Pike Series Release Notes


Bug Fixes

  • Newer releases of CentOS ship a version of libnss that depends on the existance of /dev/random and /dev/urandom in the operating system in order to run. This causes a problem during the cache preparation process which runs inside chroot that does not contain this, resulting in errors with the following message:

    error: Failed to initialize NSS library

    This has been resolved by introducing a /dev/random and /dev/urandom inside the chroot-ed environment.

  • With the release of CentOS 7.6, deployments were breaking and becoming very slow when we restart dbus in order to catch some PolicyKit changes. However, those changes were never actaully used so they were happening for no reason. We no longer make any modifications to the systemd-machined configuration and/or PolicyKit to maintain upstream compatibility.


New Features

  • An option to disable the machinectl quota system has been added. The variable lxc_host_machine_quota_disabled is a Boolean with a default of true. When this option is set to true it will disable the machinectl quota system.

Upgrade Notes

  • The variable lxc_host_machine_volume_size now accepts any valid size modifier acceptable by truncate -s and machinectl set-limit. prior to this change the option assumed an integer was set for some value in gigabytes. All acceptable values can be seen within the documentation for machinectl

Other Notes

  • The variable lxc_host_machine_volume_size is used to set the size of the default sparse file as well as define a limit within the machinectl quota system. When the machinectl quota system is enabled deployers should appropriately set this value to the size of the container volume, even when not using a sparse file.

  • The container image cache within machinectl has been set to “64G” by default.


New Features

  • The lxcbr0 bridge now allows NetworkManager to control it, which allows for networks to start in the correct order when the system boots. In addition, the NetworkManager-wait-online.service is enabled to ensure that all services that require networking to function, such as keepalived, will only start when network configuration is complete. These changes are only applied if a deployer is actively using NetworkManager in their environment.


Other Notes

  • CentOS deployments require a special COPR repository for modern LXC packages. The COPR repository is not mirrored at this time and this causes failed gate tests and production deployments.

    The role now syncs the LXC packages down from COPR to each host and builds a local LXC package repository in /opt/thm-lxc2.0. This greatly reduces the amount of times that packages must be downloaded from the COPR server during deployments, which will reduce failures until the packages can be hosted with a more reliable source.

    In addition, this should speed up playbook runs since yum can check a locally-hosted repository instead of a remote repository with availability and performance challenges.


New Features

  • The maximum amount of time to wait until forcibly failing the LXC cache preparation process is now configurable using the lxc_cache_prep_timeout variable. The value is specified in seconds, with the default being 20 minutes.

  • A new LXC container template has been added which will allow us to better manage containers on the host machines we support. The new template uses the machinectl command to create container rootfs using the existing cache. This in-turn will provide easier management of container images, faster build times, and the ability to instantly clone a container (or a given variant) without impacting a containers state. This new lxc container create template, and the features it provides, will only impact new containers created allowing deployers to safely adopt this change in any existing environment.


New Features

  • Deployers can set lxc_hosts_opensuse_mirror_url to use their preferred mirror for the openSUSE repositories. They can also set the lxc_hosts_opensuse_mirror_obs_url if they want to set a different mirror for the OBS repositories. If they want to use the same mirror in both cases then they can leave the latter variable to its default value. The full list of mirrors and their capabilities can be obtained at http://mirrors.opensuse.org/


New Features

  • The COPR repository for installing LXC on CentOS 7 is now set to a higher priority than the default to ensure that LXC packages always come from the COPR repository.

  • LXC on CentOS is now installed via package from a COPR repository rather than installed from the upstream source.

  • The variable lxc_net_manage_iptables has been added. This variable can be overridden by deployers if system wide iptables rules are already in place or managed by deployers chioce.

  • Add support for Ubuntu on IBM z Systems (s390x).