Fix LXC container implementations (#231)

* Need to become to reboot * Fix rc.local insertion of script * Fix syntax Add new line to lxc.yml * Remove need to set fact * Add reset for LXC container config * Fix syntax Its always the newlines.. * remove fact setting from reset task We should mirror the deployment task * Proxmox LXC reset functions * Handle if rc.local already has data * Dont compare literal * Cleanup Erroneous newline * Handle rc.local not present on a hybrid cluster * Update roles/reset/tasks/main.yml Co-authored-by: Simon Leiner <simon@leiner.me> * Update roles/lxc/tasks/main.yml Co-authored-by: Simon Leiner <simon@leiner.me> --------- Co-authored-by: Techno Tim <timothystewart6@gmail.com> Co-authored-by: Simon Leiner <simon@leiner.me>
2023-03-03 12:28:14 -05:00 · 2023-03-03 12:28:14 -05:00 · 3a1a7a19aa
commit 3a1a7a19aa
parent 030eeb4b75
8 changed files with 114 additions and 6 deletions
--- a/reset.yml
+++ b/reset.yml
@ -13,3 +13,11 @@
      become: true
      reboot:
        reboot_timeout: 3600
+
+- hosts: proxmox
+  gather_facts: true
+  become: yes
+  remote_user: "{{ proxmox_lxc_ssh_user }}"
+  roles:
+    - role: reset_proxmox_lxc
+      when: proxmox_lxc_configure
--- a/roles/lxc/handlers/main.yml
+++ b/roles/lxc/handlers/main.yml
@ -1,3 +1,4 @@
 ---
 - name: reboot server
+  become: true
  reboot:
--- a/roles/lxc/tasks/main.yml
+++ b/roles/lxc/tasks/main.yml
@ -1,7 +1,21 @@
 ---
- name: configure rc.local for proxmox lxc containers
-  copy:
-    src: "{{ playbook_dir }}/scripts/rc.local"
-    dest: "/etc/rc.local"
+- name: Check for rc.local file
+  stat:
+    path: /etc/rc.local
+  register: rcfile
+
+- name: Create rc.local if needed
+  lineinfile:
+    path: /etc/rc.local
+    line: "#!/bin/sh -e"
+    create: true
+    insertbefore: BOF
    mode: "u=rwx,g=rx,o=rx"
+  when: not rcfile.stat.exists
+
+- name: Write rc.local file
+  blockinfile:
+    path: /etc/rc.local
+    content: "{{ lookup('template', 'templates/rc.local.j2') }}"
+    state: present
  notify: reboot server
--- a/roles/reset/tasks/main.yml
+++ b/roles/reset/tasks/main.yml
@ -54,3 +54,31 @@
  file:
    path: /tmp/k3s
    state: absent
+
+- name: Check if rc.local exists
+  stat:
+    path: /etc/rc.local
+  register: rcfile
+
+- name: Remove rc.local modifications for proxmox lxc containers
+  become: true
+  blockinfile:
+    path: /etc/rc.local
+    content: "{{ lookup('template', 'templates/rc.local.j2') }}"
+    create: false
+    state: absent
+  when: proxmox_lxc_configure and rclocal.stat.exists
+
+- name: Check rc.local for cleanup
+  become: true
+  slurp:
+    src: /etc/rc.local
+  register: rcslurp
+  when: proxmox_lxc_configure and rclocal.stat.exists
+
+- name: Cleanup rc.local if we only have a Shebang line
+  become: true
+  file:
+    path: /etc/rc.local
+    state: absent
+  when: proxmox_lxc_configure and rclocal.stat.exists and ((rcslurp.content | b64decode).splitlines() | length) <= 1
--- a/roles/reset_proxmox_lxc/handlers/main.yml
+++ b/roles/reset_proxmox_lxc/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: reboot containers
+  command:
+    "pct reboot {{ item }}"
+  loop: "{{ proxmox_lxc_filtered_ids }}"
--- a/roles/reset_proxmox_lxc/tasks/main.yml
+++ b/roles/reset_proxmox_lxc/tasks/main.yml
@ -0,0 +1,53 @@
+---
+- name: check for container files that exist on this host
+  stat:
+    path: "/etc/pve/lxc/{{ item }}.conf"
+  loop: "{{ proxmox_lxc_ct_ids }}"
+  register: stat_results
+
+- name: filter out files that do not exist
+  set_fact:
+    proxmox_lxc_filtered_files:
+      '{{ stat_results.results | rejectattr("stat.exists", "false") | map(attribute="stat.path") }}'
+
+# used for the reboot handler
+- name: get container ids from filtered files
+  set_fact:
+    proxmox_lxc_filtered_ids:
+      '{{ proxmox_lxc_filtered_files | map("split", "/") | map("last") | map("split", ".") | map("first") }}'
+
+- name: Remove LXC apparmor profile
+  lineinfile:
+    dest: "{{ item }}"
+    regexp: "^lxc.apparmor.profile"
+    line: "lxc.apparmor.profile: unconfined"
+    state: absent
+  loop: "{{ proxmox_lxc_filtered_files }}"
+  notify: reboot containers
+
+- name: Remove lxc cgroups
+  lineinfile:
+    dest: "{{ item }}"
+    regexp: "^lxc.cgroup.devices.allow"
+    line: "lxc.cgroup.devices.allow: a"
+    state: absent
+  loop: "{{ proxmox_lxc_filtered_files }}"
+  notify: reboot containers
+
+- name: Remove lxc cap drop
+  lineinfile:
+    dest: "{{ item }}"
+    regexp: "^lxc.cap.drop"
+    line: "lxc.cap.drop: "
+    state: absent
+  loop: "{{ proxmox_lxc_filtered_files }}"
+  notify: reboot containers
+
+- name: Remove lxc mounts
+  lineinfile:
+    dest: "{{ item }}"
+    regexp: "^lxc.mount.auto"
+    line: 'lxc.mount.auto: "proc:rw sys:rw"'
+    state: absent
+  loop: "{{ proxmox_lxc_filtered_files }}"
+  notify: reboot containers
--- a/site.yml
+++ b/site.yml
@ -12,6 +12,7 @@
  gather_facts: yes
  roles:
    - role: lxc
+      become: true
      when: proxmox_lxc_configure
    - role: prereq
      become: true
--- a/templates/rc.local.j2
+++ b/templates/rc.local.j2
@ -1,5 +1,3 @@
-#!/bin/sh -e
-
 # Kubeadm 1.15 needs /dev/kmsg to be there, but it's not in lxc, but we can just use /dev/console instead
 # see: https://github.com/kubernetes-sigs/kind/issues/662
 if [ ! -e /dev/kmsg ]; then