diff options
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/init.pp | 45 | ||||
| -rw-r--r-- | manifests/machine.pp | 89 |
2 files changed, 134 insertions, 0 deletions
diff --git a/manifests/init.pp b/manifests/init.pp new file mode 100644 index 0000000..3eedbae --- /dev/null +++ b/manifests/init.pp @@ -0,0 +1,45 @@ +# @summary Configures systemd nspawn containers +# @param config +# Shared configuration for all machines, as per systemd.nspawn(5). +# +# See nspawn::machine's documentation for how it's merged. +# +# @param machines +# Set of machines to be configured. Creates `nspawn::machine` resources. +# See that resource type for acceptable options. +# +# @param template_dir +# Location of template subvolumes. +# +# @param purge +# Should old .nspawn files be purged. +class nspawn ( + Nspawn::Systemdconfig $config, + Stdlib::Abspath $template_dir = '/var/lib/templates', + Hash[String, Hash[String, Any]] $machines = {}, + Boolean $purge = true, +) { + # These aren't parameters since they aren't configurable. + # However, move them to the parameters if it turns out that + # different distributions place these files in different places. + # Location of nspawn files. + $nspawn_dir = '/etc/systemd/nspawn' + # Location of machine subvolumes. + $machine_dir = '/var/lib/machines' + + file { $nspawn_dir: + ensure => directory, + purge => $purge, + recurse => true, + } + + file { $template_dir: + ensure => directory, + } + + file { $machine_dir: + ensure => directory, + } + + create::resources('nspawn::machine', $machines) +} diff --git a/manifests/machine.pp b/manifests/machine.pp new file mode 100644 index 0000000..8b09715 --- /dev/null +++ b/manifests/machine.pp @@ -0,0 +1,89 @@ +# @summary Configuration and provisioning for a single container. +# @param name +# Will be used for both the directory name, and the hostname in the container. +# @param template +# Which template this machine should be configured from. +# +# Templates needs to be manually configured behorehand. +# +# The value 'none' is special, since it allows the machine to be +# managed without a template. The template parameter is however +# required, since a machine without a template needs to be manually +# configured through some other mean. +# +# @param domain +# Domain part of FQDN of container. +# +# @param config +# Configuration for the machine, as per systemd.nspawn(5). +# Will be merged with `nspawn::config` per the `$merge` variable. +# +# @param merge +# How this nodes configuration should be merged with the defalut hash. +# +# - deep +# Stdlib's `deep_merge` will be used, with us on the right. +# - shallow +# `$nspawn::config + $config` +# - replace +# The upstream will be ignored. +# +# @param ensure +define nspawn::machine ( + Variant[String, Enum['none']] $template, + String $domain = $trusted['domain'], + Nspawn::Systemdconfig $config, + Enum['deep', 'shallow', 'override'] $merge = 'deep', + Enum['present', 'absent'] $ensure = 'present', +) { + $root = "${nspawn::machine_dir}/${name}" + + $final_config = $merge ? { + 'deep' => deep_merge($nspawn::config, $config), + 'shallow' => $nspawn::config + $config, + 'override' => $config, + } + + file { "${nspawn::nspawn_dir}/${name}.nspawn": + ensure => $ensure, + content => epp("${module_name}/systemd/nspawn.epp", { + 'data' => $final_config + }), + } + + if $ensure == 'present' { + # if $machine_dir has a quota set, then this inherits it + unless $template == 'none' { + exec { "Initialize ${name} from template": + cmd => [ + 'btrfs', 'snapshot', + "${nspawn::template_dir}/${template}", + $root, + ], + creates => $root, + path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'], + } + } + + file { "${root}/etc/passwd": + content => "${name}\n", + } + + file_line { "${root}/etc/hosts ::1": + line => "::1\t${name}.${domain}\t${name}", + match => "${name}.${domain}", + path => "${root}/etc/hosts", + } + } else { + service { "systemd-nspawn@${name}": + ensure => stopped, + enable => false, + } + + exec { "Remove btrfs subvolume ${root}": + cmd => ['btrfs', 'subvolume', 'delete', $root], + onlyif => [['test', '-d', $root]], + path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'], + } + } +} |