sophia/ansible-infra
0
0
Fork 0
forked from CCCHH/ansible-infra
Code Pull requests Activity

Vendor Galaxy Roles and Collections

Browse source
This commit is contained in:
Stefan Bethke 2026-02-06 22:07:16 +01:00
commit 2aed20393f
3553 changed files with 387444 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

19
ansible_collections/debops/debops/roles/lxd/COPYRIGHT Normal file
View file

@ -0,0 +1,19 @@
debops.lxd - Configure and manage LXD service using Ansible
Copyright (C) 2019 Maciej Delmanowski <drybjed@gmail.com>
Copyright (C) 2019 DebOps <https://debops.org/>
SPDX-License-Identifier: GPL-3.0-only
This Ansible role is part of DebOps.
DebOps is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 3, as
published by the Free Software Foundation.
DebOps is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with DebOps. If not, see https://www.gnu.org/licenses/.

302
ansible_collections/debops/debops/roles/lxd/defaults/main.yml Normal file
View file

@ -0,0 +1,302 @@
---
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
# .. Copyright (C) 2019 Maciej Delmanowski <drybjed@gmail.com>
# .. Copyright (C) 2019 DebOps <https://debops.org/>
# .. SPDX-License-Identifier: GPL-3.0-only
# .. _lxd__ref_defaults:
# debops.lxd default variables
# ============================
# .. contents:: Sections
# :local:
#
# .. include:: ../../../../includes/global.rst
# Installation and packages [[[
# -----------------------------
# .. envvar:: lxd__upstream_enabled [[[
#
# Enable or disable installation of LXD from upstream :command:`git`
# repository. LXD currently is not packaged in Debian, therefore installation
# from source will be performed on Debian hosts. On Ubuntu hosts the role will
# install the distribution APT packages.
lxd__upstream_enabled: True
# ]]]
# .. envvar:: lxd__upstream_type [[[
#
# Specify the upstream installation type to use. Currently only ``apt`` (on
# Ubuntu) and ``git`` (elsewhere) are a valid option.
lxd__upstream_type: '{{ "apt"
if (ansible_distribution == "Ubuntu")
else "git" }}'
# ]]]
# .. envvar:: lxd__upstream_gpg_key [[[
#
# The GPG key used to sign LXD release tags in the repository, required for
# signature verification.
lxd__upstream_gpg_key:
- '602F 5676 63E5 93BC BD14 F338 C638 974D 6479 2D67'
- '5DE3 E050 9C47 EA3C F04A 42D3 4AEE 18F8 3AFD EB23'
# ]]]
# .. envvar:: lxd__upstream_git_repository [[[
#
# The URL of the :command:`git` repository with LXD source code.
lxd__upstream_git_repository: 'https://github.com/lxc/lxd'
# ]]]
# .. envvar:: lxd__upstream_git_release [[[
#
# The :command:`git` release tag to install. At the moment the LTS release of
# LXD does not correctly compile on Debian, so more recent release is used
# instead. This will change on the next working LTS release.
lxd__upstream_git_release: 'stable-4.0'
# ]]]
# .. envvar:: lxd__golang_gosrc [[[
#
# Directory with compiled source code of additional libraries required by LXD.
# They will be installed to the :file:`/usr/local/lib/` directory by the role.
lxd__golang_gosrc: '{{ ansible_local.golang.gosrc | d("") }}'
# ]]]
# .. envvar:: lxd__binary [[[
#
# Absolute path to the :command:`lxd` binary installed by the
# :ref:`debops.golang` Ansible role. The path is used in various
# :command:`systemd` unit files.
lxd__binary: '{{ ansible_local.golang.binaries["lxd"]
if (ansible_local.golang.binaries.lxd | d())
else "/usr/bin/lxd" }}'
# ]]]
# .. envvar:: lxd__base_packages [[[
#
# List of APT packages required by the LXD service.
lxd__base_packages: [ 'dnsmasq-base', 'lxcfs', 'squashfs-tools' ]
# ]]]
# .. envvar:: lxd__packages [[[
#
# List of additional APT packages to install with LXD.
lxd__packages: []
# ]]]
# ]]]
# POSIX environment [[[
# ---------------------
# .. envvar:: lxd__group [[[
#
# The POSIX system group which grants full access to the LXD service.
lxd__group: 'lxd'
# ]]]
# .. envvar:: lxd__admin_accounts [[[
#
# List of POSIX accounts which will be granted full access to the LXD service
# by adding them to the LXD system group.
lxd__admin_accounts: '{{ ansible_local.core.admin_users | d([]) }}'
# ]]]
# ]]]
# LXD configuration preseeding [[[
# --------------------------------
# These variables define the initial "preseed" YAML configuration which will be
# applied to the LXD service on first installation or on request.
# See :ref:`lxd__ref_preseed` for more details.
# .. envvar:: lxd__default_preseed [[[
#
# List of the default preseed configuration entries defined by the role.
lxd__default_preseed:
- name: 'server-default'
seed:
config: {}
- name: 'network-default'
seed:
networks:
- name: 'lxdbr0'
config:
ipv4.address: 'auto'
ipv6.address: 'auto'
description: ''
type: ''
- name: 'storage-default'
seed:
storage_pools:
- name: 'default'
config: {}
description: ''
driver: 'dir'
- name: 'profile-default'
seed:
profiles:
- name: 'default'
config: {}
description: ''
devices:
eth0:
name: 'eth0'
nictype: 'bridged'
parent: 'lxdbr0'
type: 'nic'
root:
path: '/'
pool: 'default'
type: 'disk'
- name: 'cluster-default'
seed:
cluster: null
# ]]]
# .. envvar:: lxd__preseed [[[
#
# List of the preseed configuration entries defined on all hosts in the Ansible
# inventory.
lxd__preseed: []
# ]]]
# .. envvar:: lxd__group_preseed [[[
#
# List of the preseed configuration entries defined on hosts in a specific
# Ansible inventory group.
lxd__group_preseed: []
# ]]]
# .. envvar:: lxd__host_preseed [[[
#
# List of the preseed configuration entries defined on specific hosts in the
# Ansible inventory.
lxd__host_preseed: []
# ]]]
# .. envvar:: lxd__combined_preseed [[[
#
# Variable which combines all of the preseed confituration lists and is used in
# role tasks and templates.
lxd__combined_preseed: '{{ lxd__default_preseed
+ lxd__preseed
+ lxd__group_preseed
+ lxd__host_preseed }}'
# ]]]
# .. envvar:: lxd__init_preseed [[[
#
# Variable which controls when the preseed configuration should be applied to
# the LXD service. It can be set via the ``--extra-vars`` Ansible argument to
# re-apply the preseed configuration on existing installations.
lxd__init_preseed: '{{ False
if (ansible_local | d() and ansible_local.lxd | d() and
(ansible_local.lxd.installed | d()) | bool)
else True }}'
# ]]]
# .. envvar:: lxd__preseed_data [[[
#
# Variable which holds the YAML configuration data passed to the
# :command:`lxd init --preseed` command via stdin.
lxd__preseed_data: '{{ lookup("template", "lookup/lxd__preseed_data.j2") }}'
# ]]]
# ]]]
# Configuration for other Ansible roles [[[
# -----------------------------------------
# .. envvar:: lxd__golang__dependent_packages [[[
#
# Configuration for the :ref:`debops.golang` Ansible role.
lxd__golang__dependent_packages:
- name: 'lxd'
state: '{{ "present" if lxd__upstream_enabled | bool else "absent" }}'
upstream_type: '{{ lxd__upstream_type }}'
apt_packages: [ 'lxd', 'lxd-client' ]
apt_dev_packages: [ 'autoconf', 'automake', 'tcl', 'libacl1-dev', 'libcap-dev',
'liblxc1', 'lxc-dev', 'libtool', 'libuv1-dev', 'make',
'pkg-config', 'libapparmor-dev', 'libseccomp-dev',
'libcap-dev', 'libudev-dev', 'libsqlite3-dev',
'liblz4-dev' ]
gpg: '{{ lxd__upstream_gpg_key }}'
git:
- repo: '{{ lxd__upstream_git_repository }}'
version: '{{ lxd__upstream_git_release }}'
depth: 50
build_script: |
export GOPATH="${HOME}/go"
make deps
export CGO_CFLAGS="-I${HOME}/go/deps/sqlite/ -I${HOME}/go/deps/libco/ -I${HOME}/go/deps/raft/include/ -I${HOME}/go/deps/dqlite/include/"
export CGO_LDFLAGS="-L${HOME}/go/deps/sqlite/.libs/ -L${HOME}/go/deps/libco/ -L${HOME}/go/deps/raft/.libs -L${HOME}/go/deps/dqlite/.libs/"
export LD_LIBRARY_PATH="${HOME}/go/deps/sqlite/.libs/:${HOME}/go/deps/libco/:${HOME}/go/deps/raft/.libs/:${HOME}/go/deps/dqlite/.libs/"
export CGO_LDFLAGS_ALLOW="(-Wl,-wrap,pthread_create)|(-Wl,-z,now)"
make
git_binaries:
- src: '{{ lxd__upstream_git_repository.split("://")[1] + "/../../../../bin/lxd" }}'
dest: 'lxd'
- src: '{{ lxd__upstream_git_repository.split("://")[1] + "/../../../../bin/lxd-agent" }}'
dest: 'lxd-agent'
- src: '{{ lxd__upstream_git_repository.split("://")[1] + "/../../../../bin/lxd-benchmark" }}'
dest: 'lxd-benchmark'
- src: '{{ lxd__upstream_git_repository.split("://")[1] + "/../../../../bin/lxd-p2c" }}'
dest: 'lxd-p2c'
- src: '{{ lxd__upstream_git_repository.split("://")[1] + "/../../../../bin/lxc" }}'
dest: 'lxc'
- src: '{{ lxd__upstream_git_repository.split("://")[1] + "/../../../../bin/lxc-to-lxd" }}'
dest: 'lxc-to-lxd'
- src: '{{ lxd__upstream_git_repository.split("://")[1] + "/../../../../bin/fuidshift" }}'
dest: 'fuidshift'
# ]]]
# .. envvar:: lxd__logrotate__dependent_config [[[
#
# Configuration for the :ref:`debops.logrotate` Ansible role.
lxd__logrotate__dependent_config:
- filename: 'lxd'
divert: '{{ False if lxd__upstream_enabled | bool else True }}'
log: '/var/log/lxd/lxd.log'
options: |
copytruncate
daily
rotate 7
delaycompress
compress
notifempty
missingok
state: 'present'
# ]]]
# .. envvar:: lxd__sysctl__dependent_parameters [[[
#
# Configuration for the :ref:`debops.sysctl` Ansible role.
lxd__sysctl__dependent_parameters:
- name: 'lxd-inotify'
divert: '{{ False if lxd__upstream_enabled | bool else True }}'
weight: '10'
options:
- name: 'fs.inotify.max_user_instances'
comment: |
Increase the user inotify instance limit to allow for about
100 containers to run before the limit is hit again
value: 1024
# ]]]
# ]]]

31
ansible_collections/debops/debops/roles/lxd/meta/main.yml Normal file
View file

@ -0,0 +1,31 @@
---
# Copyright (C) 2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# Ensure that custom Ansible plugins and modules included in the main DebOps
# collection are available to roles in other collections.
collections: [ 'debops.debops' ]
dependencies: []
galaxy_info:
author: 'Maciej Delmanowski'
description: 'Configure and manage LXD service'
company: 'DebOps'
license: 'GPL-3.0-only'
min_ansible_version: '2.8.0'
platforms:
- name: Ubuntu
versions:
- bionic
- name: Debian
versions:
- buster
- bullseye
galaxy_tags:
- container
- lxc
- lxd
- virtualization

10
ansible_collections/debops/debops/roles/lxd/meta/watch-lxd Normal file
View file

@ -0,0 +1,10 @@
# Copyright (C) 2019-2020 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2019-2020 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# Role: lxd
# Package: lxd
# Version: stable-4.0
version=3
https://github.com/lxc/lxd/tags .*/lxd-?(\d\S*)\.tar\.gz

116
ansible_collections/debops/debops/roles/lxd/tasks/main.yml Normal file
View file

@ -0,0 +1,116 @@
---
# Copyright (C) 2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
- name: Import custom Ansible plugins
ansible.builtin.import_role:
name: 'ansible_plugins'
- name: Import DebOps global handlers
ansible.builtin.import_role:
name: 'global_handlers'
- name: Check if custom libraries exist
ansible.builtin.stat:
path: '{{ lxd__golang_gosrc + "/../deps/raft/.libs" }}'
register: lxd__register_libraries
# The custom libraries were built during LXD installation via the
# 'debops.golang' role and need to be installed system-wide for the lxc/lxd
# binaries to work correctly.
- name: Copy custom dependent libraries to system directory
ansible.builtin.shell: |
set -o nounset -o pipefail -o errexit &&
mkdir -p /usr/local/lib/x86_64-linux-gnu &&
cp -Pf ../deps/raft/.libs/libraft.so* \
../deps/dqlite/.libs/libdqlite.so* \
/usr/local/lib/x86_64-linux-gnu &&
ldconfig
args:
chdir: '{{ lxd__golang_gosrc }}'
creates: '/usr/local/lib/x86_64-linux-gnu/libraft.so.0'
executable: 'bash'
when: lxd__upstream_enabled | bool and lxd__upstream_type == 'git' and
lxd__register_libraries.stat.exists | bool
- name: Install required packages
ansible.builtin.package:
name: '{{ (lxd__base_packages + lxd__packages) | flatten }}'
state: 'present'
- name: Create required POSIX system group
ansible.builtin.group:
name: '{{ lxd__group }}'
state: 'present'
system: True
- name: Add selected UNIX accounts to LXD system group
ansible.builtin.user:
name: '{{ item }}'
groups: '{{ lxd__group }}'
append: True
loop: '{{ lxd__admin_accounts }}'
- name: Create the log directory
ansible.builtin.file:
state: 'directory'
path: '/var/log/lxd'
mode: '0700'
- name: Check if lxc-apparmor-load binary exists
ansible.builtin.stat:
path: '/usr/lib/x86_64-linux-gnu/lxc/lxc-apparmor-load'
register: lxd__register_apparmor_load
# Without this, lxd daemon in Debian Bookworm doesn't start correctly
- name: Create lxc-apparmor-load symlink if needed
ansible.builtin.file:
path: '/usr/lib/x86_64-linux-gnu/lxc/lxc-apparmor-load'
src: '/usr/libexec/lxc/lxc-apparmor-load'
state: 'link'
when: not lxd__register_apparmor_load.stat.exists | bool and
ansible_distribution_release in [ 'bookworm' ]
- name: Generate systemd units
ansible.builtin.template:
src: 'etc/systemd/system/{{ item }}.j2'
dest: '/etc/systemd/system/{{ item }}'
mode: '0644'
loop: [ 'lxd.socket', 'lxd.service', 'lxd-containers.service', 'lxd-net.service' ]
register: lxd__register_systemd
when: lxd__upstream_enabled | bool and ansible_service_mgr == 'systemd'
- name: Enable systemd units
ansible.builtin.systemd: # noqa no-handler
daemon_reload: True
name: '{{ item }}'
state: 'started'
enabled: True
loop: [ 'lxd.socket', 'lxd-containers.service', 'lxd-net.service' ]
when: lxd__register_systemd is changed
- name: Apply preseed configuration
ansible.builtin.command: lxd init --preseed
args:
stdin: '{{ lxd__preseed_data }}'
changed_when: False
when: lxd__init_preseed | bool
tags: [ 'role::lxd:init' ]
- name: Make sure that Ansible local facts directory exists
ansible.builtin.file:
path: '/etc/ansible/facts.d'
state: 'directory'
mode: '0755'
- name: Save LXD local facts
ansible.builtin.template:
src: 'etc/ansible/facts.d/lxd.fact.j2'
dest: '/etc/ansible/facts.d/lxd.fact'
mode: '0755'
notify: [ 'Refresh host facts' ]
tags: [ 'meta::facts' ]
- name: Update Ansible facts if they were modified
ansible.builtin.meta: 'flush_handlers'

38
ansible_collections/debops/debops/roles/lxd/templates/etc/ansible/facts.d/lxd.fact.j2 Normal file
View file

@ -0,0 +1,38 @@
#!{{ ansible_python['executable'] }}
# -*- coding: utf-8 -*-
# Copyright (C) 2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# {{ ansible_managed }}
from __future__ import print_function
from json import dumps, loads
import subprocess
import os
def cmd_exists(cmd):
return any(
os.access(os.path.join(path, cmd), os.X_OK)
for path in os.environ["PATH"].split(os.pathsep)
)
output = {'installed': cmd_exists('lxd')}
try:
output['version'] = subprocess.check_output(
["lxd", "version"]
).decode('utf-8').strip()
output['networks'] = loads(
subprocess.check_output(["lxc", "network", "list",
"--format=json"]
).decode('utf-8').strip())
except Exception:
pass
print(dumps(output, sort_keys=True, indent=4))

22
ansible_collections/debops/debops/roles/lxd/templates/etc/systemd/system/lxd-containers.service.j2 Normal file
View file

@ -0,0 +1,22 @@
{# Copyright (C) 2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
# {{ ansible_managed }}
[Unit]
Description=LXD - container startup/shutdown
Documentation=man:lxd(1)
After=lxd.socket lxd.service
Requires=lxd.socket
[Service]
Type=oneshot
ExecStart={{ lxd__binary }} activateifneeded
ExecStop={{ lxd__binary }} shutdown
TimeoutStartSec=600s
TimeoutStopSec=600s
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target

20
ansible_collections/debops/debops/roles/lxd/templates/etc/systemd/system/lxd-net.service.j2 Normal file
View file

@ -0,0 +1,20 @@
{# Copyright (C) 2024 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2024 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
# {{ ansible_managed }}
[Unit]
Description=LXD - systemd-resolved internal domain configuration
After=lxd.socket lxd.service
Requires=lxd.socket
ConditionPathExists=/usr/local/lib/lxc/lxc-net-systemd-resolved
[Service]
Type=oneshot
ExecStart=/usr/local/lib/lxc/lxc-net-systemd-resolved start
ExecStop=/usr/local/lib/lxc/lxc-net-systemd-resolved stop
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target

27
ansible_collections/debops/debops/roles/lxd/templates/etc/systemd/system/lxd.service.j2 Normal file
View file

@ -0,0 +1,27 @@
{# Copyright (C) 2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
# {{ ansible_managed }}
[Unit]
Description=LXD - main daemon
After=network-online.target openvswitch-switch.service lxcfs.service lxd.socket
Requires=network-online.target lxcfs.service lxd.socket
Documentation=man:lxd(1)
[Service]
EnvironmentFile=-/etc/environment
ExecStartPre=/usr/lib/x86_64-linux-gnu/lxc/lxc-apparmor-load
ExecStart={{ lxd__binary }} --group {{ lxd__group }} --logfile=/var/log/lxd/lxd.log
ExecStartPost={{ lxd__binary }} waitready --timeout=600
KillMode=process
TimeoutStartSec=600s
TimeoutStopSec=30s
Restart=on-failure
LimitNOFILE=1048576
LimitNPROC=infinity
TasksMax=infinity
[Install]
Also=lxd-containers.service lxd.socket

20
ansible_collections/debops/debops/roles/lxd/templates/etc/systemd/system/lxd.socket.j2 Normal file
View file

@ -0,0 +1,20 @@
{# Copyright (C) 2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
# {{ ansible_managed }}
[Unit]
Description=LXD - unix socket
Documentation=man:lxd(1)
After=network.target
[Socket]
ListenStream=/var/lib/lxd/unix.socket
SocketUser=root
SocketGroup={{ lxd__group }}
SocketMode=0660
Service=lxd.service
[Install]
WantedBy=sockets.target

12
ansible_collections/debops/debops/roles/lxd/templates/lookup/lxd__preseed_data.j2 Normal file
View file

@ -0,0 +1,12 @@
{# Copyright (C) 2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
{% set lxd__tpl_preseed = {} %}
{% for element in lxd__combined_preseed | debops.debops.parse_kv_config %}
{% if element.name | d() and element.state | d('present') not in [ 'absent', 'init', 'ignore' ] and element.seed | d() %}
{% set combined_preseed = lxd__tpl_preseed | combine(element.seed, recursive=True) %}
{% set _ = lxd__tpl_preseed.update(combined_preseed) %}
{% endif %}
{% endfor %}
{{ lxd__tpl_preseed | to_yaml }}