Fix multiple bugs in lxc role after testing
This commit is contained in:
parent
9aec7c8891
commit
8ed1aaf160
|
@ -10,7 +10,7 @@ Everything is in the `tasks/main.yml` file.
|
||||||
|
|
||||||
Here is the list of available variables:
|
Here is the list of available variables:
|
||||||
|
|
||||||
* `lxc_unprivilegied_containers`: should LXC containers run in unprivilegied (non root) mode? Default: `true`
|
* `lxc_unprivilegied_containers`: should LXC containers run in unprivilegied (non root) mode? Currently `lxc_unprivilegied_containers: true` does not work. Default: `false`
|
||||||
* `lxc_network_type`: network type to use. See lxc.container.conf(5). Default: `"none"`
|
* `lxc_network_type`: network type to use. See lxc.container.conf(5). Default: `"none"`
|
||||||
* `lxc_mount_part`: partition to bind mount into containers. Default: `"/home"`
|
* `lxc_mount_part`: partition to bind mount into containers. Default: `"/home"`
|
||||||
* `lxc_containers`: list of LXC containers to create. Default: `[]` (empty).
|
* `lxc_containers`: list of LXC containers to create. Default: `[]` (empty).
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
# Should LXC containers run in unprivilegied (non root) mode?
|
# Should LXC containers run in unprivilegied (non root) mode?
|
||||||
lxc_unprivilegied_containers: true
|
lxc_unprivilegied_containers: false
|
||||||
|
|
||||||
# Network type to use. See lxc.container.conf(5).
|
# Network type to use. See lxc.container.conf(5).
|
||||||
lxc_network_type: "none"
|
lxc_network_type: "none"
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
---
|
---
|
||||||
- name: Check if container exists
|
- name: Check if container exists
|
||||||
command: "lxc-ls {{name}}"
|
command: "lxc-ls {{name}}"
|
||||||
|
changed_when: false
|
||||||
register: container_exists
|
register: container_exists
|
||||||
|
|
||||||
- name: Create container
|
- name: Create container
|
||||||
|
@ -18,7 +19,7 @@
|
||||||
lineinfile:
|
lineinfile:
|
||||||
name: "/var/lib/lxc/{{name}}/rootfs/etc/default/halt"
|
name: "/var/lib/lxc/{{name}}/rootfs/etc/default/halt"
|
||||||
line: "NETDOWN=no"
|
line: "NETDOWN=no"
|
||||||
when: lxc_network_type == "none"
|
when: lxc_network_type == "none" and release != "stretch"
|
||||||
|
|
||||||
- name: Make the container poweroff on SIGPWR (sent by lxc-stop) on jessie
|
- name: Make the container poweroff on SIGPWR (sent by lxc-stop) on jessie
|
||||||
file:
|
file:
|
||||||
|
@ -35,18 +36,18 @@
|
||||||
name: "/var/lib/lxc/{{name}}/rootfs/etc/hosts"
|
name: "/var/lib/lxc/{{name}}/rootfs/etc/hosts"
|
||||||
line: "127.0.0.1 {{name}}"
|
line: "127.0.0.1 {{name}}"
|
||||||
|
|
||||||
# Still needed?
|
|
||||||
- name: Fix permission on /dev
|
- name: Fix permission on /dev
|
||||||
lineinfile:
|
lineinfile:
|
||||||
name: "/var/lib/lxc/{{name}}/rootfs/etc/rc.local"
|
name: "/var/lib/lxc/{{name}}/rootfs/etc/rc.local"
|
||||||
line: "chmod 755 /dev"
|
line: "chmod 755 /dev"
|
||||||
insertbefore: "^exit 0$"
|
insertbefore: "^exit 0$"
|
||||||
|
when: release != 'stretch'
|
||||||
|
|
||||||
- name: Check if container is running
|
- name: Check if container is running
|
||||||
command: "lxc-ls --running {{name}}"
|
command: "lxc-ls --running {{name}}"
|
||||||
|
changed_when: false
|
||||||
register: container_running
|
register: container_running
|
||||||
|
|
||||||
- name: "Start {{name}} container"
|
- name: "Start {{name}} container"
|
||||||
command: "lxc-start -dn {{name}}"
|
command: "lxc-start -dn {{name}}"
|
||||||
when: container_running.stdout_lines == []
|
when: container_running.stdout_lines == []
|
||||||
|
|
||||||
|
|
|
@ -10,12 +10,15 @@
|
||||||
|
|
||||||
- name: Check if root has subuids
|
- name: Check if root has subuids
|
||||||
command: grep '^root:100000:10000$' /etc/subuid
|
command: grep '^root:100000:10000$' /etc/subuid
|
||||||
|
failed_when: false
|
||||||
|
changed_when: false
|
||||||
register: root_subuids
|
register: root_subuids
|
||||||
|
when: lxc_unprivilegied_containers
|
||||||
|
|
||||||
- name: Add subuid and subgid ranges to root
|
- name: Add subuid and subgid ranges to root
|
||||||
command: usermod -v 100000-199999 -w 100000-109999 root
|
command: usermod -v 100000-199999 -w 100000-109999 root
|
||||||
when: not root_subuids.rc
|
when: lxc_unprivilegied_containers and root_subuids.rc
|
||||||
|
|
||||||
- name: Create containers
|
- name: Create containers
|
||||||
include: "create-container.yml name={{item.name}} release={{item.release}}"
|
include: "create-container.yml name={{item.name}} release={{item.release}}"
|
||||||
with_items: lxc_containers
|
with_items: "{{lxc_containers}}"
|
||||||
|
|
|
@ -20,3 +20,6 @@ lxc.tty = 1
|
||||||
|
|
||||||
# Run 64bits containers
|
# Run 64bits containers
|
||||||
lxc.arch = x86_64
|
lxc.arch = x86_64
|
||||||
|
|
||||||
|
# Start containers on boot by default
|
||||||
|
lxc.start.auto = 1
|
||||||
|
|
Loading…
Reference in New Issue