Ansible LXC automation on unraid

[ravenliquid]

I have Unraid running bare metal on an HP Gen 8 microserver because I couldn't get PCI passthrough working for the raid card.

My original choise was to run it on Proxmox but I thought it would be fine as I wanted to automate most stuff through ansible ans there is a LXC plugin.

 

So part of that plan worked, until I found out that Unraid runs Slackware, and slackware is basically everything I hated about Linux years ago before. 

 

The issue: I can't get the lxc-container module from ansible working on Unraid because it depends on python3-lxc.

Not a problem on debian as there is a package, big issue on slackware as I cannot get it to build from source due to the dependency hell I have to solve.

 

I'm getting a bit desperate, so I'm kind of afraid I'm going to break the OS.

I installed NerdTools, but it doesn't list anything I need.

I installed packages through upgradepkg from pkgs.org (first ofcourse the wrong ones for 14.2 until I figured out my OS is 15)
- pkg-config

- gcc

- gcc g++

 

And then I hit a nice error about limits.h

root@Tower:~/repos/python3-lxc# python3 setup.py build
running build
running build_py
running build_ext
Package lxc was not found in the pkg-config search path.
Perhaps you should add the directory containing `lxc.pc'
to the PKG_CONFIG_PATH environment variable
No package 'lxc' found
building '_lxc' extension
gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -fPIC -I/usr/include/python3.9 -c lxc.c -o build/temp.linux-x86_64-cpython-39/lxc.o
In file included from /usr/lib64/gcc/x86_64-slackware-linux/11.2.0/include-fixed/syslimits.h:7,
                 from /usr/lib64/gcc/x86_64-slackware-linux/11.2.0/include-fixed/limits.h:34,
                 from /usr/include/python3.9/Python.h:11,
                 from lxc.c:25:
/usr/lib64/gcc/x86_64-slackware-linux/11.2.0/include-fixed/limits.h:203:15: fatal error: limits.h: No such file or directory
  203 | #include_next <limits.h>                /* recurse down to the real one */
      |               ^~~~~~~~~~
compilation terminated.
error: command '/usr/bin/gcc' failed with exit code 1

 

Which I just can't fix and can't find a solution for.

 

I installed slackpg hoping it would fix dependencies but no luck.

I installed kernel-headers from there as I read some where it should contain the header. 

 

But no luck.

 

I'm also not quite sure if the error about lxc is an issue.

 

I would appreciate any help pointing me in a direction that helps m

[trurl]

Unraid is a stripped down Slackware intended as NAS and hosting dockers and VMs. It is not a general purpose Linux

 

Suggest you pursue the docker or VM approach for your purposes.

[ravenliquid]

What do you mean? Neither docker or a VM is a solution here. 

I cannot virtualize Unraid due to some hardware/driver issue that prevents me from giving unraid direct disk access, and there is nothing to virtualize otherwise.

 

Ansible is not running on the machine that runs Unraid, I just want to provision it from Ansible. 

I don't need a general purpose Linux, I just need the LXC plugin from the Unraid plugin frontend and python bindings for it.

The only part that doesn't work is the bindings because I would need to compile them as there is no precompiled slackware package available.

[ich777]

2 hours ago, ravenliquid said:

LXC plugin

May I ask what do you want to do exactly? I'm not too familiar with Ansible but I think it is used for automation and setting up all kinds of software correct?

 

The plugin supports everything that LXC can do with the exclusion of LXD which is I think needed for for Ansible or am I wrong?

 

The main reason why I don't use LXD is because Unraid doesn't ship with Python and Python is needed for LXD. Strictly speaking you don't have to use LXD in combination with LXC.

 

I'm planing LXC "Templates" in a upcoming release which can be pulled from the CA App but I have no ETA for that and I think this is not really suitable for you.

[ravenliquid]

Ansible is indeed used for automation, it uses SSH connections to run tasks on remote systems. Most of these tasks are modules build with python.

The module I want to use allows Ansible to create and run commands in LXC containers, but the module is build on top of python3-lxc. A python library for interfacing with LXC.

 

I created a lot of playbooks for proxmox to create containers and install applications with automatic backup and restore so that they can be quickly and easily deployed anywhere without much knowledge and configuration. I modified them to also support the lxc module (proxmox has it's own that works a little different).

 

LXD is a different module so I don't think there is a dependency.

 

The most basic functionality I need is remote creation and start, SSH root access and the IP address it got after creation. If Ansible can do those steps, it can then switch to SSH in the container and continue as normal (setup users, applications, restore backups etc.).

[ich777]

13 hours ago, ravenliquid said:

Ansible is indeed used for automation, it uses SSH connections to run tasks on remote systems. Most of these tasks are modules build with python.

Sorry that I'm not more familiar with it, I've only heard about it and saw it on Youtube a few times mentioned.

 

13 hours ago, ravenliquid said:

python3-lxc

Is this maybe also available via pip? If yes you could of course install it on Unraid.

BTW: you can also try un-get to install packages to Unraid, I didn't made it available through the CA App since this is of course for advanced users and because Unraid isn't meant as general purpose Server, you can get it here: Click

To install it you have to open the .plg file on GitHub as RAW and past the RAW link in the Install Plugin section from Unraid.

 

13 hours ago, ravenliquid said:

The most basic functionality I need is remote creation and start, SSH root access and the IP address it got after creation. If Ansible can do those steps, it can then switch to SSH in the container and continue as normal (setup users, applications, restore backups etc.).

So if I understand that correctly the workflow or what Ansible does in your playbook would be something like:

1. Create the container (something like: lxc-create --name Debian --template download -- --dist debian --release bookworm --arch amd64)
2. Start the container (something like: lxc-start --name Debian)
3. Create a user and install SSH (or allow root to connect to it I assume with lxc-attach of some kind)
4. Get the IP address from the container (with lxc-info I assume)
5. Connect through SSH to the container

If yes, this is pretty cool and is something that I'm trying to implement but through a XML file where it does basically the same (except for the SSH part) and you can pull it through the CA App.

 

Anyways, I've now also saw that Ansible is part of IBM and in the longer run Red Hat and I think I'm not going to look further into that because Red Hat now hide their "open source" code from RHEL behind a subscription model which is somewhat against the GPL and also not <- I really don't like that...

 

I'm sorry because of the late answer but I miss many things if one doesn't quote or mention me in the reply.

 

EDIT: It looks like that's available as a pip package: Click

So to speak something like this would be possible (I think) if you are using un-get:

un-get update
un-get install python3 python-pip
pip install lxc

(I'm not sure but it at least should...)

[ravenliquid]

Didn't know it was available on pip.

Tried it but it boils down to the same issue: it tries to build it and thus I get the exact same error.

 

Did some more digging and I figured out it expects the limits.h to be in /usr/include.

It is not there of course, and I don't quite understand what does place those files there. I though kernel-headers would be the source but I guess those go in to the /usr/include/linux subfolder.

 

I think it comes down to missing part of the build toolchain (I'm more of a Debian user which has a package for that, and also a .net developer so the C/C++ tool chains is something I have avoided for many years now since I last used it. For this exact reason... dependencies, includes and libs).

 

I don't know if this exists, but would a solution be to find something like a slackware VM image that has all those things out of the box? A slackware dev box? And then build and copy the binary?

 

I don't know how your toolchain looks like for the stuff you make for unraid, but I guess this is something you run in to as well?

 

I agree with you on the whole Red Hat issue, they have been making dumb choices for a while now. Something to keep in mind down the line, especially considering Ansible is heavily supported by the community.

 

But Unraid is also not in the open source regard, I can get behind the paid license but it would be nice if the rest was more open to build your own and not be as restricted.

[ich777]

4 hours ago, ravenliquid said:

Didn't know it was available on pip.

Tried it but it boils down to the same issue: it tries to build it and thus I get the exact same error.

I will spin up my test server and try it there, as said, haven't tried it yet.

 

4 hours ago, ravenliquid said:

Did some more digging and I figured out it expects the limits.h to be in /usr/include.

limits.h is missing because Unraid needs to be as small as possible in terms of size because it runs out of RAM and it doesn't ship with all the files that you need to compile.

 

4 hours ago, ravenliquid said:

I don't know if this exists, but would a solution be to find something like a slackware VM image that has all those things out of the box? A slackware dev box? And then build and copy the binary?

 

I don't know how your toolchain looks like for the stuff you make for unraid, but I guess this is something you run in to as well?

I build most of the things in a Debian and also Slackware Docker container customized to my needs.

 

4 hours ago, ravenliquid said:

But Unraid is also not in the open source regard, I can get behind the paid license but it would be nice if the rest was more open to build your own and not be as restricted.

Yes, but if you can build it for Debian or Slackware then it can run on Unraid.

Give me a bit I will look into this, it is of course a bit more complicated because you need Pyhton3 too which is, because of the above mentioned reason, not part of Unraid by default.

 

Don't know if I can make it today because I'm pretty exhausted by real life but I will try and let you know.

[ravenliquid]

Didn't think about using Debian to build the package. But I have to say my Linux knowledge about portability is not that great. 

 

Python3 I just pulled from the plugins. It also included pip and some other stuff. 

 

And don't sweat it, if it is something I can figure out I'm happy enough with the information you already provided. 

 

Edited June 28, 2023 by ravenliquid

[ich777]

@ravenliquid done. Seems to be working now but this is only a test package which I will make available through un-get if you confirm that it is working properly...

 

Please place the attached file somewhere on your server and then navigate to that directory and issue from the terminal:

installpkg python3_lxc-5.0.0.txz

 

After that it should work, I just tried to start a container and it is working.

 

However I would strongly recommend that you first unistall all packages that you've installed so far for Python3, setuptools, pip,... to make sure that it is working and install python3 afterwards through un-get with:

un-get update
un-get install python3

 

As said above just use un-get because it is a apt style package download thingi (no not a package manager).

 

Please confirm that everything is working properly and I will add it to my Slackware repo over here which you can also then add to un-get: Click

python3_lxc-5.0.0.txz

 

Here is also a picture from what I've tried:

[ravenliquid]

It seems to be working! Managed to create a container through Ansible.

Had some issues with starting until I copied the root and config path patterns from a container created trough the UI.

 

Only thing not working seems to be the network so I'll have to see how to copy that as it just seems not set.

 

Something for tomorrow, been a long day and I'm very happy with my progress so far all thanks to you!

 

Edit:

Networking also works as well as running commands from ansible in the container to setup ssh. 

 

And that is enough to reconnect via ssh and run all the container setup without the need for anything else on the Unraid host.

Edited June 29, 2023 by ravenliquid
Did more testing

[ich777]

On 6/28/2023 at 10:14 PM, ravenliquid said:

Edit:

Networking also works as well as running commands from ansible in the container to setup ssh. 

 

And that is enough to reconnect via ssh and run all the container setup without the need for anything else on the Unraid host.

So everything is working?

Anyways, I've now built the package and it is available in my Slackware repository from above.

 

I would strongly recommend to install it via un-get (you need to add the repository to un-get which is described how to add it in the Slackware repo).

 

After that simply run:

un-get update
un-get install python3 python3-lxc

 

Packages installed through un-get are also installed on each boot so that you don't have to do it manually.

 

Hope that helps.

[ravenliquid]

Everything is working great, I can even get the IP from the ansible module return value after running the SSH setup commands in the container. 

So I can just get the IP from the result and reconnect via SSH right away without having to resolve the IP from the hostname.

 

Thanks! I'll set it up with un-get.

 

One more question regarding the template parameter:
It currently uses "/usr/share/lxc/templates/lxc-download", which suggests it will download the template. There is also lxc-local (or something similar, can't check right now).

Should it check local first and if not available download the template or does it automatically do this with lxc-download? 

(I pulled the path from a UI created container config, just like the other values I needed).