OpenStack-Ansible nspawn hosts

Ansible role that configures a host for running nspawn containers.

To clone or view the source code for this repository, visit the role repository for nspawn_hosts.

Default variables

# === systemd-nspawn defaults ==================================================
# Default networks that will be applied ONLY to nspwan deployments.
nspawn_networks:
  nspawn_address:
    # The name of the interface, by default this is a dummy device on a private
    # network however it could be a bridge or any other interface.
    bridge: "nspawn0"
    # Optional | Set bool to enable a private device. This will create a bridge
    #            not connecting to the underlying L2.
    private_device: true
    # Optional | Enable or disable dhcp on this network
    enable_dhcp: true
    # Optional | When dhcp is enabled set the IP address range
    dhcp_range: 10.0.4.2,10.0.4.129
    # Optional | Set the address for the macvlan network
    address: 10.0.4.1
    # Optional | Set the netmask for the macvlan network
    netmask: 255.255.255.0
    # Optional | Set the macvlan mode
    macvlan_mode: bridge
    # Optional | set the routed interface
    routed_interface: mv-nspawn0
    # Optional | Force address space to be scoped to only the host
    host_only: true

# Primary interface used for host to container communications. In the event that
# the underlying system is running a condensed network stack a route will be
# created for all networks that have a defined `cidr` using the primary
# interface. In the event that an address is defined for a given network Ansible
# facts will be used to determine if an address needs to be assigned to the
# macvlan interface.
#
# + simple example:
#   management_cidr: "172.29.236.0/24"
#   container_networks:
#     management_address:
#       bridge: eth0
#
# In this example the `managemen_cidr` corresponds to the `management_address`
# network and because there's no IP address within the address block a route is
# used allowing the host to communicate with the containers. For the route to be
# added using any network, the network must have a corresponding CIDR with no
# defined address.
#
# Multiple macvlans can be spawned from a single host interface.
# + simple example:
#   management_cidr: "172.29.236.0/24"
#   storage_cidr: "10.0.0.0/24"
#   flat_cidr: "172.29.239.0/24"
#   container_networks:
#     management_address:
#       bridge: eth0
#     storage_address:
#       bridge: eth0
#       address: 10.0.0.100
#       netmask: 255.255.255.0
#     tunnel_address:
#       bridge: eth0.10
#     flat_address:
#       bridge: eth0
#       interface: mv-flat
#       routed_interface: mv-flat
#
# Extra interfaces that are wholly configured by the user can be set using the
# container extra networks option. This option follows all of the parameters of
# both `container_networks` and `nspawn_networks`.
container_extra_networks: {}

# In this example management storage and tunnel networks will be created and
# attached to the containers.
#  + The management network will have a route created for its corresponding CIDR
#  + The storage network will have the defined address added to the macvlan
#    interface with `scope` set to `host`, assuming the address is not already
#    assigned to the underlying interface, "eth0".
#  + The tunnel network will be attached to the container and isolated from the
#    host with no access to without first attaching to the container.
#  + The flat network will be created and attached to the container with a host
#    route on the defined `routed_interface`.
#
nspawn_primary_interface: "{{ nspawn_networks['nspawn_address']['bridge'] }}"

# Used to define the default macvlan mode when not specifically defined within
# container_networks or nspawn_networks. See all available options here:
# https://www.freedesktop.org/software/systemd/man/systemd.netdev.html#%5BMACVLAN%5D%20Section%20Options
nspawn_macvlan_mode: bridge

# Set the default volume size. This is used when creating a loopback filesystem
# when "/var/lib/machines" is not already a mount point.
nspawn_host_machine_volume_size: 64G

# Enable or Disable the BTRFS quota system for the "/var/lib/machines" mount
# point. More information on the BTRFS quota system can be found here:
#  * https://btrfs.wiki.kernel.org/index.php/Quota_support
nspawn_host_machine_quota_disabled: false

# Set the default qgroup limits used for file system quotas. The default is
# "none". See the following documentation for more information:
#  * https://btrfs.wiki.kernel.org/index.php/Manpage/btrfs-qgroup
nspawn_host_qgroup_space_limit: none
nspawn_host_qgroup_compression_limit: none

# Boolean option to validate the certificates when fetching images. If using a
# self-signed certificate this should be se to "false".
nspawn_hosts_validate_certs: true

# Set the installation package state. Options are [latest, present, absent].
nspawn_hosts_package_state: "latest"

# Default base image to build containers from. This setting, by default, is
# derived from the host machine OS. If a custome name is desirable this can be
# changed.
#   nspawn_container_base_name: "aio1_utility_container-67440f99"
nspawn_container_base_name: "{{ nspawn_cache_map.distro }}-{{ nspawn_cache_map.release }}-{{ nspawn_cache_map.arch }}"

# URL to image tarball
nspawn_hosts_container_image_url: "{{ _nspawn_hosts_container_image_url | default(null) }}"

# Enable or disable the legacy image download system.
nspawn_hosts_container_image_download_legacy: "{{ _nspawn_hosts_container_image_download_legacy | default(false) }}"

# Set the legacy image download variant
nspawn_cache_default_variant: "default"

# When preparing the image cache a deployer may want to run specific commands
# at the beginning of the cache prep or the end. These options provide for that
# capability. The commands are string formatted and will be interpreted
# literally.

# nspawn_cache_prep_pre_commands: |
#   echo "Run Special command 1"
#   echo "Run Special command 2"
nspawn_cache_prep_pre_commands: ""
nspawn_cache_prep_post_commands: ""

# If the image cache is stale or is in general need of replacement set this to
# True. The role, by default, will only update the image cache when required.
nspawn_image_cache_refresh: false

# The cache prep DNS may need to be changed based on the conditions within the
# deployment. Set this list to whatever is required to get access to the
# inter(intra)net within the deployment. The default is to use OpenDNS and fall
# back to google.
nspawn_cache_prep_dns:
  - "208.67.222.222"
  - "8.8.8.8"

# Set the cache map used when creating the container.
#  nspawn_cache_map:
#    distro: "$DISTRO_NAME"
#    arch: "{{ nspawn_architecture_mapping.get(ansible_architecture) }}"
#    release: "{{ hostvars[physical_host]['ansible_distribution_version'] }}"
nspawn_cache_map: "{{ _nspawn_cache_map | default({}) }}"

# Default list of files to copy from the host into the container when the
# default cache is created. This list is merged to create the list of files
# to copy into the container base image which is captured under the
# `nspawn_copy_from_host` option.

# NOTICE: With all of the copy options it should be noted that it's using rsync
#         within the task. If the target being copied is a "directory" the path
#         should end with a tailing slash.
nspawn_default_copy_from_host:
  - /etc/default/locale
  - /etc/environment
  - /etc/localtime
  - /etc/locale.conf
  - /etc/protocols

#  nspawn_copy_from_host:
#    - /etc/resolve.conf
#    - /etc/apt/sources.list
nspawn_copy_from_host: "{{ nspawn_default_copy_from_host | union(_nspawn_copy_from_host | default([])) }}"

# Default list of files to copy from the host into the container when the
# default cache is created. This list will be merged with the option
# "nspawn_copy_from_host". which allows a deployer to set additional files to
# be copied into the container on top of the system managed ones.
#  nspawn_container_cache_files_from_host:
#    - /etc/apt/apt.conf.d/
#    - /etc/apt/preferences.d/
nspawn_container_cache_files_from_host: []

# Default list of packages to install within the build container cache. These
# packages are installed first, before running anything else within the image.
#  nspawn_container_distro_required_packages:
#    - gnupg
nspawn_container_distro_required_packages: "{{ _nspawn_container_distro_required_packages | default([]) }}"

# Define a list of extra distribution packages to install into the container cache
nspawn_container_extra_distro_packages: []

# Default list of packages to install within the build container cache.
#  nspawn_container_distro_packages:
#    - curl
#    - tcpdump
nspawn_container_distro_packages: "{{ _nspawn_container_distro_packages | default([]) + nspawn_container_extra_distro_packages }}"

# Define a list of extra distribution packages to install onto the host
nspawn_hosts_extra_distro_packages: []

# Default list of packages to install on the physical host machine.
#  nspawn_hosts_distro_packages:
#    - bridge-utils
#    - btrfs-tools
nspawn_hosts_distro_packages: "{{ _nspawn_hosts_distro_packages | default([]) + nspawn_hosts_extra_distro_packages }}"


# === General container defaults ===============================================
# Default networks that will be applied ALL containerized deployments.
#  container_networks:
#    management_address:
#      address: "{{ ansible_host | default('localhost') }}"
#      netmask: "255.255.255.0"
#      bridge: "br-mgmt"
#      static_routes:
#        - cidr: 172.29.100.0/24
#          gateway: 172.29.100.100
container_networks: {}

Dependencies

This role needs pip >= 7.1 installed on the target host.

Example playbook

- name: Basic nspawn host setup
  hosts: "hosts"
  user: root
  roles:
    - { role: "nspawn_hosts" }