LXC support

6 files changed, 96 insertions, 2 deletions

diff --git a/files/lxc/default.conf b/files/lxc/default.conf
new file mode 100644
index 0000000..afe768f
--- /dev/null
+++ b/files/lxc/default.conf
@@ -0,0 +1,4 @@
+lxc.network.type   = veth
+lxc.network.link   = lxcbr0
+lxc.network.flags  = up
+lxc.network.hwaddr = 00:16:3e:xx:xx:xx
diff --git a/files/lxc/lxc-net b/files/lxc/lxc-net
new file mode 100644
index 0000000..1c59b70
--- /dev/null
+++ b/files/lxc/lxc-net
@@ -0,0 +1,9 @@
+USE_LXC_BRIDGE="true"
+LXC_BRIDGE="lxcbr0"
+LXC_ADDR="10.0.3.1"
+LXC_NETMASK="255.255.255.0"
+LXC_NETWORK="10.0.3.0/24"
+LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
+LXC_DHCP_MAX="253"
+LXC_DHCP_CONFILE=""
+LXC_DOMAIN=""
diff --git a/manifests/kvm/manager.pp b/manifests/kvm/manager.pp
index 8b2b75e..5c9b2fb 100644
--- a/manifests/kvm/manager.pp
+++ b/manifests/kvm/manager.pp
@@ -1,13 +1,29 @@
 class virtual::kvm::manager {
-  package { [ 'qemu-kvm', 'runit', 'uml-utilities', 'qemu-kvm', 'socat', 'bridge-utils', 'fakeroot', 'xorriso' ]:
+  include virtual::networking
+
+  package { [
+    'qemu-kvm',
+    'runit',
+    'runit-systemd',
+    'uml-utilities',
+    'qemu-kvm',
+    'socat',
+    'fakeroot',
+    'xorriso',
+  ]:
     ensure  => present,
   }
 
+  # Provide a netboot image for VM installs
+  package { "debian-installer-9-netboot-${::architecture}":
+    ensure => present,
+  }
+
   vcsrepo { '/usr/local/share/kvm-manager':
     ensure   => present,
     provider => git,
     source   => 'git://git.fluxo.info/kvm-manager.git',
-    revision => 'd8bd926096ecf6d8c38453b6752088b8a10ca3b7',
+    revision => 'b262c9597a3c5fd8c86ae63deda10f999048dfb8',
     owner    => 'root',
     group    => 'root',
   }
diff --git a/manifests/lxc/base.pp b/manifests/lxc/base.pp
new file mode 100644
index 0000000..c047790
--- /dev/null
+++ b/manifests/lxc/base.pp
@@ -0,0 +1,33 @@
+class virtual::lxc::base {
+  include virtual::networking
+
+  package { [
+    'lxc',
+  ]:
+    ensure => present,
+  }
+
+  service { 'lxc-net':
+    ensure  => running,
+    require => Package['lxc'],
+  }
+
+  file { '/etc/default/lxc-net':
+    ensure  => present,
+    owner   => root,
+    group   => root,
+    mode    => '0644',
+    #content => "USE_LXC_BRIDGE=\"true\"\n",
+    source  => 'puppet:///modules/virtual/lxc/lxc-net',
+    notify  => Service['lxc-net'],
+  }
+
+  file { '/etc/lxc/default.conf':
+    ensure  => present,
+    owner   => root,
+    group   => root,
+    mode    => '0644',
+    source  => 'puppet:///modules/virtual/lxc/default.conf',
+    notify  => Service['lxc-net'],
+  }
+}
diff --git a/manifests/lxc/unprivileged.pp b/manifests/lxc/unprivileged.pp
new file mode 100644
index 0000000..6f187a5
--- /dev/null
+++ b/manifests/lxc/unprivileged.pp
@@ -0,0 +1,27 @@
+class virtual::lxc::unprivileged {
+  include virtual::lxc::base
+
+  package { [
+    'libvirt0',
+    'libpam-cgroup',
+    'libpam-cgfs',
+  ]:
+    ensure => present,
+  }
+
+  file { "/etc/sysctl.d/80-lxc-userns.conf":
+    owner   => "root",
+    group   => "root",
+    mode    => '0644',
+    ensure  => present,
+    content => "kernel.unprivileged_userns_clone=1\n",
+  }
+
+  exec { "sysctl --system":
+    user        => root,
+    subscribe   => File["/etc/sysctl.d/80-lxc-userns.conf"],
+    refreshonly => true,
+  }
+
+  # TODO: echo "$USER veth lxcbr0 1000"| sudo tee -i /etc/lxc/lxc-usernet
+}
diff --git a/manifests/networking.pp b/manifests/networking.pp
new file mode 100644
index 0000000..6511f78
--- /dev/null
+++ b/manifests/networking.pp
@@ -0,0 +1,5 @@
+class virtual::networking {
+  package { 'bridge-utils':
+    ensure => installed,
+  }
+}