diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-01-13 12:59:43 +0100 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-01-13 14:23:37 +0100 |
| commit | fe040d1aa9a01e14c882ead7cb09303aef588804 (patch) | |
| tree | 318e6cdff8aa9138866fc1f0140e37347fe7bf66 | |
| parent | Safeguard machined fact. (diff) | |
| download | nspawn-fe040d1aa9a01e14c882ead7cb09303aef588804.tar.gz nspawn-fe040d1aa9a01e14c882ead7cb09303aef588804.tar.xz | |
Rewrote mots of nspawn.
| -rw-r--r-- | manifests/init.pp | 5 | ||||
| -rw-r--r-- | manifests/machine.pp | 64 | ||||
| -rw-r--r-- | manifests/os/debian.pp | 42 | ||||
| -rw-r--r-- | manifests/setup.pp | 3 | ||||
| -rw-r--r-- | manifests/util/disable_networking.pp | 3 | ||||
| -rw-r--r-- | manifests/util/enable_networkd.pp | 5 | ||||
| l--------- | templates/unit_file.epp | 1 |
7 files changed, 89 insertions, 34 deletions
diff --git a/manifests/init.pp b/manifests/init.pp new file mode 100644 index 0000000..fcda29e --- /dev/null +++ b/manifests/init.pp @@ -0,0 +1,5 @@ +class nspawn ( + Hash[String,Hash] $machines, +) { + create_resources(nspawn::machine, $machines) +} diff --git a/manifests/machine.pp b/manifests/machine.pp index 8ba9bf3..8cc1947 100644 --- a/manifests/machine.pp +++ b/manifests/machine.pp @@ -7,32 +7,56 @@ define nspawn::machine ( require ::nspawn::setup - file { "/var/lib/machines/${machine}/puppet": - ensure => directory, + $domain = $facts['domain'] + + # Sets up image + # create_resources("nspawn::os::${os}", { $machine => $os_opts }) + nspawn::os::debian { 'debian-bullseye.base': + * => $os_opts, } - file { "/etc/systemd/nspawn/${machine}.nspawn": - content => @("EOF") - [Exec] - Hostname=${machine}.adrift.space - Boot=true - # /usr/lib/systemd/resolv.conf - ResolvConf=copy-static - - [Files] - # TODO This should only be mounted on puppet servers, in case it - # contains secrets - BindReadOnly=/usr/local/puppet:/puppet - - [Network] - Bridge=br0 - | EOF + # Copies image to us + exec { "Create ${machine} from template": + command => [ 'systemd-nspawn', + '--template=/var/lib/machines/debian-bullseye.base', + '-D', $machine, + ], + path => ['/bin','/usr/bin'], + cwd => '/var/lib/machines', + creates => "/var/lib/machines/${machine}", + require => Nspawn::Os::Debian['debian-bullseye.base'], + } + + file { "/var/lib/machines/${machine}/etc/hostname": + ensure => file, + content => "${machine}.${domain}\n", + require => Exec["Create ${machine} from template"], } - create_resources("nspawn::os::${os}", { $machine => $os_opts }) + # systemd-nspawn --quiet -M debby systemctl enable puppet + + $nspawn_data = { + 'Exec' => { + # 'Hostname' => "${machine}.${domain}", + 'Boot' => 'true', + 'ResolvConf' => 'copy-static', # /usr/lib/systemd/resolv.conf + }, + 'Network' => { + 'Bridge' => 'br0', + } + } + + file { "/etc/systemd/nspawn/${machine}.nspawn": + ensure => file, + content => epp('nspawn/unit_file.epp', { + data => $nspawn_data, + }), + notify => Service["systemd-nspawn@${machine}.service"], + } service { "systemd-nspawn@${machine}.service": - enable => $enable, + enable => $enable, + require => File["/etc/systemd/nspawn/${machine}.nspawn"], } } diff --git a/manifests/os/debian.pp b/manifests/os/debian.pp index fbab9ac..ff687dd 100644 --- a/manifests/os/debian.pp +++ b/manifests/os/debian.pp @@ -1,21 +1,26 @@ +# TODO rename this to image-setup define nspawn::os::debian ( String $os_version, String $machine = $name, ) { + $root = "/var/lib/machines/debian-${os_version}.base" + ensure_packages(['debootstrap']) - exec { "/usr/bin/deboostrap ${os_version} /var/lib/machines/${machine}": - creates => "/var/lib/machines/${machine}/etc/os-release", + exec { "/usr/bin/deboostrap ${os_version} '${root}'": + creates => "${root}/etc/os-release", } - $puppet_deb = "/var/lib/machines/${machine}/tmp/puppet7-release-${os_version}.deb" - file { $puppet_deb: + $puppet_deb = "puppet7-release-${os_version}.deb" + $puppet_deb_path = "${root}/opt/${puppet_deb}" + + file { $puppet_deb_path: ensure => file, - source => "https://apt.puppet.com/puppet7-release-${os_version}.deb" + source => "https://apt.puppet.com/${puppet_deb}" } - $running = $facts['machined-info'][$machine] != Undef or $facts['machined-info'][$machine]['State'] == 'running' + $running = $facts['machined-info'][$machine] != undef and $facts['machined-info'][$machine]['State'] == 'running' if $running { # TODO @@ -24,12 +29,12 @@ define nspawn::os::debian ( } } else { exec { "Set up puppet repo for ${machine}": - subscribe => File[$puppet_deb], + subscribe => File[$puppet_deb_path], command => [ '/usr/bin/systemd-nspawn', '-M', $machine, '--quiet', '/bin/sh', '-c', - "dpkg -i '/tmp/puppet7-release-${os_version}.deb' && apt update" + "dpkg -i '/opt/puppet7-release-${os_version}.deb' && apt update" ], } @@ -39,11 +44,28 @@ define nspawn::os::debian ( '--quiet', 'apt', 'install', 'puppet-agent', ], - creates => "/var/lib/machines/${machine}/opt/puppetlabs/bin/puppet", + creates => "${root}/opt/puppetlabs/bin/puppet", } } + + exec { "Enable puppet on ${machine}": + command => [ '/usr/bin/systemd-nspawn', + '-M', $machine, + '--quiet', + 'systemctl', 'enable', 'puppet', + ], + creates => "${root}/etc/systemd/system/multi-user.target.wants/puppet.service", + } + + file { "${root}/etc/puppetlabs/puppet/puppet.conf": + ensure => file, + content => @(EOF) + [main] + server = busting.adrift.space + | EOF + } + nspawn::util::disable_networking { $machine: } nspawn::util::enable_networkd { $machine: } - } diff --git a/manifests/setup.pp b/manifests/setup.pp index 9f742fd..ab42446 100644 --- a/manifests/setup.pp +++ b/manifests/setup.pp @@ -12,5 +12,8 @@ class nspawn::setup { | EOF } + service { 'machines.target': + enable => true, + } } diff --git a/manifests/util/disable_networking.pp b/manifests/util/disable_networking.pp index 4a9b31b..ac55951 100644 --- a/manifests/util/disable_networking.pp +++ b/manifests/util/disable_networking.pp @@ -3,8 +3,9 @@ define nspawn::util::disable_networking ( String $machine_path = "/var/lib/machines/${machine}", ) { + $running = $facts['machined-info'][$machine] != undef and $facts['machined-info'][$machine]['State'] == 'running' - $cmd = if $facts['machined-info'][$machine]['State'] == 'running' { + $cmd = if $running { [ 'systemctl', '-M', $machine, 'disable', 'networking' ] } else { [ 'systemd-nspawn', '-M', $machine, '--quiet', diff --git a/manifests/util/enable_networkd.pp b/manifests/util/enable_networkd.pp index 8e447b9..f9b4d2e 100644 --- a/manifests/util/enable_networkd.pp +++ b/manifests/util/enable_networkd.pp @@ -3,9 +3,8 @@ define nspawn::util::enable_networkd ( String $machine_path = "/var/lib/machines/${machine}", ) { - # TODO only do this if the directory is empty networking::networkd_instance { "Initial networking on ${machine}": - priority => 50, + priority => 99, filename => 'puppet-initial', path => "${machine_path}/${networking::networkd::path}", content => { @@ -19,7 +18,7 @@ define nspawn::util::enable_networkd ( }, } - $running = $facts['machined-info'][$machine] != Undef or $facts['machined-info'][$machine]['State'] == 'running' + $running = $facts['machined-info'][$machine] != undef and $facts['machined-info'][$machine]['State'] == 'running' $cmd = if $running { [ 'systemctl', '-M', $machine, 'enable', 'systemd-networkd' ] diff --git a/templates/unit_file.epp b/templates/unit_file.epp new file mode 120000 index 0000000..ca099ec --- /dev/null +++ b/templates/unit_file.epp @@ -0,0 +1 @@ +../../networking/templates/unit_file.epp
\ No newline at end of file |