diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-23 17:33:17 +0200 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-23 17:33:17 +0200 |
| commit | aede37be1b70ed4e53081682a6ec4814c348cb49 (patch) | |
| tree | 3d29d58540a0ec9a71a3894a90268d3be6088a77 /manifests/machine.pp | |
| parent | Remove everything. (diff) | |
| download | nspawn-aede37be1b70ed4e53081682a6ec4814c348cb49.tar.gz nspawn-aede37be1b70ed4e53081682a6ec4814c348cb49.tar.xz | |
Add new modules content.
This module is designed differently. It makes no attempt to manage
templates. It still attempts to manage machines, but this should
probably move to Puppet tasks or similar, with the static configuration
mostly doing cleanup.
Diffstat (limited to 'manifests/machine.pp')
| -rw-r--r-- | manifests/machine.pp | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/manifests/machine.pp b/manifests/machine.pp new file mode 100644 index 0000000..8b09715 --- /dev/null +++ b/manifests/machine.pp @@ -0,0 +1,89 @@ +# @summary Configuration and provisioning for a single container. +# @param name +# Will be used for both the directory name, and the hostname in the container. +# @param template +# Which template this machine should be configured from. +# +# Templates needs to be manually configured behorehand. +# +# The value 'none' is special, since it allows the machine to be +# managed without a template. The template parameter is however +# required, since a machine without a template needs to be manually +# configured through some other mean. +# +# @param domain +# Domain part of FQDN of container. +# +# @param config +# Configuration for the machine, as per systemd.nspawn(5). +# Will be merged with `nspawn::config` per the `$merge` variable. +# +# @param merge +# How this nodes configuration should be merged with the defalut hash. +# +# - deep +# Stdlib's `deep_merge` will be used, with us on the right. +# - shallow +# `$nspawn::config + $config` +# - replace +# The upstream will be ignored. +# +# @param ensure +define nspawn::machine ( + Variant[String, Enum['none']] $template, + String $domain = $trusted['domain'], + Nspawn::Systemdconfig $config, + Enum['deep', 'shallow', 'override'] $merge = 'deep', + Enum['present', 'absent'] $ensure = 'present', +) { + $root = "${nspawn::machine_dir}/${name}" + + $final_config = $merge ? { + 'deep' => deep_merge($nspawn::config, $config), + 'shallow' => $nspawn::config + $config, + 'override' => $config, + } + + file { "${nspawn::nspawn_dir}/${name}.nspawn": + ensure => $ensure, + content => epp("${module_name}/systemd/nspawn.epp", { + 'data' => $final_config + }), + } + + if $ensure == 'present' { + # if $machine_dir has a quota set, then this inherits it + unless $template == 'none' { + exec { "Initialize ${name} from template": + cmd => [ + 'btrfs', 'snapshot', + "${nspawn::template_dir}/${template}", + $root, + ], + creates => $root, + path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'], + } + } + + file { "${root}/etc/passwd": + content => "${name}\n", + } + + file_line { "${root}/etc/hosts ::1": + line => "::1\t${name}.${domain}\t${name}", + match => "${name}.${domain}", + path => "${root}/etc/hosts", + } + } else { + service { "systemd-nspawn@${name}": + ensure => stopped, + enable => false, + } + + exec { "Remove btrfs subvolume ${root}": + cmd => ['btrfs', 'subvolume', 'delete', $root], + onlyif => [['test', '-d', $root]], + path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'], + } + } +} |