}->
exec {'lxc-base-image-created':
logoutput => on_failure,
- command => '/usr/bin/lxc-create -n base-image -t debian -- -r stretch --packages=gnupg2,puppet,lsb-release,debconf-utils',# gnupg2 needed for puppet managing apt-keys
+ command => '/usr/bin/lxc-create -n base-image -t debian -- -r stretch --packages=gnupg2,puppet,lsb-release,debconf-utils && rm -r /var/lib/lxc/base-image/rootfs/var/lib/apt/lists',# gnupg2 needed for puppet managing apt-keys
unless => '/usr/bin/test -d /var/lib/lxc/base-image',
timeout => '0'
}
+ package {'bridge-utils':
+ ensure => 'installed'
+ } -> file {'/etc/network/interfaces.d/lxcbr0':
+ source => 'puppet:///modules/lxc/lxcbr0'
+ } ~> exec{'stop all containers':
+ command => '/bin/bash -c \'for i in $(lxc-ls); do if [[ $i != base-image ]]; then lxc-stop -n "$i"; fi; done\'',
+ refreshonly => true,
+ } -> exec {'ifup lxcbr0':
+ command => '/sbin/ifdown lxcbr0; /sbin/ifup lxcbr0',
+ refreshonly => true,
+ subscribe => File['/etc/network/interfaces.d/lxcbr0']
+ }
define container ($contname, $ip, $dir = [], $bind = {}, $confline = []) {
exec {"lxc-$contname-issue-cert":
command => "/usr/bin/puppet ca destroy \"$contname\";/usr/bin/puppet ca generate \"$contname\"",
unless => "/usr/bin/[ -f /var/lib/puppet/ssl/private_keys/$contname.pem ] && /usr/bin/[ -f /var/lib/puppet/ssl/certs/$contname.pem ]",
before => Exec["lxc-$contname-started"]
}
+ $ipv6 = $ipsv6[$contname]
exec{ "lxc-$contname-created":
logoutput => on_failure,
path => "/var/lib/lxc/$contname/config",
line => 'lxc.network.ipv4.gateway = 10.0.3.1',
notify => Exec["lxc-$contname-started"],
+ } -> file_line {"lxc-$contname-conf6":
+ path => "/var/lib/lxc/$contname/config",
+ line => "lxc.network.ipv6 = $ipv6/64",
+ match => '^lxc\.network\.ipv6 =',
+ notify => Exec["lxc-$contname-started"],
+ } -> file_line {"lxc-$contname-conf7":
+ path => "/var/lib/lxc/$contname/config",
+ line => 'lxc.network.ipv6.gateway = fc00:0001::0000:0001',
+ match => '^lxc\.network\.ipv6\.gateway =',
+ notify => Exec["lxc-$contname-started"],
} -> file_line {"lxc-$contname-network":
path => "/var/lib/lxc/$contname/rootfs/etc/network/interfaces",
line => 'iface eth0 inet manual',
file_line { "lxc-$contname-mount-$out":
path => "/var/lib/lxc/$contname/config",
line => "lxc.mount.entry = $out ${in[target]} none bind${in[option]} 0 0",
- require=> File_line["lxc-$contname-conf5"],
+ require=> [File_line["lxc-$contname-conf5"], File["$out"]],
notify => Exec["lxc-$contname-started"],
}
}
file {"/var/lib/lxc/$contname/rootfs/var/lib/puppet/ssl/certs/$contname.pem":
source => "file:///var/lib/puppet/ssl/certs/$contname.pem",
notify => Exec["lxc-$contname-puppet-restart"],
- } ->
+ }
exec {"lxc-$contname-puppet-restart":
- command => "/usr/bin/lxc-attach -n $contname -- systemctl restart puppet",
+ command => "/usr/bin/lxc-attach -n $contname -- systemctl stop puppet",
timeout => '0',
refreshonly => 'true'
- } ->
+ } ~>
exec {"lxc-$contname-refresh":
command => "/usr/bin/lxc-attach -n $contname -- puppet agent --onetime --no-daemonize --verbose",
timeout => '0',
# TODO figure out a way to verify puppet launches
creates => "/var/lib/lxc/$contname/rootfs/certified"
##creates => "/var/lib/lxc/$contname/rootfs/lib/systemd/system/puppet.service"
+ } ~>
+ exec {"lxc-$contname-puppet-start":
+ command => "/usr/bin/lxc-attach -n $contname -- systemctl start puppet",
+ timeout => '0',
+ refreshonly => 'true'
}
}