135 lines
No EOL
4.4 KiB
Text
135 lines
No EOL
4.4 KiB
Text
lxc:
|
|
pkg.installed
|
|
|
|
lxc-create-symlink:
|
|
file.symlink:
|
|
- name: /lxc
|
|
- target: /var/lib/lxc
|
|
|
|
{%- if pillar['lxc'] is defined -%}
|
|
{%- for container in pillar['lxc'] %}
|
|
{{container}}-create:
|
|
lxc.present:
|
|
- name: {{container}}
|
|
- profile: base
|
|
|
|
{% set bind_dirs = ['tmp'] %}
|
|
{%- set overlay_dirs = ['etc','opt','srv','usr','var','root'] -%}
|
|
{%- set hidden_files = ['etc/salt/minion_id','etc/salt/grains','etc/fstab'] -%}
|
|
{%- set hidden_dirs = ['etc/systemd/system/multi-user.target.wants','etc/salt/pki','etc/nginx/certs','etc/nginx/conf.d'] -%}
|
|
{%- set base_dirs = ['boot','dev','etc','home','mnt','opt','proc','run','srv','sys','tmp','usr','var'] -%}
|
|
{%- set symlinks = {'bin':'usr/bin','lib':'usr/lib','lib64':'usr/lib','sbin':'usr/bin'} -%}
|
|
|
|
{%- if pillar['lxc'][container]['bind_dirs'] is defined -%}
|
|
{% for bind_dir in pillar['lxc'][container]['bind_dirs'] if bind_dir not in bind_dirs %}
|
|
{% do bind_dirs.append(bind_dir) %}
|
|
{% endfor %}
|
|
{%- endif -%}
|
|
{%- if pillar['lxc'][container]['overlay_dirs'] is defined -%}
|
|
{% for overlay_dir in pillar['lxc'][container]['overlay_dirs'] if overlay_dir not in overlay_dirs %}
|
|
{% do overlay_dirs.append(overlay_dir) %}
|
|
{% endfor -%}
|
|
{%- endif -%}
|
|
{%- if pillar['lxc'][container]['hidden_files'] is defined -%}
|
|
{% for hidden_file in pillar['lxc'][container]['hidden_files'] if hidden_file not in hidden_files %}
|
|
{% do hidden_files.append(hidden_file) %}
|
|
{% endfor -%}
|
|
{%- endif -%}
|
|
{%- if pillar['lxc'][container]['hidden_dirs'] is defined -%}
|
|
{% for hidden_dir in pillar['lxc'][container]['hidden_dirs'] if hidden_dir not in hidden_dirs %}
|
|
{% do hidden_dirs.append(hidden_dir) %}
|
|
{% endfor -%}
|
|
{%- endif -%}
|
|
{%- if pillar['lxc'][container]['symlinks'] is defined -%}
|
|
{% do symlinks.update(pillar['lxc'][container]['symlinks']) %}
|
|
{%- endif %}
|
|
|
|
{{container}}-config:
|
|
file.managed:
|
|
- name: /var/lib/lxc/{{container}}/config
|
|
- source: salt://roles/maintain/lxc/container.conf
|
|
- template: jinja
|
|
- context:
|
|
container: {{container}}
|
|
bind_dirs: {{bind_dirs}}
|
|
overlay_dirs: {{overlay_dirs}}
|
|
|
|
{{container}}-create-rootfs:
|
|
file.directory:
|
|
- name: /var/lib/lxc/{{container}}/rootfs/
|
|
{{container}}-create-upperdirs:
|
|
file.directory:
|
|
- name: /var/lib/lxc/{{container}}/upperdirs/
|
|
{{container}}-create-workdirs:
|
|
file.directory:
|
|
- name: /var/lib/lxc/{{container}}/workdirs/
|
|
|
|
{%- for overlay_dir in overlay_dirs %}
|
|
{{container}}-create-upperdir-{{overlay_dir}}:
|
|
file.directory:
|
|
- name: /var/lib/lxc/{{container}}/upperdirs/{{overlay_dir}}
|
|
{{container}}-create-workdir-{{overlay_dir}}:
|
|
file.directory:
|
|
- name: /var/lib/lxc/{{container}}/workdirs/{{overlay_dir}}
|
|
{{container}}-create-rootfs-{{overlay_dir}}:
|
|
file.directory:
|
|
- name: /var/lib/lxc/{{container}}/rootfs/{{overlay_dir}}
|
|
{%- endfor %}
|
|
|
|
{%- for bind_dir in bind_dirs %}
|
|
{{container}}-create-rootfs-{{bind_dir}}:
|
|
file.directory:
|
|
- name: /var/lib/lxc/{{container}}/rootfs/{{bind_dir}}
|
|
- makedirs: true
|
|
{%- endfor %}
|
|
|
|
{%- for base_dir in base_dirs %}
|
|
{{container}}-create-{{base_dir}}:
|
|
file.directory:
|
|
- name: /var/lib/lxc/{{container}}/rootfs/{{base_dir}}
|
|
{%- endfor %}
|
|
|
|
{%- for symlink in symlinks %}
|
|
{{container}}-create-{{symlink}}:
|
|
file.symlink:
|
|
- name: /var/lib/lxc/{{container}}/rootfs/{{symlink}}
|
|
- target: {{symlinks[symlink]}}
|
|
{%- endfor %}
|
|
|
|
{%- for hidden_file in hidden_files %}
|
|
{%- set directory = hidden_file | regex_search('.*\/') -%}
|
|
{%- if pillar['lxc'][container]['hidden_dirs'] is defined -%}
|
|
{{container}}-mkdir-for-{{hidden_file}}:
|
|
file.directory:
|
|
- name: /var/lib/lxc/{{container}}/upperdirs/{{directory}}
|
|
- makedirs: true
|
|
{% endif %}
|
|
{{container}}-whiteout-{{hidden_file}}:
|
|
file.mknod:
|
|
- name: /var/lib/lxc/{{container}}/upperdirs/{{hidden_file}}
|
|
- ntype: c
|
|
- major: 0
|
|
- minor: 0
|
|
- user: root
|
|
- group: root
|
|
- mode: 400
|
|
- onlyif: 'test ! -e /var/lib/lxc/{{container}}/upperdirs/{{hidden_file}}'
|
|
{%- endfor %}
|
|
|
|
{%- for hidden_dir in hidden_dirs %}
|
|
{{container}}-create-{{hidden_dir}}:
|
|
file.directory:
|
|
- name: /var/lib/lxc/{{container}}/upperdirs/{{hidden_dir}}
|
|
- makedirs: true
|
|
{{container}}-hide-{{hidden_dir}}:
|
|
cmd.run:
|
|
- name: 'setfattr -n trusted.overlay.opaque -v y "/var/lib/lxc/{{container}}/upperdirs/{{hidden_dir}}"'
|
|
{%- endfor %}
|
|
|
|
{{container}}-running:
|
|
service.running:
|
|
- name: lxc@{{container}}.service
|
|
- enable: true
|
|
|
|
{%- endfor %}
|
|
{%- endif %} |