Ansible role that configures a host for running nspawn containers.
To clone or view the source code for this repository, visit the role repository for nspawn_hosts.
# === systemd-nspawn defaults ==================================================
# Default networks that will be applied ONLY to nspwan deployments.
nspawn_networks:
nspawn_address:
# The name of the interface, by default this is a dummy device on a private
# network however it could be a bridge or any other interface.
bridge: "nspawn0"
# Optional | Set bool to enable a private device. This will create a bridge
# not connecting to the underlying L2.
private_device: true
# Optional | Enable or disable dhcp on this network
enable_dhcp: true
# Optional | When dhcp is enabled set the IP address range
dhcp_range: 10.0.4.2,10.0.4.129
# Optional | Set the address for the macvlan network
address: 10.0.4.1
# Optional | Set the netmask for the macvlan network
netmask: 255.255.255.0
# Optional | Set the macvlan mode
macvlan_mode: bridge
# Optional | set the routed interface
routed_interface: mv-nspawn0
# Optional | Force address space to be scoped to only the host
host_only: true
# Primary interface used for host to container communications. In the event that
# the underlying system is running a condensed network stack a route will be
# created for all networks that have a defined `cidr` using the primary
# interface. In the event that an address is defined for a given network Ansible
# facts will be used to determine if an address needs to be assigned to the
# macvlan interface.
#
# + simple example:
# management_cidr: "172.29.236.0/24"
# container_networks:
# management_address:
# bridge: eth0
#
# In this example the `managemen_cidr` corresponds to the `management_address`
# network and because there's no IP address within the address block a route is
# used allowing the host to communicate with the containers. For the route to be
# added using any network, the network must have a corresponding CIDR with no
# defined address.
#
# Multiple macvlans can be spawned from a single host interface.
# + simple example:
# management_cidr: "172.29.236.0/24"
# storage_cidr: "10.0.0.0/24"
# flat_cidr: "172.29.239.0/24"
# container_networks:
# management_address:
# bridge: eth0
# storage_address:
# bridge: eth0
# address: 10.0.0.100
# netmask: 255.255.255.0
# tunnel_address:
# bridge: eth0.10
# flat_address:
# bridge: eth0
# interface: mv-flat
# routed_interface: mv-flat
#
# Extra interfaces that are wholly configured by the user can be set using the
# container extra networks option. This option follows all of the parameters of
# both `container_networks` and `nspawn_networks`.
container_extra_networks: {}
# In this example management storage and tunnel networks will be created and
# attached to the containers.
# + The management network will have a route created for its corresponding CIDR
# + The storage network will have the defined address added to the macvlan
# interface with `scope` set to `host`, assuming the address is not already
# assigned to the underlying interface, "eth0".
# + The tunnel network will be attached to the container and isolated from the
# host with no access to without first attaching to the container.
# + The flat network will be created and attached to the container with a host
# route on the defined `routed_interface`.
#
nspawn_primary_interface: "{{ nspawn_networks['nspawn_address']['bridge'] }}"
# Used to define the default macvlan mode when not specifically defined within
# container_networks or nspawn_networks. See all available options here:
# https://www.freedesktop.org/software/systemd/man/systemd.netdev.html#%5BMACVLAN%5D%20Section%20Options
nspawn_macvlan_mode: bridge
# Set the default volume size. This is used when creating a loopback filesystem
# when "/var/lib/machines" is not already a mount point.
nspawn_host_machine_volume_size: 64G
# Enable or Disable the BTRFS quota system for the "/var/lib/machines" mount
# point. More information on the BTRFS quota system can be found here:
# * https://btrfs.wiki.kernel.org/index.php/Quota_support
nspawn_host_machine_quota_disabled: false
# Set the default qgroup limits used for file system quotas. The default is
# "none". See the following documentation for more information:
# * https://btrfs.wiki.kernel.org/index.php/Manpage/btrfs-qgroup
nspawn_host_qgroup_space_limit: none
nspawn_host_qgroup_compression_limit: none
# Boolean option to validate the certificates when fetching images. If using a
# self-signed certificate this should be se to "false".
nspawn_hosts_validate_certs: true
# Set the installation package state. Options are [latest, present, absent].
nspawn_hosts_package_state: "latest"
# Default base image to build containers from. This setting, by default, is
# derived from the host machine OS. If a custome name is desirable this can be
# changed.
# nspawn_container_base_name: "aio1_utility_container-67440f99"
nspawn_container_base_name: "{{ nspawn_cache_map.distro }}-{{ nspawn_cache_map.release }}-{{ nspawn_cache_map.arch }}"
# URL to image tarball
nspawn_hosts_container_image_url: "{{ _nspawn_hosts_container_image_url | default(null) }}"
# Enable or disable the legacy image download system.
nspawn_hosts_container_image_download_legacy: "{{ _nspawn_hosts_container_image_download_legacy | default(false) }}"
# Set the legacy image download variant
nspawn_cache_default_variant: "default"
# When preparing the image cache a deployer may want to run specific commands
# at the beginning of the cache prep or the end. These options provide for that
# capability. The commands are string formatted and will be interpreted
# literally.
# nspawn_cache_prep_pre_commands: |
# echo "Run Special command 1"
# echo "Run Special command 2"
nspawn_cache_prep_pre_commands: ""
nspawn_cache_prep_post_commands: ""
# If the image cache is stale or is in general need of replacement set this to
# True. The role, by default, will only update the image cache when required.
nspawn_image_cache_refresh: false
# The cache prep DNS may need to be changed based on the conditions within the
# deployment. Set this list to whatever is required to get access to the
# inter(intra)net within the deployment. The default is to use OpenDNS and fall
# back to google.
nspawn_cache_prep_dns:
- "208.67.222.222"
- "8.8.8.8"
# Set the cache map used when creating the container.
# nspawn_cache_map:
# distro: "$DISTRO_NAME"
# arch: "{{ nspawn_architecture_mapping.get(ansible_architecture) }}"
# release: "{{ hostvars[physical_host]['ansible_distribution_version'] }}"
nspawn_cache_map: "{{ _nspawn_cache_map | default({}) }}"
# Default list of files to copy from the host into the container when the
# default cache is created. This list is merged to create the list of files
# to copy into the container base image which is captured under the
# `nspawn_copy_from_host` option.
# NOTICE: With all of the copy options it should be noted that it's using rsync
# within the task. If the target being copied is a "directory" the path
# should end with a tailing slash.
nspawn_default_copy_from_host:
- /etc/default/locale
- /etc/environment
- /etc/localtime
- /etc/locale.conf
- /etc/protocols
# nspawn_copy_from_host:
# - /etc/resolve.conf
# - /etc/apt/sources.list
nspawn_copy_from_host: "{{ nspawn_default_copy_from_host | union(_nspawn_copy_from_host | default([])) }}"
# Default list of files to copy from the host into the container when the
# default cache is created. This list will be merged with the option
# "nspawn_copy_from_host". which allows a deployer to set additional files to
# be copied into the container on top of the system managed ones.
# nspawn_container_cache_files_from_host:
# - /etc/apt/apt.conf.d/
# - /etc/apt/preferences.d/
nspawn_container_cache_files_from_host: []
# Default list of packages to install within the build container cache. These
# packages are installed first, before running anything else within the image.
# nspawn_container_distro_required_packages:
# - gnupg
nspawn_container_distro_required_packages: "{{ _nspawn_container_distro_required_packages | default([]) }}"
# Define a list of extra distribution packages to install into the container cache
nspawn_container_extra_distro_packages: []
# Default list of packages to install within the build container cache.
# nspawn_container_distro_packages:
# - curl
# - tcpdump
nspawn_container_distro_packages: "{{ _nspawn_container_distro_packages | default([]) + nspawn_container_extra_distro_packages }}"
# Define a list of extra distribution packages to install onto the host
nspawn_hosts_extra_distro_packages: []
# Default list of packages to install on the physical host machine.
# nspawn_hosts_distro_packages:
# - bridge-utils
# - btrfs-tools
nspawn_hosts_distro_packages: "{{ _nspawn_hosts_distro_packages | default([]) + nspawn_hosts_extra_distro_packages }}"
# === General container defaults ===============================================
# Default networks that will be applied ALL containerized deployments.
# container_networks:
# management_address:
# address: "{{ ansible_host | default('localhost') }}"
# netmask: "255.255.255.0"
# bridge: "br-mgmt"
# static_routes:
# - cidr: 172.29.100.0/24
# gateway: 172.29.100.100
container_networks: {}
This role needs pip >= 7.1 installed on the target host.
- name: Basic nspawn host setup
hosts: "hosts"
user: root
roles:
- { role: "nspawn_hosts" }
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.