Prepare_Workshop/prepare_lxc_hosts.yml

---
- hosts:
  - lxc_hosts

  tasks:
    - assert:
        that:
          - ansible_pkg_mgr == "apt"
        fail_msg: "Sorry, Debian-like hosts only!"


    - name: Just to be sure python3-apt is installed
      command: apt install -y python3-apt
      args:
        creates: /usr/lib/python3/dist-packages/apt


    - name: Install packages
      package:
        name: "{{ packages }}"
        state: latest
      vars:
        packages:
          - bridge-utils
          - dnsmasq
          - iptables
          - lxc
          - python3-lxc


    - name: Copy config files
      copy:
        src: "{{ item }}"
        dest: "/{{ item }}"
        owner: root
        group: root
        mode: 0644
      loop:
        - etc/dnsmasq.d/br-lxc
        - etc/lxc/ansible.conf
        - etc/network/interfaces.d/br-lxc
      notify:
        - Restart dnsmasq


    - name: dnsmasq should use /etc/resolv.conf
      lineinfile:
        path: /etc/default/dnsmasq
        line: 'IGNORE_RESOLVCONF=yes'
        regexp: '^\s*#*\s*IGNORE_RESOLVCONF=yes'
        backup: yes
      notify:
        - Restart dnsmasq


    - name: IPv4-Forwarding
      sysctl:
        name: net.ipv4.ip_forward
        value: '1'
        sysctl_file: /etc/sysctl.d/lxc.conf
        sysctl_set: yes
        state: present
        reload: yes


    - name: Raise inotify limit
      sysctl:
        name: fs.inotify.max_user_instances
        value: '1024'
        sysctl_file: 30-lxc-inotify.conf
        sysctl_set: yes
        state: present
        reload: yes


    - name: Disable lxc-net
      service:
        name: lxc-net
        enabled: no
        state: stopped
      ignore_errors: yes


    - name: Bring up br-lxc
      command: ifup br-lxc
      args:
        creates: /sys/devices/virtual/net/br-lxc


  handlers:
    - name: Restart dnsmasq
      service:
        name: dnsmasq
        state: restarted
      ignore_errors: yes
Cleaned up, untested 2020-11-28 15:12:53 +00:00			`---`
			`- hosts:`
			`- lxc_hosts`

			`tasks:`
			`- assert:`
			`that:`
			`- ansible_pkg_mgr == "apt"`
			`fail_msg: "Sorry, Debian-like hosts only!"`


			`- name: Just to be sure python3-apt is installed`
			`command: apt install -y python3-apt`
			`args:`
			`creates: /usr/lib/python3/dist-packages/apt`


			`- name: Install packages`
			`package:`
			`name: "{{ packages }}"`
			`state: latest`
			`vars:`
			`packages:`
			`- bridge-utils`
			`- dnsmasq`
			`- iptables`
			`- lxc`
			`- python3-lxc`


			`- name: Copy config files`
			`copy:`
			`src: "{{ item }}"`
			`dest: "/{{ item }}"`
			`owner: root`
			`group: root`
			`mode: 0644`
			`loop:`
			`- etc/dnsmasq.d/br-lxc`
Small fixes - wrong config file name - put value in quotes 2021-02-18 11:09:16 +00:00			`- etc/lxc/ansible.conf`
Cleaned up, untested 2020-11-28 15:12:53 +00:00			`- etc/network/interfaces.d/br-lxc`
			`notify:`
			`- Restart dnsmasq`


			`- name: dnsmasq should use /etc/resolv.conf`
			`lineinfile:`
			`path: /etc/default/dnsmasq`
			`line: 'IGNORE_RESOLVCONF=yes'`
			`regexp: '^\s#\s*IGNORE_RESOLVCONF=yes'`
			`backup: yes`
			`notify:`
			`- Restart dnsmasq`


			`- name: IPv4-Forwarding`
			`sysctl:`
			`name: net.ipv4.ip_forward`
Small fixes - wrong config file name - put value in quotes 2021-02-18 11:09:16 +00:00			`value: '1'`
Cleaned up, untested 2020-11-28 15:12:53 +00:00			`sysctl_file: /etc/sysctl.d/lxc.conf`
			`sysctl_set: yes`
			`state: present`
			`reload: yes`


Raise inotify limit via sysctl 2021-02-18 11:10:27 +00:00			`- name: Raise inotify limit`
			`sysctl:`
			`name: fs.inotify.max_user_instances`
			`value: '1024'`
			`sysctl_file: 30-lxc-inotify.conf`
			`sysctl_set: yes`
			`state: present`
			`reload: yes`


Cleaned up, untested 2020-11-28 15:12:53 +00:00			`- name: Disable lxc-net`
			`service:`
			`name: lxc-net`
			`enabled: no`
			`state: stopped`
			`ignore_errors: yes`


			`- name: Bring up br-lxc`
			`command: ifup br-lxc`
			`args:`
			`creates: /sys/devices/virtual/net/br-lxc`



			`handlers:`
			`- name: Restart dnsmasq`
			`service:`
			`name: dnsmasq`
			`state: restarted`
			`ignore_errors: yes`