}->
exec {'lxc-base-image-created':
logoutput => on_failure,
- command => '/usr/bin/lxc-create -n base-image -t debian -- -r stretch --packages=gnupg2,puppet,lsb-release,debconf-utils && rm -r /var/lib/lxc/base-image/rootfs/var/apt/lists',# gnupg2 needed for puppet managing apt-keys
+ command => '/usr/bin/lxc-create -n base-image -t debian -- -r stretch --packages=gnupg2,puppet,lsb-release,debconf-utils && rm -r /var/lib/lxc/base-image/rootfs/var/lib/apt/lists',# gnupg2 needed for puppet managing apt-keys
unless => '/usr/bin/test -d /var/lib/lxc/base-image',
timeout => '0'
}
+ package {'bridge-utils':
+ ensure => 'installed'
+ } -> file {'/etc/network/interfaces.d/lxcbr0':
+ source => 'puppet:///modules/lxc/lxcbr0'
+ } ~> exec{'stop all containers':
+ command => '/bin/bash -c \'for i in $(lxc-ls); do if [[ $i != base-image ]]; then lxc-stop -n "$i"; fi; done\'',
+ refreshonly => true,
+ } -> exec {'ifup lxcbr0':
+ command => '/sbin/ifdown lxcbr0; /sbin/ifup lxcbr0',
+ refreshonly => true,
+ subscribe => File['/etc/network/interfaces.d/lxcbr0']
+ }
+
+ define container_bind($container, $out = $name, $target, $option = ""){
+ file{"/var/lib/lxc/$container/rootfs/$target":
+ ensure => directory,
+ require => File_line["lxc-$container-conf5"],
+ before => Exec["lxc-$container-started"]
+ }->
+ file_line { "lxc-$container-mount-$out":
+ path => "/var/lib/lxc/$container/config",
+ line => "lxc.mount.entry = $out $target none bind$option 0 0",
+ require=> [File_line["lxc-$container-conf5"], File["$out"]],
+ notify => Exec["lxc-$container-started"],
+ }
+ }
define container ($contname, $ip, $dir = [], $bind = {}, $confline = []) {
exec {"lxc-$contname-issue-cert":
command => "/usr/bin/puppet ca destroy \"$contname\";/usr/bin/puppet ca generate \"$contname\"",
unless => "/usr/bin/[ -f /var/lib/puppet/ssl/private_keys/$contname.pem ] && /usr/bin/[ -f /var/lib/puppet/ssl/certs/$contname.pem ]",
before => Exec["lxc-$contname-started"]
}
+ $ipv6 = $ipsv6[$contname]
exec{ "lxc-$contname-created":
logoutput => on_failure,
path => "/var/lib/lxc/$contname/config",
line => 'lxc.network.ipv4.gateway = 10.0.3.1',
notify => Exec["lxc-$contname-started"],
+ } -> file_line {"lxc-$contname-conf6":
+ path => "/var/lib/lxc/$contname/config",
+ line => "lxc.network.ipv6 = $ipv6/64",
+ match => '^lxc\.network\.ipv6 =',
+ notify => Exec["lxc-$contname-started"],
+ } -> file_line {"lxc-$contname-conf7":
+ path => "/var/lib/lxc/$contname/config",
+ line => 'lxc.network.ipv6.gateway = fc00:0001::0000:0001',
+ match => '^lxc\.network\.ipv6\.gateway =',
+ notify => Exec["lxc-$contname-started"],
} -> file_line {"lxc-$contname-network":
path => "/var/lib/lxc/$contname/rootfs/etc/network/interfaces",
line => 'iface eth0 inet manual',
} -> exec {"lxc-$contname-started":
path => '/usr/bin',
refreshonly => true,
- refresh => "/usr/bin/lxc-stop -n $contname ; /usr/bin/lxc-start -dn $contname",
+ refresh => "/usr/bin/lxc-stop -n $contname ; /usr/bin/lxc-start -dn $contname; /usr/bin/lxc-attach -n $contname -- bash -c 'while ! [[ -S /run/systemd/private ]]; do sleep 1; done'",
}-> exec {"lxc-$contname-started1":
- command => "/usr/bin/lxc-start -dn $contname",
+ command => "/usr/bin/lxc-start -dn $contname; /usr/bin/lxc-attach -n $contname -- bash -c 'while ! [[ -S /run/systemd/private ]]; do sleep 1; done'",
unless => "/usr/bin/[ \"\$(lxc-info -Hsn $contname)\" != \"STOPPED\" ]",
}
$dir.each |String $in| {
file_line { "lxc-$contname-mount-$out":
path => "/var/lib/lxc/$contname/config",
line => "lxc.mount.entry = $out ${in[target]} none bind${in[option]} 0 0",
- require=> File_line["lxc-$contname-conf5"],
+ require=> [File_line["lxc-$contname-conf5"], File["$out"]],
notify => Exec["lxc-$contname-started"],
}
}
projects / infra.git / blobdiff