The role lxc_host is not fully idempotent.
When the playbooks are stopped between downloading the lxc cache and extracting the trust container rootfs into /var/cache/lxc/trusty/rootfs-amd6, the rerun of the lxc_host role will not extract cached LXC image since the "Move lxc cached image into place" task is dependent on a completed download of the cache file.
Ideally the tasks would check if the destination is empty and the download was successful (sha matches rpc-trusty-container.tgz)
When I tried to rerun the lxc_host role the post download tasks bailed all out :
TASK: [lxc_hosts | Create apt repos in the cached container] ******************
failed: [storage02] => (item={'url': u'http://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz', 'name': 'trusty.tgz', 'chroot_path': 'trusty/rootfs-amd64', 'sha256sum': '56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c'}) => {"failed": true, "item": {"chroot_path": "trusty/rootfs-amd64", "name": "trusty.tgz", "sha256sum": "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c", "url": "http://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz"}}
msg: Destination directory /var/cache/lxc/trusty/rootfs-amd64/etc/apt does not exist
.. output truncated
TASK: [lxc_hosts | Update container resolvers] ********************************
failed: [storage01] => (item={'url': u'http://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz', 'name': 'trusty.tgz', 'chroot_path': 'trusty/rootfs-amd64', 'sha256sum': '56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c'}) => {"failed": true, "item": {"chroot_path": "trusty/rootfs-amd64", "name": "trusty.tgz", "sha256sum": "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c", "url": "http://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz"}}
msg: Destination directory /var/cache/lxc/trusty/rootfs-amd64/run/resolvconf does not exist
.. output truncated
TASK: [lxc_hosts | Update container resolvconf base] **************************
failed: [storage04] => (item={'url': u'http://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz', 'name': 'trusty.tgz', 'chroot_path': 'trusty/rootfs-amd64', 'sha256sum': '56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c'}) => {"failed": true, "item": {"chroot_path": "trusty/rootfs-amd64", "name": "trusty.tgz", "sha256sum": "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c", "url": "http://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz"}}
msg: Destination directory /var/cache/lxc/trusty/rootfs-amd64/etc/resolvconf/resolv.conf.d does not exist
.. output truncated
The problem was fixed with ansible hosts -m shell -a 'rm -f /var/cache/lxc_trusty.tgz' but I would much rather prefer to make the role more mature
I'd like to add I've seen issues with this container image on Kilo. Specifically with compute nodes since they don't use containers, it would make sense to add logic to the playbooks that checked if the host requires the container image at all.