Current Series Release Notes

18.0.0.0b1-127

New Features

  • You can set a private repository for epel, you must use lxc_centos_epel_mirror for the repo URL and if you need to get the GPG key from intranet or a mirror use lxc_centos_epel_key for gpg key location.

Bug Fixes

  • Newer releases of CentOS ship a version of libnss that depends on the existence of /dev/random and /dev/urandom in the operating system in order to run. This causes a problem during the cache preparation process which runs inside chroot that does not contain this, resulting in errors with the following message.

    error: Failed to initialize NSS library
    

    This has been resolved by introducing a /dev/random and /dev/urandom inside the chroot-ed environment.

  • With the release of CentOS 7.6, deployments were breaking and becoming very slow when we restart dbus in order to catch some PolicyKit changes. However, those changes were never actaully used so they were happening for no reason. We no longer make any modifications to the systemd-machined configuration and/or PolicyKit to maintain upstream compatibility.

18.0.0.0b1

New Features

  • The option lxc_hosts_container_image_url has been added allowing deployers to define their base image url to whatever it needs to be removing the requirement for operators to maintain an internal LXC index in the event they want to host a private repository.

  • The option lxc_hosts_container_image_download_legacy has been added allowing a deployer to enable the use of the legacy lxc image repository. This option is a Boolean and has a default of false.

  • The variable lxc_user_defined_container has been added to the lxc_hosts role allowing deployers to define the variable file loaded when preparing a base container image. This option defaults to using a base image most closely associated with the underlying OS however should a deployer need, this option can be used to customize the base container image for a given host.

  • An option to disable the machinectl quota system has been changed. The variable lxc_host_machine_quota_disabled is a Boolean with a default of false. When this option is set to true it will disable the machinectl quota system.

  • The options lxc_host_machine_qgroup_space_limit and lxc_host_machine_qgroup_compression_limit have been added allowing a deployer to set qgroup limits as they see fit. The default value for these options is “none” which is effectively unlimited. These options accept any nominal size value followed by the single letter type, example 64G. These options are only effective when the option lxc_host_machine_quota_disabled is set to false.

Deprecation Notes

  • The variable lxc_image_cache_server_mirrors has been deprecated in the “lxc_hosts” role. This option has been replaced by the static variable lxc_hosts_container_image_url. This variable will continue to function as a single element list allowing existing automation to function when in legacy image mode but should not be considered in use by default.

  • The variable lxc_image_cache_server has been deprecated in the lxc_hosts role. This option has been replaced by the static variable lxc_hosts_container_image_url.

  • The option cache_prep_commands from lxc_cache_map has been removed. This option has been converted to a template file within the lxc_hosts role. In order to set specific cache commands within the template it is recommended that deployers set lxc_cache_prep_pre_commands or lxc_cache_prep_post_commands. If the entire prep script needs to be overridden deployers can set lxc_cache_prep_template to the full local path of the prep template and the role will use this script irrespective of the base container type.

Other Notes

  • The use of images.linuxcontainers.org is no longer required. While the images provided by that build system are perfectly functional they have been less than optimal in a lot ways for a very long time. The lxc_hosts role will now pull a base image from the upstream distro being deployed. If a deployer wishes to continue using the images from images.linuxcontainers.org they are welcome to but it is no longer forced.