the-liberated-edge/test_linux_containers
2
0
Fork 0
generated from the-liberated-edge/wikijs
Code Issues 5 Pull Requests Packages Projects 1 Releases Wiki Activity

Merge pull request 'i-6 Migration from LXD to incus' (#7) from i-6-lxd-to-incus into main

Browse Source 
Reviewed-on: #7
This commit is contained in:
emil 2024-01-18 23:34:04 +00:00
commit d90b14a864
6 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -13,9 +13,9 @@ the Ansible collection `theliberatededge.test_linux_containers`.
1. You have access to a machine running a Linux distribution of your 1. You have access to a machine running a Linux distribution of your
choice. choice.
2. [LXD](https://ubuntu.com/lxd) has been installed and initialised on this 2. [incus](https://linuxcontainers.org/incus/docs/main/) has been installed and
machine, so that containers can be launched. It will effectively be used as initialised on this machine, so that containers can be launched. It will
a container hypervisor. effectively be used as a container hypervisor.
3. Your user has been granted permissions to manage Linux containers. 3. Your user has been granted permissions to manage Linux containers.
4. Python 3 has been set up correctly on the machine. 4. Python 3 has been set up correctly on the machine.
5. [Ansible](https://pypi.org/project/ansible/) has been installed. 5. [Ansible](https://pypi.org/project/ansible/) has been installed.
@ -37,7 +37,7 @@ for launching Debian Bookworm linux containers.
Variables Variables
- `lte_container_name` stands for the desired container name that - `lte_container_name` stands for the desired container name that
will be visible when running `lxc ls`. will be visible when running `incus ls`.
- `lte_container_root_pwd` is the password that will be set for - `lte_container_root_pwd` is the password that will be set for
the `root` user in the container named `lte_container_name`. the `root` user in the container named `lte_container_name`.
@ -124,7 +124,7 @@ make sure that the list of prerequisites below has been satisfied.
1. You have access to a machine running a Linux distribution of your 1. You have access to a machine running a Linux distribution of your
choice. choice.
2. [LXD](https://ubuntu.com/lxd) has been installed and initialised on this 2. [incus](https://linuxcontainers.org/incus/docs/main/) has been installed and initialised on this
machine, so that containers can be launched. It will effectively be used as machine, so that containers can be launched. It will effectively be used as
a container hypervisor. a container hypervisor.
3. Your user has been granted permissions to manage Linux containers. 3. Your user has been granted permissions to manage Linux containers.

6
extensions/molecule/default/destroy.yml
View File

@ -5,14 +5,14 @@
gather_facts: false gather_facts: false
tasks: tasks:
- name: find current container state - name: find current container state
ansible.builtin.command: lxc ls {{ item.name }} ansible.builtin.command: incus ls {{ item.name }}
register: state register: state
changed_when: false changed_when: false
with_items: '{{ molecule_yml.platforms }}' with_items: '{{ molecule_yml.platforms }}'
- name: stop and remove running containers - name: stop and remove running containers
ansible.builtin.shell: ansible.builtin.shell:
cmd: | cmd: |
lxc stop {{ item.name }} && \ incus stop {{ item.name }} && \
lxc rm {{ item.name }} incus rm {{ item.name }}
when: state.results[0].rc == 0 and "RUNNING" in state.results[0].stdout when: state.results[0].rc == 0 and "RUNNING" in state.results[0].stdout
with_items: '{{ molecule_yml.platforms }}' with_items: '{{ molecule_yml.platforms }}'

4
extensions/molecule/default/verify.yml
View File

@ -4,14 +4,14 @@
gather_facts: false gather_facts: false
tasks: tasks:
- name: find current container state - name: find current container state
ansible.builtin.command: lxc ls {{ item.name }} ansible.builtin.command: incus ls {{ item.name }}
register: state register: state
with_items: '{{ molecule_yml.platforms }}' with_items: '{{ molecule_yml.platforms }}'
- name: verify launched container is running - name: verify launched container is running
ansible.builtin.assert: ansible.builtin.assert:
that: state.results[0].rc == 0 and "RUNNING" in state.results[0].stdout that: state.results[0].rc == 0 and "RUNNING" in state.results[0].stdout
- name: find container ip address - name: find container ip address
ansible.builtin.command: lxc ls -c=4 -f=compact {{ item.name }} ansible.builtin.command: incus ls -c=4 -f=compact {{ item.name }}
register: ipv4_raw register: ipv4_raw
with_items: '{{ molecule_yml.platforms }}' with_items: '{{ molecule_yml.platforms }}'
- name: set ipv4 address string as a fact - name: set ipv4 address string as a fact

6
roles/linux_container/tasks/container.yml
View File

@ -1,19 +1,19 @@
--- ---
- name: find current container state - name: find current container state
ansible.builtin.command: lxc ls {{ lte_container_name }} ansible.builtin.command: incus ls {{ lte_container_name }}
register: container_state register: container_state
changed_when: false changed_when: false
- name: launch debian bookworm linux container - name: launch debian bookworm linux container
ansible.builtin.shell: ansible.builtin.shell:
cmd: | cmd: |
lxc launch \ incus launch \
images:debian/{{ lte_debian_version }}/cloud \ images:debian/{{ lte_debian_version }}/cloud \
{{ lte_container_name }} {{ lte_container_name }}
when: (container_state.rc == 1) or ("RUNNING" not in container_state.stdout) when: (container_state.rc == 1) or ("RUNNING" not in container_state.stdout)
- name: update apt cache and upgrade system packages - name: update apt cache and upgrade system packages
ansible.builtin.shell: ansible.builtin.shell:
cmd: |- cmd: |-
lxc exec {{ lte_container_name }} -- \ incus exec {{ lte_container_name }} -- \
bash -c \ bash -c \
'/usr/bin/apt update && /usr/bin/apt upgrade -y' '/usr/bin/apt update && /usr/bin/apt upgrade -y'
changed_when: false changed_when: false

14
roles/linux_container/tasks/openssh-server.yml
View File

@ -2,7 +2,7 @@
- name: find systemctl service for openssh-server - name: find systemctl service for openssh-server
ansible.builtin.shell: ansible.builtin.shell:
cmd: |- cmd: |-
lxc exec {{ lte_container_name }} -- \ incus exec {{ lte_container_name }} -- \
systemctl status ssh.service systemctl status ssh.service
register: ssh_service register: ssh_service
changed_when: false changed_when: false
@ -13,14 +13,14 @@
- name: install system package openssh-server - name: install system package openssh-server
ansible.builtin.shell: ansible.builtin.shell:
cmd: |- cmd: |-
lxc exec {{ lte_container_name }} -- \ incus exec {{ lte_container_name }} -- \
apt install -y openssh-server apt install -y openssh-server
register: ssh_pkg register: ssh_pkg
when: not ssh_service_exists when: not ssh_service_exists
- name: check openssh server configuration for root access - name: check openssh server configuration for root access
ansible.builtin.shell: ansible.builtin.shell:
cmd: |- cmd: |-
lxc exec {{ lte_container_name }} -- \ incus exec {{ lte_container_name }} -- \
grep -e "^PermitRootLogin yes$" /etc/ssh/sshd_config grep -e "^PermitRootLogin yes$" /etc/ssh/sshd_config
register: root_access register: root_access
changed_when: false changed_when: false
@ -31,7 +31,7 @@
- name: configure openssh server to allow root access via ssh - name: configure openssh server to allow root access via ssh
ansible.builtin.shell: ansible.builtin.shell:
cmd: |- cmd: |-
lxc exec {{ lte_container_name }} -- \ incus exec {{ lte_container_name }} -- \
sed -i "$ a PermitRootLogin yes" /etc/ssh/sshd_config sed -i "$ a PermitRootLogin yes" /etc/ssh/sshd_config
register: sshd_config register: sshd_config
when: not ssh_root_login_allowed when: not ssh_root_login_allowed
@ -41,7 +41,7 @@
- name: enable openssh server systemd service - name: enable openssh server systemd service
ansible.builtin.shell: ansible.builtin.shell:
cmd: |- cmd: |-
lxc exec {{ lte_container_name }} -- \ incus exec {{ lte_container_name }} -- \
systemctl enable --now ssh.service systemctl enable --now ssh.service
when: ssh_pkg_installed when: ssh_pkg_installed
- name: set fact sshd_config_touched - name: set fact sshd_config_touched
@ -50,11 +50,11 @@
- name: restart openssh server systemd service - name: restart openssh server systemd service
ansible.builtin.shell: ansible.builtin.shell:
cmd: |- cmd: |-
lxc exec {{ lte_container_name }} -- \ incus exec {{ lte_container_name }} -- \
systemctl restart ssh.service systemctl restart ssh.service
when: sshd_config_touched when: sshd_config_touched
- name: find container ip address - name: find container ip address
ansible.builtin.command: lxc ls -c=4 -f=compact {{ lte_container_name }} ansible.builtin.command: incus ls -c=4 -f=compact {{ lte_container_name }}
register: ipv4 register: ipv4
changed_when: false changed_when: false
when: sshd_config_touched when: sshd_config_touched

2
roles/linux_container/tasks/ume.yml
View File

@ -2,7 +2,7 @@
- name: change root user password in container - name: change root user password in container
ansible.builtin.shell: ansible.builtin.shell:
cmd: |- cmd: |-
lxc exec {{ lte_container_name }} -- \ incus exec {{ lte_container_name }} -- \
bash -c \ bash -c \
'echo "root:{{ lte_container_root_pwd }}" | chpasswd' 'echo "root:{{ lte_container_root_pwd }}" | chpasswd'
changed_when: false changed_when: false