8 exec {'lxc-base-image-created':
9 logoutput => on_failure,
10 command => '/usr/bin/lxc-create -n base-image -t debian -- -r stretch --packages=gnupg2,puppet,lsb-release,debconf-utils && rm -r /var/lib/lxc/base-image/rootfs/var/lib/apt/lists',# gnupg2 needed for puppet managing apt-keys
11 unless => '/usr/bin/test -d /var/lib/lxc/base-image',
14 define container ($contname, $ip, $dir = [], $bind = {}, $confline = []) {
15 exec {"lxc-$contname-issue-cert":
16 command => "/usr/bin/puppet ca destroy \"$contname\";/usr/bin/puppet ca generate \"$contname\"",
17 unless => "/usr/bin/[ -f /var/lib/puppet/ssl/private_keys/$contname.pem ] && /usr/bin/[ -f /var/lib/puppet/ssl/certs/$contname.pem ]",
18 before => Exec["lxc-$contname-started"]
21 exec{ "lxc-$contname-created":
22 logoutput => on_failure,
23 command => "/usr/bin/lxc-copy -n base-image -N $contname",
24 unless => "/usr/bin/test -d /var/lib/lxc/$contname",
26 require => [Package['lxc'],Exec['lxc-base-image-created']],
27 } -> file_line {"lxc-$contname-conf1":
28 path => "/var/lib/lxc/$contname/config",
29 line => 'lxc.network.type = veth',
30 notify => Exec["lxc-$contname-started"],
31 } -> file_line {"lxc-$contname-conf2":
32 path => "/var/lib/lxc/$contname/config",
33 line => 'lxc.network.link = lxcbr0',
34 notify => Exec["lxc-$contname-started"],
35 } -> file_line {"lxc-$contname-conf3":
36 path => "/var/lib/lxc/$contname/config",
37 line => 'lxc.network.flags = up',
38 notify => Exec["lxc-$contname-started"],
39 } -> file_line {"lxc-$contname-conf4":
40 path => "/var/lib/lxc/$contname/config",
41 line => "lxc.network.ipv4 = $ip/24",
42 notify => Exec["lxc-$contname-started"],
43 } -> file_line {"lxc-$contname-conf5":
44 path => "/var/lib/lxc/$contname/config",
45 line => 'lxc.network.ipv4.gateway = 10.0.3.1',
46 notify => Exec["lxc-$contname-started"],
47 } -> file_line {"lxc-$contname-network":
48 path => "/var/lib/lxc/$contname/rootfs/etc/network/interfaces",
49 line => 'iface eth0 inet manual',
50 match => '^iface eth0 inet',
51 notify => Exec["lxc-$contname-started"],
52 } -> exec {"lxc-$contname-started":
55 refresh => "/usr/bin/lxc-stop -n $contname ; /usr/bin/lxc-start -dn $contname",
56 }-> exec {"lxc-$contname-started1":
57 command => "/usr/bin/lxc-start -dn $contname",
58 unless => "/usr/bin/[ \"\$(lxc-info -Hsn $contname)\" != \"STOPPED\" ]",
60 $dir.each |String $in| {
61 file { "/var/lib/lxc/$contname/rootfs/$in":
62 ensure => 'directory',
63 notify => Exec["lxc-$contname-started"],
64 require => File_line["lxc-$contname-conf5"]
67 $bind.each |String $out, Struct[{target=>String, Optional[option]=>String}] $in| {
68 file_line { "lxc-$contname-mount-$out":
69 path => "/var/lib/lxc/$contname/config",
70 line => "lxc.mount.entry = $out ${in[target]} none bind${in[option]} 0 0",
71 require=> [File_line["lxc-$contname-conf5"], File["$out"]],
72 notify => Exec["lxc-$contname-started"],
75 file {"/data/log/$contname":
78 file_line { "lxc-$contname-mount-journal":
79 path => "/var/lib/lxc/$contname/config",
80 line => "lxc.mount.entry = /data/log/$contname var/log/journal none bind 0 0",
81 require=> File_line["lxc-$contname-conf5"],
82 notify => Exec["lxc-$contname-started"],
84 file {"/var/lib/lxc/$contname/rootfs/var/log/journal":
85 ensure => 'directory',
86 notify => Exec["lxc-$contname-started"],
87 require => File_line["lxc-$contname-conf5"]
89 $confline.each |Integer $idx, String $in| {
90 file_line { "lxc-$contname-confline-extra-$idx":
91 path => "/var/lib/lxc/$contname/config",
93 require=> File_line["lxc-$contname-conf5"],
94 notify => Exec["lxc-$contname-started"],
97 file {"/var/lib/lxc/$contname/rootfs/var/lib/puppet":
98 ensure => 'directory',
99 require => Exec["lxc-$contname-created"]
101 file {"/var/lib/lxc/$contname/rootfs/var/lib/puppet/ssl":
102 ensure => 'directory'
104 file {"/var/lib/lxc/$contname/rootfs/var/lib/puppet/ssl/private_keys/":
105 ensure => 'directory'
107 file {"/var/lib/lxc/$contname/rootfs/var/lib/puppet/ssl/certs/":
108 ensure => 'directory'
110 Exec["lxc-$contname-started1"] ->
111 file_line {"lxc-$contname-hosts":
112 path => "/var/lib/lxc/$contname/rootfs/etc/hosts",
113 line => '10.0.3.1 puppet puppet.lan host01';
115 file_line {"lxc-$contname-hosts-local":
116 path => "/var/lib/lxc/$contname/rootfs/etc/hosts",
117 line => "127.0.0.1 $contname"
119 file_line {"lxc-$contname-resolv1":
120 path => "/var/lib/lxc/$contname/rootfs/etc/resolv.conf",
122 match_for_absence => "true",
126 file_line {"lxc-$contname-resolv2":
127 path => "/var/lib/lxc/$contname/rootfs/etc/resolv.conf",
129 match_for_absence => "true",
133 exec {"lxc-$contname-install-puppet":
134 command => "/usr/bin/lxc-attach -n \"$contname\" -- apt-get update && /usr/bin/lxc-attach -n \"$contname\" -- apt-get install -y puppet",
136 creates => "/var/lib/lxc/$contname/rootfs/usr/bin/puppet"
138 file {"/var/lib/lxc/$contname/rootfs/var/lib/puppet/ssl/private_keys/$contname.pem":
139 source => "file:///var/lib/puppet/ssl/private_keys/$contname.pem",
140 notify => Exec["lxc-$contname-puppet-restart"],
142 file {"/var/lib/lxc/$contname/rootfs/var/lib/puppet/ssl/certs/$contname.pem":
143 source => "file:///var/lib/puppet/ssl/certs/$contname.pem",
144 notify => Exec["lxc-$contname-puppet-restart"],
146 exec {"lxc-$contname-puppet-restart":
147 command => "/usr/bin/lxc-attach -n $contname -- systemctl stop puppet",
149 refreshonly => 'true'
151 exec {"lxc-$contname-refresh":
152 command => "/usr/bin/lxc-attach -n $contname -- puppet agent --onetime --no-daemonize --verbose",
154 # TODO figure out a way to verify puppet launches
155 creates => "/var/lib/lxc/$contname/rootfs/certified"
156 ##creates => "/var/lib/lxc/$contname/rootfs/lib/systemd/system/puppet.service"
158 exec {"lxc-$contname-puppet-start":
159 command => "/usr/bin/lxc-attach -n $contname -- systemctl start puppet",
161 refreshonly => 'true'