]> WPIA git - infra.git/blob - modules/lxc/manifests/init.pp
projects / infra.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
upd: copy base image instead of creating fresh
[infra.git] / modules / lxc / manifests / init.pp
1 class lxc {
2     file {"/data/log":
3         ensure => 'directory'
4     }
5     package{ 'lxc':
6         ensure => 'installed'
7     }->
8     exec {'lxc-base-image-created':
9         logoutput => on_failure,
10         command => '/usr/bin/lxc-create -n base-image -t debian -- -r stretch --packages=gnupg2,puppet,lsb-release,debconf-utils',# gnupg2 needed for puppet managing apt-keys
11         unless => '/usr/bin/test -d /var/lib/lxc/base-image',
12         timeout => '0'
13     }
14     define container ($contname, $ip, $dir = [], $bind = {}, $confline = []) {
15         exec {"lxc-$contname-issue-cert":
16           command => "/usr/bin/puppet ca destroy \"$contname\";/usr/bin/puppet ca generate \"$contname\"",
17           unless => "/usr/bin/[ -f /var/lib/puppet/ssl/private_keys/$contname.pem ] && /usr/bin/[ -f /var/lib/puppet/ssl/certs/$contname.pem ]",
18           before => Exec["lxc-$contname-started"]
19         }
20
21         exec{ "lxc-$contname-created":
22             logoutput => on_failure,
23             command   => "/usr/bin/lxc-copy -n base-image -N $contname",
24             unless    => "/usr/bin/test -d /var/lib/lxc/$contname",
25             timeout   => '0',
26             require   => [Package['lxc'],Exec['lxc-base-image-created']],
27         } -> file_line {"lxc-$contname-conf1":
28             path   => "/var/lib/lxc/$contname/config",
29             line   => 'lxc.network.type = veth',
30             notify => Exec["lxc-$contname-started"],
31         } -> file_line {"lxc-$contname-conf2":
32             path   => "/var/lib/lxc/$contname/config",
33             line   => 'lxc.network.link = lxcbr0',
34             notify => Exec["lxc-$contname-started"],
35         } -> file_line {"lxc-$contname-conf3":
36             path   => "/var/lib/lxc/$contname/config",
37             line   => 'lxc.network.flags = up',
38             notify => Exec["lxc-$contname-started"],
39         } -> file_line {"lxc-$contname-conf4":
40             path   => "/var/lib/lxc/$contname/config",
41             line   => "lxc.network.ipv4 = $ip/24",
42             notify => Exec["lxc-$contname-started"],
43         } -> file_line {"lxc-$contname-conf5":
44             path   => "/var/lib/lxc/$contname/config",
45             line   => 'lxc.network.ipv4.gateway = 10.0.3.1',
46             notify => Exec["lxc-$contname-started"],
47         } -> file_line {"lxc-$contname-network":
48             path   => "/var/lib/lxc/$contname/rootfs/etc/network/interfaces",
49             line   => 'iface eth0 inet manual',
50             match  => '^iface eth0 inet',
51             notify => Exec["lxc-$contname-started"],
52         } -> exec {"lxc-$contname-started":
53             path => '/usr/bin',
54             refreshonly   => true,
55             refresh   => "/usr/bin/lxc-stop -n $contname ; /usr/bin/lxc-start -dn $contname",
56         }-> exec {"lxc-$contname-started1":
57             command   => "/usr/bin/lxc-start -dn $contname",
58             unless    => "/usr/bin/[ \"\$(lxc-info -Hsn $contname)\" != \"STOPPED\" ]",
59         }
60         $dir.each |String $in| {
61           file { "/var/lib/lxc/$contname/rootfs/$in":
62             ensure  => 'directory',
63             notify => Exec["lxc-$contname-started"],
64             require => File_line["lxc-$contname-conf5"]
65           }
66         }
67         $bind.each |String $out, Struct[{target=>String, Optional[option]=>String}] $in| {
68           file_line { "lxc-$contname-mount-$out":
69            path   => "/var/lib/lxc/$contname/config",
70            line   => "lxc.mount.entry = $out ${in[target]} none bind${in[option]} 0 0",
71            require=> File_line["lxc-$contname-conf5"],
72            notify  => Exec["lxc-$contname-started"],
73           }
74         }
75         file {"/data/log/$contname":
76            ensure => 'directory'
77         }->
78         file_line { "lxc-$contname-mount-journal":
79            path   => "/var/lib/lxc/$contname/config",
80            line   => "lxc.mount.entry = /data/log/$contname var/log/journal none bind 0 0",
81            require=> File_line["lxc-$contname-conf5"],
82            notify  => Exec["lxc-$contname-started"],
83         }
84         file {"/var/lib/lxc/$contname/rootfs/var/log/journal":
85             ensure  => 'directory',
86             notify => Exec["lxc-$contname-started"],
87             require => File_line["lxc-$contname-conf5"]
88         }
89         $confline.each |Integer $idx, String $in| {
90          file_line { "lxc-$contname-confline-extra-$idx":
91            path   => "/var/lib/lxc/$contname/config",
92            line   => "$in",
93            require=> File_line["lxc-$contname-conf5"],
94            notify  => Exec["lxc-$contname-started"],
95          }
96         }
97         file {"/var/lib/lxc/$contname/rootfs/var/lib/puppet":
98              ensure => 'directory',
99              require => Exec["lxc-$contname-created"]
100         }
101         file {"/var/lib/lxc/$contname/rootfs/var/lib/puppet/ssl":
102              ensure => 'directory'
103         }
104         file {"/var/lib/lxc/$contname/rootfs/var/lib/puppet/ssl/private_keys/":
105              ensure => 'directory'
106         }
107         file {"/var/lib/lxc/$contname/rootfs/var/lib/puppet/ssl/certs/":
108              ensure => 'directory'
109         }
110         Exec["lxc-$contname-started1"] ->
111         file_line {"lxc-$contname-hosts":
112             path   => "/var/lib/lxc/$contname/rootfs/etc/hosts",
113             line   => '10.0.3.1 puppet puppet.lan host01';
114         }->
115         file_line {"lxc-$contname-hosts-local":
116             path   => "/var/lib/lxc/$contname/rootfs/etc/hosts",
117             line   => "127.0.0.1 $contname"
118         }->
119         file_line {"lxc-$contname-resolv1":
120             path   => "/var/lib/lxc/$contname/rootfs/etc/resolv.conf",
121             ensure => 'absent',
122             match_for_absence => "true",
123             match  => '^domain ',
124             line   => ''
125         }->
126         file_line {"lxc-$contname-resolv2":
127             path   => "/var/lib/lxc/$contname/rootfs/etc/resolv.conf",
128             ensure => 'absent',
129             match_for_absence => "true",
130             match  => '^search ',
131             line   => ''
132         } ->
133         exec {"lxc-$contname-install-puppet":
134           command => "/usr/bin/lxc-attach -n \"$contname\" -- apt-get update && /usr/bin/lxc-attach -n \"$contname\" -- apt-get install -y puppet",
135           timeout => '0',
136           creates => "/var/lib/lxc/$contname/rootfs/usr/bin/puppet"
137         } ->
138         file {"/var/lib/lxc/$contname/rootfs/var/lib/puppet/ssl/private_keys/$contname.pem":
139           source => "file:///var/lib/puppet/ssl/private_keys/$contname.pem",
140           notify => Exec["lxc-$contname-puppet-restart"],
141         } ->
142         file {"/var/lib/lxc/$contname/rootfs/var/lib/puppet/ssl/certs/$contname.pem":
143           source => "file:///var/lib/puppet/ssl/certs/$contname.pem",
144           notify => Exec["lxc-$contname-puppet-restart"],
145         } ->
146         exec {"lxc-$contname-puppet-restart":
147           command => "/usr/bin/lxc-attach -n $contname -- systemctl restart puppet",
148           timeout   => '0',
149           refreshonly => 'true'
150         } ->
151         exec {"lxc-$contname-refresh":
152           command => "/usr/bin/lxc-attach -n $contname -- puppet agent --onetime --no-daemonize --verbose",
153           timeout   => '0',
154           # TODO figure out a way to verify puppet launches
155           creates => "/var/lib/lxc/$contname/rootfs/certified"
156           ##creates => "/var/lib/lxc/$contname/rootfs/lib/systemd/system/puppet.service"
157         }
158     }
159
160 }
WPIA Technical Infrastructure