Prepare_Workshop/prepare_lxc_hosts.yml

---
- hosts:
  - lxc_hosts

  tasks:
    - assert:
        that:
          - ansible_pkg_mgr == "apt"
        fail_msg: "Sorry, Debian-like hosts only!"


    - name: Just to be sure python3-apt is installed
      command: apt install -y python3-apt
      args:
        creates: /usr/lib/python3/dist-packages/apt


    - name: Install packages
      package:
        name: "{{ packages }}"
        state: latest
      vars:
        packages:
          - bridge-utils
          - dnsmasq
          - iptables
          - lxc
          - python3-lxc


    - name: Copy config files
      copy:
        src: "{{ item }}"
        dest: "/{{ item }}"
        owner: root
        group: root
        mode: 0644
      loop:
        - etc/dnsmasq.d/br-lxc
        - etc/lxc/ansible.conf
        - etc/network/interfaces.d/br-lxc
      notify:
        - Restart dnsmasq


    - name: Fix evil Debian default /etc/network/interfaces
      lineinfile:
        dest: /etc/network/interfaces
        regexp: 'source.*interfaces.d'
        line: 'source-directory /etc/network/interfaces.d'
        backup: yes


    - name: dnsmasq should use /etc/resolv.conf
      lineinfile:
        path: /etc/default/dnsmasq
        line: 'IGNORE_RESOLVCONF=yes'
        regexp: '^\s*#*\s*IGNORE_RESOLVCONF=yes'
        backup: yes
      notify:
        - Restart dnsmasq


    - name: IPv4-Forwarding
      sysctl:
        name: net.ipv4.ip_forward
        value: '1'
        sysctl_file: /etc/sysctl.d/lxc.conf
        sysctl_set: yes
        state: present
        reload: yes


    - name: Raise inotify limit
      sysctl:
        name: fs.inotify.max_user_instances
        value: '1024'
        sysctl_file: 30-lxc-inotify.conf
        sysctl_set: yes
        state: present
        reload: yes


    - name: Enable CAP_SYS_TIME in Container
      lineinfile:
        dest: /usr/share/lxc/config/common.conf
        backrefs: yes
        regexp: '(^\s*[^#].*)sys_time ?(.*)$'
        line: '\1\2'
        backup: yes


    - name: lxc-net with systemd
      block:
        - name: Stop lxc-net service
          systemd:
            name: lxc-net
            state: stopped

        - name: Disable lxc-net service
          systemd:
            name: lxc-net
            enabled: no

        - name: Mask lxc-net service
          systemd:
            name: lxc-net
            masked: yes
      when: ansible_service_mgr == "systemd"


    - name: lxc-net without systemd
      block:
        - name: Disable lxc-net
          service:
            name: lxc-net
            enabled: no
            state: stopped
          ignore_errors: yes
      when: ansible_service_mgr != "systemd"


    - name: Bring up br-lxc
      command: ifup br-lxc
      args:
        creates: /sys/devices/virtual/net/br-lxc


  handlers:
    - name: Restart dnsmasq
      service:
        name: dnsmasq
        state: restarted
      ignore_errors: yes
Cleaned up, untested 2020-11-28 15:12:53 +00:00			`---`
			`- hosts:`
			`- lxc_hosts`

			`tasks:`
			`- assert:`
			`that:`
			`- ansible_pkg_mgr == "apt"`
			`fail_msg: "Sorry, Debian-like hosts only!"`


			`- name: Just to be sure python3-apt is installed`
			`command: apt install -y python3-apt`
			`args:`
			`creates: /usr/lib/python3/dist-packages/apt`


			`- name: Install packages`
			`package:`
			`name: "{{ packages }}"`
			`state: latest`
			`vars:`
			`packages:`
			`- bridge-utils`
			`- dnsmasq`
			`- iptables`
			`- lxc`
			`- python3-lxc`


			`- name: Copy config files`
			`copy:`
			`src: "{{ item }}"`
			`dest: "/{{ item }}"`
			`owner: root`
			`group: root`
			`mode: 0644`
			`loop:`
			`- etc/dnsmasq.d/br-lxc`
Small fixes - wrong config file name - put value in quotes 2021-02-18 11:09:16 +00:00			`- etc/lxc/ansible.conf`
Cleaned up, untested 2020-11-28 15:12:53 +00:00			`- etc/network/interfaces.d/br-lxc`
			`notify:`
			`- Restart dnsmasq`


Fix Debian's evil source in /e/n/interfaces 2021-09-30 14:43:45 +00:00
			`- name: Fix evil Debian default /etc/network/interfaces`
			`lineinfile:`
			`dest: /etc/network/interfaces`
			`regexp: 'source.*interfaces.d'`
			`line: 'source-directory /etc/network/interfaces.d'`
			`backup: yes`


Cleaned up, untested 2020-11-28 15:12:53 +00:00			`- name: dnsmasq should use /etc/resolv.conf`
			`lineinfile:`
			`path: /etc/default/dnsmasq`
			`line: 'IGNORE_RESOLVCONF=yes'`
			`regexp: '^\s#\s*IGNORE_RESOLVCONF=yes'`
			`backup: yes`
			`notify:`
			`- Restart dnsmasq`


			`- name: IPv4-Forwarding`
			`sysctl:`
			`name: net.ipv4.ip_forward`
Small fixes - wrong config file name - put value in quotes 2021-02-18 11:09:16 +00:00			`value: '1'`
Cleaned up, untested 2020-11-28 15:12:53 +00:00			`sysctl_file: /etc/sysctl.d/lxc.conf`
			`sysctl_set: yes`
			`state: present`
			`reload: yes`


Raise inotify limit via sysctl 2021-02-18 11:10:27 +00:00			`- name: Raise inotify limit`
			`sysctl:`
			`name: fs.inotify.max_user_instances`
			`value: '1024'`
			`sysctl_file: 30-lxc-inotify.conf`
			`sysctl_set: yes`
			`state: present`
			`reload: yes`


Enable NTP(CAP_SYS_TIME) in LXContainer 2021-02-18 11:10:51 +00:00			`- name: Enable CAP_SYS_TIME in Container`
			`lineinfile:`
Fix wrong LXC config_common path 2021-02-26 15:43:26 +00:00			`dest: /usr/share/lxc/config/common.conf`
Enable NTP(CAP_SYS_TIME) in LXContainer 2021-02-18 11:10:51 +00:00			`backrefs: yes`
			`regexp: '(^\s[^#].)sys_time ?(.*)$'`
			`line: '\1\2'`
			`backup: yes`


Fix systemd/lxc-net.service 2021-09-30 14:44:01 +00:00			`- name: lxc-net with systemd`
			`block:`
			`- name: Stop lxc-net service`
			`systemd:`
			`name: lxc-net`
			`state: stopped`

			`- name: Disable lxc-net service`
			`systemd:`
			`name: lxc-net`
			`enabled: no`

			`- name: Mask lxc-net service`
			`systemd:`
			`name: lxc-net`
			`masked: yes`
			`when: ansible_service_mgr == "systemd"`


			`- name: lxc-net without systemd`
			`block:`
			`- name: Disable lxc-net`
			`service:`
			`name: lxc-net`
			`enabled: no`
			`state: stopped`
			`ignore_errors: yes`
			`when: ansible_service_mgr != "systemd"`
Cleaned up, untested 2020-11-28 15:12:53 +00:00

			`- name: Bring up br-lxc`
			`command: ifup br-lxc`
			`args:`
			`creates: /sys/devices/virtual/net/br-lxc`



			`handlers:`
			`- name: Restart dnsmasq`
			`service:`
			`name: dnsmasq`
			`state: restarted`
			`ignore_errors: yes`