diff options
-rw-r--r-- | files/lxc/default.conf | 4 | ||||
-rw-r--r-- | files/lxc/lxc-net | 9 | ||||
-rw-r--r-- | manifests/kvm/manager.pp | 20 | ||||
-rw-r--r-- | manifests/lxc/base.pp | 33 | ||||
-rw-r--r-- | manifests/lxc/unprivileged.pp | 27 | ||||
-rw-r--r-- | manifests/networking.pp | 5 |
6 files changed, 96 insertions, 2 deletions
diff --git a/files/lxc/default.conf b/files/lxc/default.conf new file mode 100644 index 0000000..afe768f --- /dev/null +++ b/files/lxc/default.conf @@ -0,0 +1,4 @@ +lxc.network.type = veth +lxc.network.link = lxcbr0 +lxc.network.flags = up +lxc.network.hwaddr = 00:16:3e:xx:xx:xx diff --git a/files/lxc/lxc-net b/files/lxc/lxc-net new file mode 100644 index 0000000..1c59b70 --- /dev/null +++ b/files/lxc/lxc-net @@ -0,0 +1,9 @@ +USE_LXC_BRIDGE="true" +LXC_BRIDGE="lxcbr0" +LXC_ADDR="10.0.3.1" +LXC_NETMASK="255.255.255.0" +LXC_NETWORK="10.0.3.0/24" +LXC_DHCP_RANGE="10.0.3.2,10.0.3.254" +LXC_DHCP_MAX="253" +LXC_DHCP_CONFILE="" +LXC_DOMAIN="" diff --git a/manifests/kvm/manager.pp b/manifests/kvm/manager.pp index 8b2b75e..5c9b2fb 100644 --- a/manifests/kvm/manager.pp +++ b/manifests/kvm/manager.pp @@ -1,13 +1,29 @@ class virtual::kvm::manager { - package { [ 'qemu-kvm', 'runit', 'uml-utilities', 'qemu-kvm', 'socat', 'bridge-utils', 'fakeroot', 'xorriso' ]: + include virtual::networking + + package { [ + 'qemu-kvm', + 'runit', + 'runit-systemd', + 'uml-utilities', + 'qemu-kvm', + 'socat', + 'fakeroot', + 'xorriso', + ]: ensure => present, } + # Provide a netboot image for VM installs + package { "debian-installer-9-netboot-${::architecture}": + ensure => present, + } + vcsrepo { '/usr/local/share/kvm-manager': ensure => present, provider => git, source => 'git://git.fluxo.info/kvm-manager.git', - revision => 'd8bd926096ecf6d8c38453b6752088b8a10ca3b7', + revision => 'b262c9597a3c5fd8c86ae63deda10f999048dfb8', owner => 'root', group => 'root', } diff --git a/manifests/lxc/base.pp b/manifests/lxc/base.pp new file mode 100644 index 0000000..c047790 --- /dev/null +++ b/manifests/lxc/base.pp @@ -0,0 +1,33 @@ +class virtual::lxc::base { + include virtual::networking + + package { [ + 'lxc', + ]: + ensure => present, + } + + service { 'lxc-net': + ensure => running, + require => Package['lxc'], + } + + file { '/etc/default/lxc-net': + ensure => present, + owner => root, + group => root, + mode => '0644', + #content => "USE_LXC_BRIDGE=\"true\"\n", + source => 'puppet:///modules/virtual/lxc/lxc-net', + notify => Service['lxc-net'], + } + + file { '/etc/lxc/default.conf': + ensure => present, + owner => root, + group => root, + mode => '0644', + source => 'puppet:///modules/virtual/lxc/default.conf', + notify => Service['lxc-net'], + } +} diff --git a/manifests/lxc/unprivileged.pp b/manifests/lxc/unprivileged.pp new file mode 100644 index 0000000..6f187a5 --- /dev/null +++ b/manifests/lxc/unprivileged.pp @@ -0,0 +1,27 @@ +class virtual::lxc::unprivileged { + include virtual::lxc::base + + package { [ + 'libvirt0', + 'libpam-cgroup', + 'libpam-cgfs', + ]: + ensure => present, + } + + file { "/etc/sysctl.d/80-lxc-userns.conf": + owner => "root", + group => "root", + mode => '0644', + ensure => present, + content => "kernel.unprivileged_userns_clone=1\n", + } + + exec { "sysctl --system": + user => root, + subscribe => File["/etc/sysctl.d/80-lxc-userns.conf"], + refreshonly => true, + } + + # TODO: echo "$USER veth lxcbr0 1000"| sudo tee -i /etc/lxc/lxc-usernet +} diff --git a/manifests/networking.pp b/manifests/networking.pp new file mode 100644 index 0000000..6511f78 --- /dev/null +++ b/manifests/networking.pp @@ -0,0 +1,5 @@ +class virtual::networking { + package { 'bridge-utils': + ensure => installed, + } +} |