debops / ansible-lxc Goto Github PK

Configure and manage LXC environment on a host

License: GNU General Public License v3.0

Shell 100.00%

ansible-lxc's Introduction

lxc

You can use the debops.lxc role to create and manage Linux Containers with different configurations. These containers can be used on an external interface (DHCP server is recommended) or on an internal NAT interface (network can be configured by a specific play in DebOps, using the roles debops.dnsmasq and debops.ifupdown).

Installation

This role requires at least Ansible v1.7.0. To install it, run:

ansible-galaxy install debops.lxc

Documentation

More information about debops.lxc can be found in the official debops.lxc documentation.

Are you using this as a standalone role without DebOps?

You may need to include missing roles from the DebOps common playbook into your playbook.

Try DebOps now for a complete solution to run your Debian-based infrastructure.

Authors and license

Maciej Delmanowski (maintainer) | e-mail | Twitter | GitHub
Robin Schneider | e-mail | GitHub

License: GPL-3.0

This role is part of DebOps. README generated by ansigenome.

ansible-lxc's People

Contributors

Stargazers

Watchers

Forkers

drybjed cocoy benalbrecht ypid petzah muelli tropel chekolyn tuxcoder elmergonzalezb

ansible-lxc's Issues

link to documentation 404s

The readme file links to https://docs.debops.org/en/latest/ansible/roles/ansible-lxc/docs/ which currently 404s.

debops lxd ?

any thoughts on debops lxd ?

there is a stub there
ser/debops-lxd#1

its looking like the Debian LXD port is almost done

https://wiki.debian.org/LXD
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768073

Jessie container with systemd fails to start with DebOps default configuration

Altough this was already discussed in IRC I allow myself to open an issue to track the problem and progress with this issue.

Starting position
Create Debian Jessie container on a Jessie LXC host with debops:

lxc_containers:
  - name: 'jessie01'
    template_options: '--release jessie'

This will install systemd by default.

Error
When trying to start the container, the following error appears:

# lxc-start -n jessie01
Failed to mount tmpfs at /dev/shm: Operation not permitted

Reason
'cap_sys_admin' is dropped in /var/lib/lxc/jessie01/config as defined in defaults/main.yml and therefore prevents systemd to mount some required file systems:

# List of default POSIX capabilities which should be dropped in all LXC containers
lxc_capabilities_drop: [ 'mknod', 'sys_admin', 'sys_rawio', 'syslog', 'wake_alarm' ]

Known Work-Arounds

Remove systemd from your Jessie installation. NOTE: lxc.autodev = 1 and lxc.kmesg = 0 must be removed from the container configuration to make this work.
Don't drop 'cap_sys_admin' in your container. This makes systemd to fully work without further
configuration. NOTE: This has a huge negative security impact.

Unsuccessful Work-Around
I also tried to drop 'cap_sys_admin' and make LXC mount the required file systems without systemd involvement. For this I added:

lxc.mount.entry = tmpfs dev/shm tmpfs nosuid,nodev 0 0
lxc.mount.entry = tmpfs run tmpfs nosuid,relatime 0 0
lxc.mount.entry = tmpfs run/lock tmpfs nosuid,nodev,noexec,relatime 0 0

Unfortunately this fails with the message that /run/lock doesn't exist:

lxc-start: No such file or directory - failed to mount 'tmpfs' on '/usr/lib/x86_64-linux-gnu/lxc/rootfs/run/lock'

Bugs

Debian #775067: preventing journald to forward messages to syslog in case 'cap_sys_admin' is dropped. This is only fixed in systemd_218-4 in experimental now.

As I could live with the mentioned systemd bug, I'm still trying to find a way to run it without 'cap_sys_admin'. The challenges then are:

Is there any configuration twist for LXC which would allow me to create the nested mount path /run/lock before actually mounting it?
Or is there a configuration option for systemd to not mount a separate file system for /run/lock?

If there are some other possible work-arounds or any hints regarding my open questions, please let me know. I'll update once I found out more

Convert to using ansible-modules-extras/cloud/lxc module

Recently a module was merged into ansible-modules-extras which provides a state-orientated way of building and managing lxc containers: ansible/ansible-modules-extras#123

It would be great if this role could be converted to use this module instead of using the current command format.

Debops template issues

I was wondering if anyone is having issues creating containers with the debops templates.
It seems that I can't create a container, looks like the issue is from debootstrap and failing to download the rootfs.

I'm able to create a debian container with the standard debian template but the templates differ from each other considerably.

root@frylab:~# lxc-create -t debops -n test01 -- -r jessie
debootstrap is /usr/sbin/debootstrap
Checking cache download in /var/cache/lxc/debian-debops/rootfs-jessie-amd64 ... 
Downloading debian minimal ...
I: Retrieving Release 
I: Retrieving Release.gpg 
I: Checking Release signature
I: Valid Release signature (key id 75DDC3C4A499F1A18CB5F3C8CBF8D6FD518E17E1)
I: Retrieving Packages 
I: Validating Packages 
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
I: Found additional required dependencies: acl adduser dmsetup insserv libaudit-common libaudit1 libbz2-1.0 libcap2 libcap2-bin libcryptsetup4 libdb5.3 libdebconfclient0 libdevmapper1.02.1 libgcrypt20 libgpg-error0 libkmod2 libncursesw5 libprocps3 libsemanage-common libsemanage1 libslang2 libsystemd0 libudev1 libustr-1.0-1 procps systemd systemd-sysv udev 
I: Found additional base dependencies: git-man gnupg gpgv init-system-helpers iproute2 isc-dhcp-common libapt-inst1.5 libapt-pkg4.12 libbsd0 libcurl3 libcurl3-gnutls libdns-export100 libedit2 liberror-perl libexpat1 libffi6 libgdbm3 libgmp10 libgnutls-deb0-28 libgnutls-openssl27 libgssapi-krb5-2 libhogweed2 libidn11 libirs-export91 libisc-export95 libisccfg-export90 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libldap-2.4-2 libnettle4 libp11-kit0 libpython-stdlib libpython2.7-minimal libpython2.7-stdlib libreadline6 librtmp1 libsasl2-2 libsasl2-modules-db libsqlite3-0 libssh2-1 libssl1.0.0 libstdc++6 libtasn1-6 libusb-0.1-4 libwrap0 mime-support openssh-client openssh-sftp-server perl perl-modules python-apt-common python-minimal python2.7 python2.7-minimal readline-common vim-common 
I: Checking component main on http://httpredir.debian.org/debian...
Failed to download the rootfs, aborting.
Failed to download 'debian base'
failed to install debian
lxc_container: container creation template for test01 failed
lxc_container: Error creating container test01
root@frylab:~# lxc-create -t debops -n test01 -- -r wheezy
debootstrap is /usr/sbin/debootstrap
Checking cache download in /var/cache/lxc/debian-debops/rootfs-wheezy-amd64 ... 
Downloading debian minimal ...
I: Retrieving Release 
I: Retrieving Release.gpg 
I: Checking Release signature
I: Valid Release signature (key id ED6D65271AACF0FF15D123036FB2A1C265FFB764)
I: Retrieving Packages 
I: Validating Packages 
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
I: Found additional required dependencies: insserv libbz2-1.0 libdb5.1 libsemanage-common libsemanage1 libslang2 libustr-1.0-1 
I: Found additional base dependencies: adduser git-man gnupg gpgv isc-dhcp-common libapt-inst1.5 libapt-pkg4.12 libbsd0 libclass-isa-perl libcurl3 libcurl3-gnutls libedit2 liberror-perl libexpat1 libgcrypt11 libgdbm3 libgnutls26 libgpg-error0 libgssapi-krb5-2 libidn11 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libldap-2.4-2 libncursesw5 libp11-kit0 libprocps0 libreadline6 librtmp0 libsasl2-2 libsqlite3-0 libssh2-1 libssl1.0.0 libstdc++6 libswitch-perl libtasn1-3 libusb-0.1-4 libwrap0 mime-support openssh-client perl perl-modules procps python-apt-common python-minimal python-support python2.7 python2.7-minimal readline-common vim-common 
I: Checking component main on http://httpredir.debian.org/debian...
Failed to download the rootfs, aborting.
Failed to download 'debian base'
failed to install debian
lxc_container: container creation template for test01 failed
lxc_container: Error creating container test01

debops / ansible-lxc Goto Github PK

ansible-lxc's Introduction

lxc

Installation

Documentation

Are you using this as a standalone role without DebOps?

Authors and license

ansible-lxc's People

Contributors

Stargazers

Watchers

Forkers

ansible-lxc's Issues

link to documentation 404s

debops lxd ?

Jessie container with systemd fails to start with DebOps default configuration

Convert to using ansible-modules-extras/cloud/lxc module

Debops template issues

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent