From 4a2e70edeb1d87674156cd8328352582e25d1525 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 29 Dec 2017 23:26:49 -0200 Subject: LXC support --- manifests/kvm/manager.pp | 20 ++++++++++++++++++-- manifests/lxc/base.pp | 33 +++++++++++++++++++++++++++++++++ manifests/lxc/unprivileged.pp | 27 +++++++++++++++++++++++++++ manifests/networking.pp | 5 +++++ 4 files changed, 83 insertions(+), 2 deletions(-) create mode 100644 manifests/lxc/base.pp create mode 100644 manifests/lxc/unprivileged.pp create mode 100644 manifests/networking.pp (limited to 'manifests') diff --git a/manifests/kvm/manager.pp b/manifests/kvm/manager.pp index 8b2b75e..5c9b2fb 100644 --- a/manifests/kvm/manager.pp +++ b/manifests/kvm/manager.pp @@ -1,13 +1,29 @@ class virtual::kvm::manager { - package { [ 'qemu-kvm', 'runit', 'uml-utilities', 'qemu-kvm', 'socat', 'bridge-utils', 'fakeroot', 'xorriso' ]: + include virtual::networking + + package { [ + 'qemu-kvm', + 'runit', + 'runit-systemd', + 'uml-utilities', + 'qemu-kvm', + 'socat', + 'fakeroot', + 'xorriso', + ]: ensure => present, } + # Provide a netboot image for VM installs + package { "debian-installer-9-netboot-${::architecture}": + ensure => present, + } + vcsrepo { '/usr/local/share/kvm-manager': ensure => present, provider => git, source => 'git://git.fluxo.info/kvm-manager.git', - revision => 'd8bd926096ecf6d8c38453b6752088b8a10ca3b7', + revision => 'b262c9597a3c5fd8c86ae63deda10f999048dfb8', owner => 'root', group => 'root', } diff --git a/manifests/lxc/base.pp b/manifests/lxc/base.pp new file mode 100644 index 0000000..c047790 --- /dev/null +++ b/manifests/lxc/base.pp @@ -0,0 +1,33 @@ +class virtual::lxc::base { + include virtual::networking + + package { [ + 'lxc', + ]: + ensure => present, + } + + service { 'lxc-net': + ensure => running, + require => Package['lxc'], + } + + file { '/etc/default/lxc-net': + ensure => present, + owner => root, + group => root, + mode => '0644', + #content => "USE_LXC_BRIDGE=\"true\"\n", + source => 'puppet:///modules/virtual/lxc/lxc-net', + notify => Service['lxc-net'], + } + + file { '/etc/lxc/default.conf': + ensure => present, + owner => root, + group => root, + mode => '0644', + source => 'puppet:///modules/virtual/lxc/default.conf', + notify => Service['lxc-net'], + } +} diff --git a/manifests/lxc/unprivileged.pp b/manifests/lxc/unprivileged.pp new file mode 100644 index 0000000..6f187a5 --- /dev/null +++ b/manifests/lxc/unprivileged.pp @@ -0,0 +1,27 @@ +class virtual::lxc::unprivileged { + include virtual::lxc::base + + package { [ + 'libvirt0', + 'libpam-cgroup', + 'libpam-cgfs', + ]: + ensure => present, + } + + file { "/etc/sysctl.d/80-lxc-userns.conf": + owner => "root", + group => "root", + mode => '0644', + ensure => present, + content => "kernel.unprivileged_userns_clone=1\n", + } + + exec { "sysctl --system": + user => root, + subscribe => File["/etc/sysctl.d/80-lxc-userns.conf"], + refreshonly => true, + } + + # TODO: echo "$USER veth lxcbr0 1000"| sudo tee -i /etc/lxc/lxc-usernet +} diff --git a/manifests/networking.pp b/manifests/networking.pp new file mode 100644 index 0000000..6511f78 --- /dev/null +++ b/manifests/networking.pp @@ -0,0 +1,5 @@ +class virtual::networking { + package { 'bridge-utils': + ensure => installed, + } +} -- cgit v1.2.3