Fix LXC container implementations (#231)

* Need to become to reboot

* Fix rc.local insertion of script

* Fix syntax

Add new line to lxc.yml

* Remove need to set fact

* Add reset for LXC container config

* Fix syntax

Its always the newlines..

* remove fact setting from reset task

We should mirror the deployment task

* Proxmox LXC reset functions

* Handle if rc.local already has data

* Dont compare literal

* Cleanup Erroneous newline

* Handle rc.local not present on a hybrid cluster

* Update roles/reset/tasks/main.yml

Co-authored-by: Simon Leiner <simon@leiner.me>

* Update roles/lxc/tasks/main.yml

Co-authored-by: Simon Leiner <simon@leiner.me>

---------

Co-authored-by: Techno Tim <timothystewart6@gmail.com>
Co-authored-by: Simon Leiner <simon@leiner.me>

reset.yml

@@ -13,3 +13,11 @@
       become: true
       reboot:
         reboot_timeout: 3600
+
+- hosts: proxmox
+  gather_facts: true
+  become: yes
+  remote_user: "{{ proxmox_lxc_ssh_user }}"
+  roles:
+    - role: reset_proxmox_lxc
+      when: proxmox_lxc_configure

roles/lxc/handlers/main.yml

@@ -1,3 +1,4 @@
 ---
 - name: reboot server
+  become: true
   reboot:

roles/lxc/tasks/main.yml

@@ -1,7 +1,21 @@
 ---
-- name: configure rc.local for proxmox lxc containers
+- name: Check for rc.local file
-  copy:
+  stat:
-    src: "{{ playbook_dir }}/scripts/rc.local"
+    path: /etc/rc.local
-    dest: "/etc/rc.local"
+  register: rcfile
+
+- name: Create rc.local if needed
+  lineinfile:
+    path: /etc/rc.local
+    line: "#!/bin/sh -e"
+    create: true
+    insertbefore: BOF
     mode: "u=rwx,g=rx,o=rx"
+  when: not rcfile.stat.exists
+
+- name: Write rc.local file
+  blockinfile:
+    path: /etc/rc.local
+    content: "{{ lookup('template', 'templates/rc.local.j2') }}"
+    state: present
   notify: reboot server

roles/reset/tasks/main.yml

@@ -54,3 +54,31 @@
   file:
     path: /tmp/k3s
     state: absent
+
+- name: Check if rc.local exists
+  stat:
+    path: /etc/rc.local
+  register: rcfile
+
+- name: Remove rc.local modifications for proxmox lxc containers
+  become: true
+  blockinfile:
+    path: /etc/rc.local
+    content: "{{ lookup('template', 'templates/rc.local.j2') }}"
+    create: false
+    state: absent
+  when: proxmox_lxc_configure and rclocal.stat.exists
+
+- name: Check rc.local for cleanup
+  become: true
+  slurp:
+    src: /etc/rc.local
+  register: rcslurp
+  when: proxmox_lxc_configure and rclocal.stat.exists
+
+- name: Cleanup rc.local if we only have a Shebang line
+  become: true
+  file:
+    path: /etc/rc.local
+    state: absent
+  when: proxmox_lxc_configure and rclocal.stat.exists and ((rcslurp.content | b64decode).splitlines() | length) <= 1

roles/reset_proxmox_lxc/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: reboot containers
+  command:
+    "pct reboot {{ item }}"
+  loop: "{{ proxmox_lxc_filtered_ids }}"

roles/reset_proxmox_lxc/tasks/main.yml

@@ -0,0 +1,53 @@
+---
+- name: check for container files that exist on this host
+  stat:
+    path: "/etc/pve/lxc/{{ item }}.conf"
+  loop: "{{ proxmox_lxc_ct_ids }}"
+  register: stat_results
+
+- name: filter out files that do not exist
+  set_fact:
+    proxmox_lxc_filtered_files:
+      '{{ stat_results.results | rejectattr("stat.exists", "false") | map(attribute="stat.path") }}'
+
+# used for the reboot handler
+- name: get container ids from filtered files
+  set_fact:
+    proxmox_lxc_filtered_ids:
+      '{{ proxmox_lxc_filtered_files | map("split", "/") | map("last") | map("split", ".") | map("first") }}'
+
+- name: Remove LXC apparmor profile
+  lineinfile:
+    dest: "{{ item }}"
+    regexp: "^lxc.apparmor.profile"
+    line: "lxc.apparmor.profile: unconfined"
+    state: absent
+  loop: "{{ proxmox_lxc_filtered_files }}"
+  notify: reboot containers
+
+- name: Remove lxc cgroups
+  lineinfile:
+    dest: "{{ item }}"
+    regexp: "^lxc.cgroup.devices.allow"
+    line: "lxc.cgroup.devices.allow: a"
+    state: absent
+  loop: "{{ proxmox_lxc_filtered_files }}"
+  notify: reboot containers
+
+- name: Remove lxc cap drop
+  lineinfile:
+    dest: "{{ item }}"
+    regexp: "^lxc.cap.drop"
+    line: "lxc.cap.drop: "
+    state: absent
+  loop: "{{ proxmox_lxc_filtered_files }}"
+  notify: reboot containers
+
+- name: Remove lxc mounts
+  lineinfile:
+    dest: "{{ item }}"
+    regexp: "^lxc.mount.auto"
+    line: 'lxc.mount.auto: "proc:rw sys:rw"'
+    state: absent
+  loop: "{{ proxmox_lxc_filtered_files }}"
+  notify: reboot containers

site.yml

@@ -12,6 +12,7 @@
   gather_facts: yes
   roles:
     - role: lxc
+      become: true
       when: proxmox_lxc_configure
     - role: prereq
       become: true

templates/rc.local.j2

@@ -1,5 +1,3 @@
-#!/bin/sh -e
-
 # Kubeadm 1.15 needs /dev/kmsg to be there, but it's not in lxc, but we can just use /dev/console instead
 # see: https://github.com/kubernetes-sigs/kind/issues/662
 if [ ! -e /dev/kmsg ]; then