From dfa81fe29a6be169d6ed2803c4bedcd211b16d72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= Date: Thu, 13 Jan 2022 23:15:11 +0100 Subject: Nspawn cleanup. --- manifests/init.pp | 5 ++++ manifests/machine.pp | 29 ++++++++++++---------- manifests/os/arch.pp | 15 +++++++----- manifests/os/debian.pp | 47 ++++++++++++++---------------------- manifests/setup.pp | 2 ++ manifests/template.pp | 39 ++++++++++++++++++++++++++++++ manifests/template_final.pp | 28 +++++++++++++++++++++ manifests/util/disable_networking.pp | 14 ++++++----- manifests/util/enable_networkd.pp | 20 ++++++++------- 9 files changed, 136 insertions(+), 63 deletions(-) create mode 100644 manifests/template.pp create mode 100644 manifests/template_final.pp (limited to 'manifests') diff --git a/manifests/init.pp b/manifests/init.pp index fcda29e..f768f43 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,5 +1,10 @@ class nspawn ( + String $machine_dir = '/var/lib/machines', + String $template_dir = '/var/lib/machines', + String $puppet_server = 'puppet', + Hash[String,Hash] $templates, Hash[String,Hash] $machines, ) { create_resources(nspawn::machine, $machines) + create_resources(nspawn::template, $templates) } diff --git a/manifests/machine.pp b/manifests/machine.pp index 8cc1947..a22855b 100644 --- a/manifests/machine.pp +++ b/manifests/machine.pp @@ -1,30 +1,32 @@ define nspawn::machine ( - String $os, - Hash $os_opts = {} , + String $template, String $machine = $name, Boolean $enable = false, + String $machine_dir = $nspawn::machine_dir, + Hash $nspawn_opts = {}, ) { require ::nspawn::setup - $domain = $facts['domain'] + # TODO + # gather fact from 'machinectl list-images', and check if one with + # our name + '.base' exists - # Sets up image - # create_resources("nspawn::os::${os}", { $machine => $os_opts }) - nspawn::os::debian { 'debian-bullseye.base': - * => $os_opts, - } + $domain = $facts['domain'] + $root = "${machine_dir}/${machine}" # Copies image to us + # TODO does this actually do anything more than a deep copy? exec { "Create ${machine} from template": command => [ 'systemd-nspawn', - '--template=/var/lib/machines/debian-bullseye.base', + "--template=/var/lib/machines/${template}.base", + '--quiet', '-D', $machine, + '/bin/true', # run some command so we don't get stuck on boot prompt ], path => ['/bin','/usr/bin'], - cwd => '/var/lib/machines', - creates => "/var/lib/machines/${machine}", - require => Nspawn::Os::Debian['debian-bullseye.base'], + cwd => $machine_dir, + creates => "${machine_dir}/${machine}", } file { "/var/lib/machines/${machine}/etc/hostname": @@ -44,7 +46,8 @@ define nspawn::machine ( 'Network' => { 'Bridge' => 'br0', } - } + # TODO deep merge? + } + $nspawn_opts file { "/etc/systemd/nspawn/${machine}.nspawn": ensure => file, diff --git a/manifests/os/arch.pp b/manifests/os/arch.pp index e5fc210..d9bd258 100644 --- a/manifests/os/arch.pp +++ b/manifests/os/arch.pp @@ -1,14 +1,17 @@ define nspawn::os::arch ( - String $machine = $name, + String $template_name = $name, + String $template_dir = $nspawn::template_dir, ) { ensure_packages(['arch-install-scripts']) - $machine_path = "/var/lib/machines/${machine}" + $root = "${template_dir}/${template_name}" - exec { "/usr/bin/pacstrap '${machine_path}' base puppet": - creates => "${machine_path}/etc/os-release", + file { $root: + ensure => directory, + } -> exec { "/usr/bin/pacstrap '${root}' base puppet": + creates => "${root}/etc/os-release", + } -> nspawn::util::enable_networkd { $template_name: + template_dir => $template_dir, } - - nspawn::util::enable_networkd { $machine: } } diff --git a/manifests/os/debian.pp b/manifests/os/debian.pp index ff687dd..e7e7a21 100644 --- a/manifests/os/debian.pp +++ b/manifests/os/debian.pp @@ -1,10 +1,12 @@ # TODO rename this to image-setup define nspawn::os::debian ( String $os_version, - String $machine = $name, + String $template_name = $name, + String $template_dir = $nspawn::template_dir, ) { - $root = "/var/lib/machines/debian-${os_version}.base" + $root = "${template_dir}/${template_name}" + $pkg_pos = 'var/tmp' ensure_packages(['debootstrap']) @@ -13,34 +15,35 @@ define nspawn::os::debian ( } $puppet_deb = "puppet7-release-${os_version}.deb" - $puppet_deb_path = "${root}/opt/${puppet_deb}" + $puppet_deb_path = "${root}/${pkg_pos}/${puppet_deb}" file { $puppet_deb_path: ensure => file, source => "https://apt.puppet.com/${puppet_deb}" } - $running = $facts['machined-info'][$machine] != undef and $facts['machined-info'][$machine]['State'] == 'running' + $running = $facts['machined-info'][$template_name] != undef + and $facts['machined-info'][$template_name]['State'] == 'running' if $running { # TODO - notify { "Notify skipping ${machine} setup": - message => "Skipping setup for ${machine}, already running", + notify { "Notify skipping ${template_name} setup": + message => "Skipping setup for ${template_name}, already running", } } else { - exec { "Set up puppet repo for ${machine}": + exec { "Set up puppet repo for ${template_name}": subscribe => File[$puppet_deb_path], command => [ '/usr/bin/systemd-nspawn', - '-M', $machine, + '-M', $template_name, '--quiet', '/bin/sh', '-c', - "dpkg -i '/opt/puppet7-release-${os_version}.deb' && apt update" + "dpkg -i '/${pkg_pos}/puppet7-release-${os_version}.deb' && apt update" ], } - exec { "install puppet-agent on ${machine}": + exec { "install puppet-agent on ${template_name}": command => [ '/usr/bin/systemd-nspawn', - '-M', $machine, + '-M', $template_name, '--quiet', 'apt', 'install', 'puppet-agent', ], @@ -48,24 +51,10 @@ define nspawn::os::debian ( } } - - exec { "Enable puppet on ${machine}": - command => [ '/usr/bin/systemd-nspawn', - '-M', $machine, - '--quiet', - 'systemctl', 'enable', 'puppet', - ], - creates => "${root}/etc/systemd/system/multi-user.target.wants/puppet.service", + nspawn::util::disable_networking { $template_name: + template_dir => $template_dir, } - - file { "${root}/etc/puppetlabs/puppet/puppet.conf": - ensure => file, - content => @(EOF) - [main] - server = busting.adrift.space - | EOF + nspawn::util::enable_networkd { $template_name: + template_dir => $template_dir, } - - nspawn::util::disable_networking { $machine: } - nspawn::util::enable_networkd { $machine: } } diff --git a/manifests/setup.pp b/manifests/setup.pp index ab42446..01503c8 100644 --- a/manifests/setup.pp +++ b/manifests/setup.pp @@ -16,4 +16,6 @@ class nspawn::setup { enable => true, } + Nspawn::Template <| |> -> Nspawn::Machine <| |> + } diff --git a/manifests/template.pp b/manifests/template.pp new file mode 100644 index 0000000..3c66b97 --- /dev/null +++ b/manifests/template.pp @@ -0,0 +1,39 @@ +define nspawn::template ( + String $template_name = $name, + Enum['debian', 'arch'] $os = $template_name.split('-')[0], + Optional[String] $version = undef, + String $puppet_server = $nspawn::puppet_server, + String $template_dir = $nspawn::template_dir, +) { + + $template = "${template_name}.base" + $root = "${template_dir}/${template}" + + case $os { + 'debian': { + $real_version = if $version != undef { + $version + } else { + # Oout of bounds indexing gives 'undef' + $template_name.split('-')[1] + } + nspawn::os::debian { $template: + os_version => $real_version, + template_dir => $template_dir, + before => Nspawn::Template_final[$template], + } + } + 'arch': { + nspawn::os::arch { $template: + template_dir => $template_dir, + before => Nspawn::Template_final[$template], + } + } + } + + nspawn::template_final { $template: + root => $root, + puppet_server => $puppet_server, + } + +} diff --git a/manifests/template_final.pp b/manifests/template_final.pp new file mode 100644 index 0000000..a198775 --- /dev/null +++ b/manifests/template_final.pp @@ -0,0 +1,28 @@ +define nspawn::template_final ( + String $root, + String $puppet_server, + String $template = $name, +) { + exec { "Enable puppet on ${template}": + command => [ '/usr/bin/systemd-nspawn', + '-M', $template, + '--quiet', + 'systemctl', 'enable', 'puppet', + ], + creates => "${root}/etc/systemd/system/multi-user.target.wants/puppet.service", + } + + file { [ "${root}/etc/puppetlabs", + "${root}/etc/puppetlabs/puppet" ] : + ensure => directory, + } + + + file { "${root}/etc/puppetlabs/puppet/puppet.conf": + ensure => file, + content => @("EOF") + [main] + server = ${puppet_server} + | EOF + } +} diff --git a/manifests/util/disable_networking.pp b/manifests/util/disable_networking.pp index ac55951..22d431f 100644 --- a/manifests/util/disable_networking.pp +++ b/manifests/util/disable_networking.pp @@ -1,18 +1,20 @@ define nspawn::util::disable_networking ( - String $machine = $name, - String $machine_path = "/var/lib/machines/${machine}", + String $template_name = $name, + String $template_dir = $nspawn::template_dir, + String $template_path = "${template_dir}/${template_name}.base", ) { - $running = $facts['machined-info'][$machine] != undef and $facts['machined-info'][$machine]['State'] == 'running' + $running = $facts['machined-info'][$template_name] != undef + and $facts['machined-info'][$template_name]['State'] == 'running' $cmd = if $running { - [ 'systemctl', '-M', $machine, 'disable', 'networking' ] + [ 'systemctl', '-M', $template_name, 'disable', 'networking' ] } else { - [ 'systemd-nspawn', '-M', $machine, '--quiet', + [ 'systemd-nspawn', '-M', $template_name, '--quiet', 'systemctl', 'disable', 'networking' ] } - exec { "Disable networking on ${machine}": + exec { "Disable networking on ${template_name}": command => $cmd, path => [ '/bin', '/usr/bin', ], # among others diff --git a/manifests/util/enable_networkd.pp b/manifests/util/enable_networkd.pp index f9b4d2e..40cb3d9 100644 --- a/manifests/util/enable_networkd.pp +++ b/manifests/util/enable_networkd.pp @@ -1,12 +1,13 @@ define nspawn::util::enable_networkd ( - String $machine = $name, - String $machine_path = "/var/lib/machines/${machine}", + String $template_name = $name, + String $template_dir = $nspawn::template_dir, + String $root = "${template_dir}/${template_name}", ) { - networking::networkd_instance { "Initial networking on ${machine}": + networking::networkd_instance { "Initial networking on ${template_name}": priority => 99, filename => 'puppet-initial', - path => "${machine_path}/${networking::networkd::path}", + path => "${root}/${networking::networkd::path}", content => { 'Match' => { 'Name' => 'host0', @@ -18,20 +19,21 @@ define nspawn::util::enable_networkd ( }, } - $running = $facts['machined-info'][$machine] != undef and $facts['machined-info'][$machine]['State'] == 'running' + $running = $facts['machined-info'][$template_name] != undef + and $facts['machined-info'][$template_name]['State'] == 'running' $cmd = if $running { - [ 'systemctl', '-M', $machine, 'enable', 'systemd-networkd' ] + [ 'systemctl', '-M', $template_name, 'enable', 'systemd-networkd' ] } else { - [ 'systemd-nspawn', '-M', $machine, '--quiet', + [ 'systemd-nspawn', '-M', $template_name, '--quiet', 'systemctl', 'enable', 'systemd-networkd' ] } - exec { "Enable systemd-networkd on ${machine}": + exec { "Enable systemd-networkd on ${template_name}": command => $cmd, path => [ '/bin', '/usr/bin', ], # among others - creates => "${machine_path}/etc/systemd/system/multi-user.target.wants/systemd-networkd.service", + creates => "${root}/etc/systemd/system/multi-user.target.wants/systemd-networkd.service", } } -- cgit v1.2.3