Optionally build container image as a local chroot

This change uses dnf to build the container image for Centos-8 using dnf locally rather than rely on an external image that is downloaded and unpacked. The existing image prestage commands are made conditional, and an operating system specific command can be provided via role variables to build a chroot in /var/lib/machines. During the transition from Centos-8 to Centos-8-Stream, the vars files are separated, with vars/redhat.yml covering Stream, and vars/centos-8.3.yml covering legcay Centos-8. In addition, the systemd-logind service is masked from the base image. This is masked in the previously downloaded container base image, so we ensure that the same is done for locally built chroots. Depends-On: I31880ca995735b737d33532eaa4c29be02523117 Depends-On: I74f02669b013b8580d3469a8ffe214d88cd0f525 Change-Id: I1ddfe36259610b25e86b69d64d1d7f32a56c0e4d
2021-02-17 13:48:13 +00:00 · 2021-02-17 13:48:13 +00:00 · 791b9e813e
commit 791b9e813e
parent f3bc93d1a3
6 changed files with 84 additions and 44 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -203,6 +203,10 @@ lxc_image_cache_server_mirrors:
 # URL for the image to build our containers
 lxc_hosts_container_image_url: "{{ _lxc_hosts_container_image_url | default('') }}"

+# Command to build a chroot for the container rootfs rather than download
+# Takes precedence over downloading a container image even if the download URLs are configured
+lxc_hosts_container_build_command: "{{ _lxc_hosts_container_build_command | default ('') }}"
+
 # If enabled the image will be fetched from the legacy [images.linuxcontainers.org].
 lxc_hosts_container_image_download_legacy: false

--- a/tasks/lxc_cache_preparation_simple.yml
+++ b/tasks/lxc_cache_preparation_simple.yml
@ -64,37 +64,26 @@
    state: directory
  register: create_new_dir

- name: Wait for base image download
-  async_status:
-    jid: "{{ prestage_image.ansible_job_id }}"
-  register: _lxc_prestage_image_result
-  until: _lxc_prestage_image_result.finished
-  delay: 5
-  retries: "{{ lxc_cache_prep_timeout | int // 5 }}"
-
- name: Unpack base image
-  unarchive:
-    src: "/tmp/{{ cache_basename }}"
-    dest: "/var/lib/machines/{{ lxc_container_base_name }}"
-    remote_src: yes
-    extra_opts: "{{ _lxc_hosts_unarchive_extra_opts | default(omit) }}"
-  when: create_new_dir is changed
-
-# NOTE(jrosser) Centos 8.3 images ships as a nested tar file, these tasks unpack and remove
-# the inner tar file
- name: Unpack nested tar file
-  unarchive:
-    src: "/var/lib/machines/{{ lxc_container_base_name }}/{{ _lxc_hosts_nested_tar_file }}"
-    dest: "/var/lib/machines/{{ lxc_container_base_name }}"
-    remote_src: yes
+- name: Tasks for image download
  when:
-    - create_new_dir is changed
-    - _lxc_hosts_nested_tar_file is defined
+    - lxc_hosts_container_build_command | length == 0
+  block:
+    - name: Wait for base image download
+      async_status:
+        jid: "{{ prestage_image.ansible_job_id }}"
+      register: _lxc_prestage_image_result
+      until: _lxc_prestage_image_result.finished
+      delay: 5
+      retries: "{{ lxc_cache_prep_timeout | int // 5 }}"
+
+    - name: Unpack base image
+      unarchive:
+        src: "/tmp/{{ cache_basename }}"
+        dest: "/var/lib/machines/{{ lxc_container_base_name }}"
+        remote_src: yes
+      when: create_new_dir is changed
+
+- name: Build the base image using a CLI tool
+  command: "{{ lxc_hosts_container_build_command }}"
+  when: lxc_hosts_container_build_command | length > 0

- name: Remove nested tar file
-  file:
-    path: "/var/lib/machines/{{ lxc_container_base_name }}/{{ _lxc_hosts_nested_tar_file }}"
-    state: absent
-  when:
-    - create_new_dir is changed
-    - _lxc_hosts_nested_tar_file is defined
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -62,7 +62,10 @@
  tags:
    - lxc_hosts-install

+# only prestage a downloaded image when not using a local command to build a chroot
 - include_tasks: lxc_cache_prestage.yml
+  when:
+    - lxc_hosts_container_build_command | length == 0
  tags:
    - always
    - lxc_hosts-config
--- a/templates/prep-scripts/centos_8_prep.sh.j2
+++ b/templates/prep-scripts/centos_8_prep.sh.j2
@ -32,4 +32,8 @@ echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf
 systemctl enable systemd-networkd
 systemctl enable systemd-resolved

+# Fully disable systemd-logind
+systemctl disable systemd-logind
+systemctl mask systemd-logind
+
 {{ lxc_cache_prep_post_commands }}
--- a/vars/centos-8.3.yml
+++ b/vars/centos-8.3.yml
@ -0,0 +1,51 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# NOTE(jrosser) this file is for temporary support of Centos-8 (NOT stream) during the transition to stream
+
+_lxc_hosts_container_build_command: "dnf --assumeyes --installroot=/var/lib/machines/{{ lxc_container_base_name }} install --setopt=install_weak_deps=False --nodocs rootfiles coreutils dnf centos-linux-repos --releasever=8"
+
+_lxc_cache_map:
+  distro: centos
+  arch: "{{ lxc_architecture_mapping.get( ansible_facts['architecture'] ) }}"
+  release: 8
+  copy_from_host:
+    - /etc/default/locale
+    - /etc/environment
+    - /etc/localtime
+    - /etc/locale.conf
+    - /etc/protocols
+    - /etc/pki/rpm-gpg/
+    - /etc/yum/pluginconf.d/fastestmirror.conf
+    - /etc/yum.repos.d/
+
+_lxc_cache_prep_template: "prep-scripts/centos_8_prep.sh.j2"
+
+_lxc_cache_distro_packages:
+  - ca-certificates
+  - iputils
+  - openssh-server
+  - policycoreutils
+  - procps
+  - python3
+  - python3-libs
+  - rsync              # os_keystone runs serial=1 and uses rsync before the distro packages have been installed on all keystone targets
+  - setup
+  - sudo
+  - systemd
+  - systemd-networkd
+  - systemd-resolvd
+  - systemd-sysv
+  - tzdata
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@ -13,18 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-_lxc_hosts_container_image_url: "https://cloud.centos.org/centos/8/x86_64/images/CentOS-8-Container-8.3.2011-20201204.2.x86_64.tar.xz"
-
-# the Centos 8.3 image contains a tar file inside the downloaded tar
-_lxc_hosts_nested_tar_file: "layer.tar"
-
-# layer.tar is in a subdirectory named with a numerical hash, we must descend
-# into that directory without knowing it's name, and extract just the inner
-# tar file
-_lxc_hosts_unarchive_extra_opts:
-  - --strip-components=1
-  - --no-anchored
-  - "{{ _lxc_hosts_nested_tar_file }}"
+_lxc_hosts_container_build_command: "dnf --assumeyes --installroot=/var/lib/machines/{{ lxc_container_base_name }} install --setopt=install_weak_deps=False --nodocs rootfiles coreutils dnf centos-stream-release centos-stream-repos --releasever=8"

 _lxc_cache_map:
  distro: centos