: "{{ _lxc_cache_prep_timeout | default(1200) }}" -# Set the server to download LXC images from. -lxc_image_cache_server_mirrors: - - https://images.linuxcontainers.org - -# URL for the image to build our containers -lxc_hosts_container_image_url: "{{ _lxc_hosts_container_image_url | default('') }}" - -# Command to build a chroot for the container rootfs rather than download -# Takes precedence over downloading a container image even if the download URLs are configured +# Command to build a chroot for the container rootfs lxc_hosts_container_build_command: "{{ _lxc_hosts_container_build_command | default ('') }}" -# If enabled the image will be fetched from the legacy [images.linuxcontainers.org]. -lxc_hosts_container_image_download_legacy: false - # Local path to cached image lxc_image_cache_path: "/var/lib/machines/{{ lxc_container_base_name }}" -# Mode to pull image. This is used to pull the image from a remote source. -# Valid options are [import-tar, import-raw] -lxc_image_cache_pull_mode: "import-tar" - # Set this option to true to pull a new cached image. lxc_image_cache_refresh: false -# The keyservers to use when validating GPG keys for the downloaded cache -lxc_image_cache_primary_keyserver: hkp://p80.pool.sks-keyservers.net:80 -lxc_image_cache_secondary_keyserver: hkp://keyserver.ubuntu.com:80 - ## Default download template options ## This can be customized to use a local build server and options. ## By default these options will be fulfilled by the distro specific @@ -257,3 +235,4 @@ lxc_centos_epel_key: "{{ centos_epel_key | default('http://download.fedoraprojec lxc_centos_package_baseurl: "{{ _lxc_centos_package_baseurl }}" lxc_centos_package_key: "{{ _lxc_centos_package_key }}" +lxc_apt_mirror: "{{ ansible_facts['distribution'] == 'Ubuntu') | ternary('http://archive.ubuntu.com/ubuntu', 'http://deb.debian.org/debian') }}" diff --git a/releasenotes/notes/lxc-image-local-build-c58b17050e343039.yaml b/releasenotes/notes/lxc-image-local-build-c58b17050e343039.yaml new file mode 100644 index 00000000..04515214 --- /dev/null +++ b/releasenotes/notes/lxc-image-local-build-c58b17050e343039.yaml @@ -0,0 +1,11 @@ +--- +upgrade: + - | + All supported operating systems now build their LXC images locally on the + lxc container hosts rather than relying on external pre-built base images. + debootstrap and dnf are used on debian and Centos variants respectively. + All variables controlling the download of images have been removed from + the lxc_hosts role, and a new override, lxc_apt_mirror is added to allow + local mirrors to be specified for debootstrap. Centos systems will use + the mirror configuration already present on the host when building + the container rootfs with dnf. diff --git a/tasks/lxc_cache.yml b/tasks/lxc_cache.yml index 0d046966..60be2f40 100644 --- a/tasks/lxc_cache.yml +++ b/tasks/lxc_cache.yml @@ -36,6 +36,12 @@ tags: - always +- include_tasks: lxc_cache_rootfs.yml + when: + - lxc_image_cache_refresh | bool + tags: + - lxc_hosts-config + - include_tasks: lxc_cache_preparation.yml when: - lxc_image_cache_refresh | bool diff --git a/tasks/lxc_cache_preparation.yml b/tasks/lxc_cache_preparation.yml index ae213da8..58d1751c 100644 --- a/tasks/lxc_cache_preparation.yml +++ b/tasks/lxc_cache_preparation.yml @@ -13,8 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -- include_tasks: lxc_cache_preparation_simple.yml - # NOTE(cloudnull): We're using rsync and an if block because we've no means # to loop over a block. Re-evaluate this task when/if this is # merged https://github.com/ansible/ansible/issues/13262 diff --git a/tasks/lxc_cache_prestage.yml b/tasks/lxc_cache_prestage.yml deleted file mode 100644 index 5ceb69b2..00000000 --- a/tasks/lxc_cache_prestage.yml +++ /dev/null @@ -1,82 +0,0 @@ ---- -# Copyright 2017, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Legacy image url fetch - block: - - name: Create legacy image URL fetch - template: - src: "lxc-image-fetch-url.py.j2" - dest: "/usr/local/bin/lxc-image-fetch-url" - owner: "root" - group: "root" - mode: "0755" - - - name: Fetch legacy container image url - command: "/usr/local/bin/lxc-image-fetch-url {{ lxc_cache_map.distro }} {{ lxc_cache_map.release }} {{ lxc_cache_map.arch }} {{ lxc_cache_default_variant }}" - register: legacy_image_url - retries: 3 - delay: 1 - until: legacy_image_url is success - - - name: Set LXC cache fact(s) (legacy) - set_fact: - lxc_hosts_container_image_url: "{{ legacy_image_url.stdout.strip() }}" - when: - - lxc_hosts_container_image_download_legacy | bool - -- name: Determine lxc_hosts_container_image_url when it is not explicitly set - set_fact: - lxc_hosts_container_image_url: "{{ _lxc_hosts_container_image_url_base ~ '/' ~ lookup('url', _lxc_hosts_container_image_url_base ~ '/' ~ _lxc_hosts_container_image_checksum_file) | regex_findall(_lxc_hosts_container_image_checksum_regexp) | max }}" - register: image_url - retries: 3 - delay: 1 - until: image_url is success - when: - - lxc_hosts_container_image_url | length == 0 - - _lxc_hosts_container_image_url_base is defined - - _lxc_hosts_container_image_checksum_file is defined - - _lxc_hosts_container_image_checksum_regexp is defined - -- name: Set LXC cache basename - set_fact: - cache_basename: "{{ lxc_hosts_container_image_url | basename }}" - -- name: Create aria2c output script - template: - src: aria2c-download-helper.sh.j2 - dest: /usr/local/bin/aria2c-download-helper.sh - owner: "root" - group: "root" - mode: "0755" - -- name: Pre-stage the LXC image on the system - shell: > - aria2c - --max-connection-per-server=4 - --allow-overwrite=true - --dir=/tmp - --out={{ cache_basename }} - --check-certificate={{ (lxc_hosts_validate_certs | bool) | lower }} - --follow-metalink=mem - --on-download-complete=/usr/local/bin/aria2c-download-helper.sh - {{ lxc_hosts_container_image_url }} - > /var/log/aria2c-image-prestage.log 2>&1 - args: - warn: no - register: prestage_image - async: "{{ lxc_cache_prep_timeout | int // 5 }}" - poll: 0 - tags: - - skip_ansible_lint diff --git a/tasks/lxc_cache_preparation_simple.yml b/tasks/lxc_cache_rootfs.yml similarity index 100% rename from tasks/lxc_cache_preparation_simple.yml rename to tasks/lxc_cache_rootfs.yml diff --git a/tasks/main.yml b/tasks/main.yml index 6ef4c15d..c27ada9b 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -62,14 +62,6 @@ tags: - lxc_hosts-install -# only prestage a downloaded image when not using a local command to build a chroot -- include_tasks: lxc_cache_prestage.yml - when: - - lxc_hosts_container_build_command | length == 0 - tags: - - always - - lxc_hosts-config - - include_tasks: lxc_post_install.yml tags: - lxc_hosts-config diff --git a/vars/debian.yml b/vars/debian.yml index 756023d4..91b3e5f1 100644 --- a/vars/debian.yml +++ b/vars/debian.yml @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -_lxc_hosts_container_image_url: "https://github.com/debuerreotype/docker-debian-artifacts/raw/dist-{{ lxc_cache_map.arch }}/{{ ansible_facts['distribution_release'] }}/rootfs.tar.xz" +_lxc_hosts_container_build_command: "debootstrap --variant minbase {{ ansible_facts['distribution_release'] }} /var/lib/machines/{{ lxc_container_base_name }} " _lxc_cache_map: distro: debian diff --git a/vars/ubuntu-18.04.yml b/vars/ubuntu-18.04.yml index 9e9b3181..c0ad3169 100644 --- a/vars/ubuntu-18.04.yml +++ b/vars/ubuntu-18.04.yml @@ -13,9 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -_lxc_hosts_container_image_url_base: "http://cdimage.ubuntu.com/ubuntu-base/releases/18.04/release" -_lxc_hosts_container_image_checksum_file: SHA256SUMS -_lxc_hosts_container_image_checksum_regexp: "ubuntu-base-18.04.[0-9]-base-{{ lxc_cache_map.arch }}.tar.gz" +_lxc_hosts_container_build_command: "debootstrap --variant minbase {{ ansible_facts['distribution_release'] }} /var/lib/machines/{{ lxc_container_base_name }} " _lxc_cache_map: distro: ubuntu diff --git a/vars/ubuntu-20.04.yml b/vars/ubuntu-20.04.yml index 63f0abfc..88f9026b 100644 --- a/vars/ubuntu-20.04.yml +++ b/vars/ubuntu-20.04.yml @@ -13,9 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -_lxc_hosts_container_image_url_base: "http://cdimage.ubuntu.com/ubuntu-base/releases/20.04/release" -_lxc_hosts_container_image_checksum_file: SHA256SUMS -_lxc_hosts_container_image_checksum_regexp: "ubuntu-base-20.04.[0-9]-base-{{ lxc_cache_map.arch }}.tar.gz" +_lxc_hosts_container_build_command: "debootstrap --variant minbase {{ ansible_facts['distribution_release'] }} /var/lib/machines/{{ lxc_container_base_name }} " _lxc_cache_map: distro: ubuntu