diff options
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/init.pp | 10 | ||||
-rw-r--r-- | manifests/machine.pp | 72 | ||||
-rw-r--r-- | manifests/os/arch.pp | 17 | ||||
-rw-r--r-- | manifests/os/debian.pp | 61 | ||||
-rw-r--r-- | manifests/setup.pp | 21 | ||||
-rw-r--r-- | manifests/template.pp | 39 | ||||
-rw-r--r-- | manifests/template_final.pp | 42 | ||||
-rw-r--r-- | manifests/util/disable_networking.pp | 13 | ||||
-rw-r--r-- | manifests/util/enable_networkd.pp | 39 |
9 files changed, 0 insertions, 314 deletions
diff --git a/manifests/init.pp b/manifests/init.pp deleted file mode 100644 index f768f43..0000000 --- a/manifests/init.pp +++ /dev/null @@ -1,10 +0,0 @@ -class nspawn ( - String $machine_dir = '/var/lib/machines', - String $template_dir = '/var/lib/machines', - String $puppet_server = 'puppet', - Hash[String,Hash] $templates, - Hash[String,Hash] $machines, -) { - create_resources(nspawn::machine, $machines) - create_resources(nspawn::template, $templates) -} diff --git a/manifests/machine.pp b/manifests/machine.pp deleted file mode 100644 index e6d01e2..0000000 --- a/manifests/machine.pp +++ /dev/null @@ -1,72 +0,0 @@ -define nspawn::machine ( - String $template, - String $machine = $name, - Boolean $enable = false, - String $machine_dir = $nspawn::machine_dir, - Hash $nspawn_opts = {}, -) { - - require ::nspawn::setup - - # TODO - # gather fact from 'machinectl list-images', and check if one with - # our name + '.base' exists - - $domain = $facts['domain'] - $root = "${machine_dir}/${machine}" - - exec { "lvcreate -n vm-${machine} -V 100G --thinpool lvpoolData VolGroup": - creates => "/dev/VolGroup/vm-${machine}", - path => ['/usr/bin',], - } -> systemd_mount { "/var/lib/machines/${machine}": - what => "/dev/VolGroup/vm-${machine}" - } - - # Copies image to us - # TODO does this actually do anything more than a deep copy? - exec { "Create ${machine} from template": - command => [ 'systemd-nspawn', - "--template=/var/lib/machines/${template}.base", - '--quiet', - '-D', $machine, - '/bin/true', # run some command so we don't get stuck on boot prompt - ], - path => ['/bin','/usr/bin'], - cwd => $machine_dir, - creates => "${machine_dir}/${machine}", - } - - file { "/var/lib/machines/${machine}/etc/hostname": - ensure => file, - content => "${machine}.${domain}\n", - require => Exec["Create ${machine} from template"], - } - - # systemd-nspawn --quiet -M debby systemctl enable puppet - - $nspawn_data = { - 'Exec' => { - # 'Hostname' => "${machine}.${domain}", - 'Boot' => 'true', - 'ResolvConf' => 'copy-static', # /usr/lib/systemd/resolv.conf - }, - 'Network' => { - 'Bridge' => 'br0', - } - # TODO deep merge? - } + $nspawn_opts - - file { "/etc/systemd/nspawn/${machine}.nspawn": - ensure => file, - content => epp('nspawn/unit_file.epp', { - data => $nspawn_data, - }), - notify => Service["systemd-nspawn@${machine}.service"], - } - - service { "systemd-nspawn@${machine}.service": - enable => $enable, - require => File["/etc/systemd/nspawn/${machine}.nspawn"], - } - -} diff --git a/manifests/os/arch.pp b/manifests/os/arch.pp deleted file mode 100644 index d9bd258..0000000 --- a/manifests/os/arch.pp +++ /dev/null @@ -1,17 +0,0 @@ -define nspawn::os::arch ( - String $template_name = $name, - String $template_dir = $nspawn::template_dir, -) { - - ensure_packages(['arch-install-scripts']) - - $root = "${template_dir}/${template_name}" - - file { $root: - ensure => directory, - } -> exec { "/usr/bin/pacstrap '${root}' base puppet": - creates => "${root}/etc/os-release", - } -> nspawn::util::enable_networkd { $template_name: - template_dir => $template_dir, - } -} diff --git a/manifests/os/debian.pp b/manifests/os/debian.pp deleted file mode 100644 index 9e42737..0000000 --- a/manifests/os/debian.pp +++ /dev/null @@ -1,61 +0,0 @@ -# TODO rename this to image-setup -define nspawn::os::debian ( - String $os_version, - String $template_name = $name, - String $template_dir = $nspawn::template_dir, -) { - - $root = "${template_dir}/${template_name}" - $pkg_pos = 'var/tmp' - - ensure_packages(['debootstrap']) - - exec { "/usr/bin/deboostrap ${os_version} '${root}'": - creates => "${root}/etc/os-release", - } - - $puppet_deb = "puppet7-release-${os_version}.deb" - $puppet_deb_path = "${root}/${pkg_pos}/${puppet_deb}" - - file { $puppet_deb_path: - ensure => file, - source => "https://apt.puppet.com/${puppet_deb}" - } - - $running = $facts['machined-info'][$template_name] != undef - and $facts['machined-info'][$template_name]['State'] == 'running' - - if $running { - # TODO - notify { "Notify skipping ${template_name} setup": - message => "Skipping setup for ${template_name}, already running", - } - } else { - exec { "Set up puppet repo for ${template_name}": - subscribe => File[$puppet_deb_path], - refreshonly => true, - command => [ '/usr/bin/systemd-nspawn', - '-M', $template_name, - '--quiet', - '/bin/sh', '-c', - "dpkg -i '/${pkg_pos}/puppet7-release-${os_version}.deb' && apt update" - ], - } - - exec { "install puppet-agent on ${template_name}": - command => [ '/usr/bin/systemd-nspawn', - '-M', $template_name, - '--quiet', - 'apt', 'install', 'puppet-agent', - ], - creates => "${root}/opt/puppetlabs/bin/puppet", - } - } - - nspawn::util::disable_networking { $template_name: - template_dir => $template_dir, - } - nspawn::util::enable_networkd { $template_name: - template_dir => $template_dir, - } -} diff --git a/manifests/setup.pp b/manifests/setup.pp deleted file mode 100644 index 01503c8..0000000 --- a/manifests/setup.pp +++ /dev/null @@ -1,21 +0,0 @@ -class nspawn::setup { - - # TODO find better file to use for containers - - file { '/usr/lib/systemd/resolv.conf': - ensure => file, - content => @(EOF) - # File /usr/lib/systemd/resolv.conf managed by puppet - # Local changes will be overwritten - nameserver 10.0.0.40 - search adrift.space - | EOF - } - - service { 'machines.target': - enable => true, - } - - Nspawn::Template <| |> -> Nspawn::Machine <| |> - -} diff --git a/manifests/template.pp b/manifests/template.pp deleted file mode 100644 index 3c66b97..0000000 --- a/manifests/template.pp +++ /dev/null @@ -1,39 +0,0 @@ -define nspawn::template ( - String $template_name = $name, - Enum['debian', 'arch'] $os = $template_name.split('-')[0], - Optional[String] $version = undef, - String $puppet_server = $nspawn::puppet_server, - String $template_dir = $nspawn::template_dir, -) { - - $template = "${template_name}.base" - $root = "${template_dir}/${template}" - - case $os { - 'debian': { - $real_version = if $version != undef { - $version - } else { - # Oout of bounds indexing gives 'undef' - $template_name.split('-')[1] - } - nspawn::os::debian { $template: - os_version => $real_version, - template_dir => $template_dir, - before => Nspawn::Template_final[$template], - } - } - 'arch': { - nspawn::os::arch { $template: - template_dir => $template_dir, - before => Nspawn::Template_final[$template], - } - } - } - - nspawn::template_final { $template: - root => $root, - puppet_server => $puppet_server, - } - -} diff --git a/manifests/template_final.pp b/manifests/template_final.pp deleted file mode 100644 index 4ab5a9d..0000000 --- a/manifests/template_final.pp +++ /dev/null @@ -1,42 +0,0 @@ -define nspawn::template_final ( - String $root, - String $puppet_server, - String $template = $name, -) { - exec { "Enable puppet on ${template}": - command => [ '/usr/bin/systemd-nspawn', - '-M', $template, - '--quiet', - 'systemctl', 'enable', 'puppet', - ], - creates => "${root}/etc/systemd/system/multi-user.target.wants/puppet.service", - } - - file { "${root}/etc/systemd/system/puppet.service.requires": - ensure => directory, - } - - # This is nice in theory, but has the problem that - # network-online.target is reached on our first IP-address, which - # will probably be our static IPv4 address, and busting.adrift.space - # isn't resolvable over IPv4... - file { "${root}/etc/systemd/system/puppet.service.requires/network-online.target": - ensure => link, - # Debian requires /lib, arch accepts it - target => '/lib/systemd/system/network-online.target' - } - - file { [ "${root}/etc/puppetlabs", - "${root}/etc/puppetlabs/puppet" ] : - ensure => directory, - } - - - file { "${root}/etc/puppetlabs/puppet/puppet.conf": - ensure => file, - content => @("EOF") - [main] - server = ${puppet_server} - | EOF - } -} diff --git a/manifests/util/disable_networking.pp b/manifests/util/disable_networking.pp deleted file mode 100644 index 186d096..0000000 --- a/manifests/util/disable_networking.pp +++ /dev/null @@ -1,13 +0,0 @@ -define nspawn::util::disable_networking ( - String $template_name = $name, - String $template_dir = $nspawn::template_dir, - String $template_path = "${template_dir}/${template_name}", -) { - # Manually masking instead of trying to disable/mask it through - # systemd, since this is MUCH easier to do whith puppet. - file { "${template_path}/etc/systemd/system/networking.service": - ensure => link, - target => '/dev/null', - } -} - diff --git a/manifests/util/enable_networkd.pp b/manifests/util/enable_networkd.pp deleted file mode 100644 index 40cb3d9..0000000 --- a/manifests/util/enable_networkd.pp +++ /dev/null @@ -1,39 +0,0 @@ -define nspawn::util::enable_networkd ( - String $template_name = $name, - String $template_dir = $nspawn::template_dir, - String $root = "${template_dir}/${template_name}", -) { - - networking::networkd_instance { "Initial networking on ${template_name}": - priority => 99, - filename => 'puppet-initial', - path => "${root}/${networking::networkd::path}", - content => { - 'Match' => { - 'Name' => 'host0', - }, - 'Network' => { - 'DHCP' => 'ipv4', - 'IPv6AcceptRA' => 1, - }, - }, - } - - $running = $facts['machined-info'][$template_name] != undef - and $facts['machined-info'][$template_name]['State'] == 'running' - - $cmd = if $running { - [ 'systemctl', '-M', $template_name, 'enable', 'systemd-networkd' ] - } else { - [ 'systemd-nspawn', '-M', $template_name, '--quiet', - 'systemctl', 'enable', 'systemd-networkd' ] - } - - exec { "Enable systemd-networkd on ${template_name}": - command => $cmd, - path => [ '/bin', '/usr/bin', ], - # among others - creates => "${root}/etc/systemd/system/multi-user.target.wants/systemd-networkd.service", - } - -} |