From 3a1a7a19aa102a462ef8f562bb5f57d3bcdf36cf Mon Sep 17 00:00:00 2001 From: Noms Date: Fri, 3 Mar 2023 12:28:14 -0500 Subject: [PATCH] Fix LXC container implementations (#231) * Need to become to reboot * Fix rc.local insertion of script * Fix syntax Add new line to lxc.yml * Remove need to set fact * Add reset for LXC container config * Fix syntax Its always the newlines.. * remove fact setting from reset task We should mirror the deployment task * Proxmox LXC reset functions * Handle if rc.local already has data * Dont compare literal * Cleanup Erroneous newline * Handle rc.local not present on a hybrid cluster * Update roles/reset/tasks/main.yml Co-authored-by: Simon Leiner * Update roles/lxc/tasks/main.yml Co-authored-by: Simon Leiner --------- Co-authored-by: Techno Tim Co-authored-by: Simon Leiner --- reset.yml | 8 ++++ roles/lxc/handlers/main.yml | 1 + roles/lxc/tasks/main.yml | 22 ++++++++-- roles/reset/tasks/main.yml | 28 ++++++++++++ roles/reset_proxmox_lxc/handlers/main.yml | 5 +++ roles/reset_proxmox_lxc/tasks/main.yml | 53 +++++++++++++++++++++++ site.yml | 1 + scripts/rc.local => templates/rc.local.j2 | 2 - 8 files changed, 114 insertions(+), 6 deletions(-) create mode 100644 roles/reset_proxmox_lxc/handlers/main.yml create mode 100644 roles/reset_proxmox_lxc/tasks/main.yml rename scripts/rc.local => templates/rc.local.j2 (95%) diff --git a/reset.yml b/reset.yml index 18846bb95..2cf6efbd9 100644 --- a/reset.yml +++ b/reset.yml @@ -13,3 +13,11 @@ become: true reboot: reboot_timeout: 3600 + +- hosts: proxmox + gather_facts: true + become: yes + remote_user: "{{ proxmox_lxc_ssh_user }}" + roles: + - role: reset_proxmox_lxc + when: proxmox_lxc_configure diff --git a/roles/lxc/handlers/main.yml b/roles/lxc/handlers/main.yml index 1bba5c881..20013cc54 100644 --- a/roles/lxc/handlers/main.yml +++ b/roles/lxc/handlers/main.yml @@ -1,3 +1,4 @@ --- - name: reboot server + become: true reboot: diff --git a/roles/lxc/tasks/main.yml b/roles/lxc/tasks/main.yml index d47200a51..5a792a4fc 100644 --- a/roles/lxc/tasks/main.yml +++ b/roles/lxc/tasks/main.yml @@ -1,7 +1,21 @@ --- -- name: configure rc.local for proxmox lxc containers - copy: - src: "{{ playbook_dir }}/scripts/rc.local" - dest: "/etc/rc.local" +- name: Check for rc.local file + stat: + path: /etc/rc.local + register: rcfile + +- name: Create rc.local if needed + lineinfile: + path: /etc/rc.local + line: "#!/bin/sh -e" + create: true + insertbefore: BOF mode: "u=rwx,g=rx,o=rx" + when: not rcfile.stat.exists + +- name: Write rc.local file + blockinfile: + path: /etc/rc.local + content: "{{ lookup('template', 'templates/rc.local.j2') }}" + state: present notify: reboot server diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index 537839d48..b9cdd6ed8 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -54,3 +54,31 @@ file: path: /tmp/k3s state: absent + +- name: Check if rc.local exists + stat: + path: /etc/rc.local + register: rcfile + +- name: Remove rc.local modifications for proxmox lxc containers + become: true + blockinfile: + path: /etc/rc.local + content: "{{ lookup('template', 'templates/rc.local.j2') }}" + create: false + state: absent + when: proxmox_lxc_configure and rclocal.stat.exists + +- name: Check rc.local for cleanup + become: true + slurp: + src: /etc/rc.local + register: rcslurp + when: proxmox_lxc_configure and rclocal.stat.exists + +- name: Cleanup rc.local if we only have a Shebang line + become: true + file: + path: /etc/rc.local + state: absent + when: proxmox_lxc_configure and rclocal.stat.exists and ((rcslurp.content | b64decode).splitlines() | length) <= 1 diff --git a/roles/reset_proxmox_lxc/handlers/main.yml b/roles/reset_proxmox_lxc/handlers/main.yml new file mode 100644 index 000000000..9b99cb2f5 --- /dev/null +++ b/roles/reset_proxmox_lxc/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: reboot containers + command: + "pct reboot {{ item }}" + loop: "{{ proxmox_lxc_filtered_ids }}" diff --git a/roles/reset_proxmox_lxc/tasks/main.yml b/roles/reset_proxmox_lxc/tasks/main.yml new file mode 100644 index 000000000..d9f402d98 --- /dev/null +++ b/roles/reset_proxmox_lxc/tasks/main.yml @@ -0,0 +1,53 @@ +--- +- name: check for container files that exist on this host + stat: + path: "/etc/pve/lxc/{{ item }}.conf" + loop: "{{ proxmox_lxc_ct_ids }}" + register: stat_results + +- name: filter out files that do not exist + set_fact: + proxmox_lxc_filtered_files: + '{{ stat_results.results | rejectattr("stat.exists", "false") | map(attribute="stat.path") }}' + +# used for the reboot handler +- name: get container ids from filtered files + set_fact: + proxmox_lxc_filtered_ids: + '{{ proxmox_lxc_filtered_files | map("split", "/") | map("last") | map("split", ".") | map("first") }}' + +- name: Remove LXC apparmor profile + lineinfile: + dest: "{{ item }}" + regexp: "^lxc.apparmor.profile" + line: "lxc.apparmor.profile: unconfined" + state: absent + loop: "{{ proxmox_lxc_filtered_files }}" + notify: reboot containers + +- name: Remove lxc cgroups + lineinfile: + dest: "{{ item }}" + regexp: "^lxc.cgroup.devices.allow" + line: "lxc.cgroup.devices.allow: a" + state: absent + loop: "{{ proxmox_lxc_filtered_files }}" + notify: reboot containers + +- name: Remove lxc cap drop + lineinfile: + dest: "{{ item }}" + regexp: "^lxc.cap.drop" + line: "lxc.cap.drop: " + state: absent + loop: "{{ proxmox_lxc_filtered_files }}" + notify: reboot containers + +- name: Remove lxc mounts + lineinfile: + dest: "{{ item }}" + regexp: "^lxc.mount.auto" + line: 'lxc.mount.auto: "proc:rw sys:rw"' + state: absent + loop: "{{ proxmox_lxc_filtered_files }}" + notify: reboot containers diff --git a/site.yml b/site.yml index f6f0b092c..d8e4325fa 100644 --- a/site.yml +++ b/site.yml @@ -12,6 +12,7 @@ gather_facts: yes roles: - role: lxc + become: true when: proxmox_lxc_configure - role: prereq become: true diff --git a/scripts/rc.local b/templates/rc.local.j2 similarity index 95% rename from scripts/rc.local rename to templates/rc.local.j2 index daa6c7782..16ca666ea 100644 --- a/scripts/rc.local +++ b/templates/rc.local.j2 @@ -1,5 +1,3 @@ -#!/bin/sh -e - # Kubeadm 1.15 needs /dev/kmsg to be there, but it's not in lxc, but we can just use /dev/console instead # see: https://github.com/kubernetes-sigs/kind/issues/662 if [ ! -e /dev/kmsg ]; then