diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-01-02 04:31:50 +0100 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-01-02 04:44:39 +0100 |
| commit | a261aa089f879b6854c7b8fc7676d6b23ac25588 (patch) | |
| tree | fc7e5e7dd40cca83f2eb130a8c26066689a6cd89 | |
| parent | Add debug notice. (diff) | |
| download | webdav_server-a261aa089f879b6854c7b8fc7676d6b23ac25588.tar.gz webdav_server-a261aa089f879b6854c7b8fc7676d6b23ac25588.tar.xz | |
Network rewrites.
| -rw-r--r-- | manifests/site.pp | 17 | ||||
| -rw-r--r-- | modules/networking/manifests/init.pp | 18 | ||||
| -rw-r--r-- | modules/networking/manifests/networkd.pp | 32 | ||||
| -rw-r--r-- | modules/networking/templates/interface.epp | 16 | ||||
| -rw-r--r-- | modules/nspawn/manifests/machine.pp | 2 | ||||
| -rw-r--r-- | modules/nspawn/manifests/os/arch.pp | 32 | ||||
| -rw-r--r-- | modules/nspawn/manifests/os/debian.pp | 39 | ||||
| -rw-r--r-- | modules/nspawn/manifests/util/disable_networking.pp | 22 | ||||
| -rw-r--r-- | modules/nspawn/manifests/util/enable_networkd.pp | 35 |
9 files changed, 144 insertions, 69 deletions
diff --git a/manifests/site.pp b/manifests/site.pp index 7467e93..676eb18 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1,23 +1,20 @@ - node 'gandalf.adrift.space' { include ::rss_filter - notify { 'hiera paths?': - message => "This is a [${lookup('test2')}]", - } - nspawn::machine { 'busting': - os => 'debian', - enable => true, - os_opts => { + os => 'debian', + enable => true, + os_opts => { os_version => 'buster', } } + # busting 10.0.0.42/23 + nspawn::machine { 'yoursql': - os => 'arch', - enable => true, + os => 'arch', + enable => true, } class { '::dns': diff --git a/modules/networking/manifests/init.pp b/modules/networking/manifests/init.pp new file mode 100644 index 0000000..bd1fda8 --- /dev/null +++ b/modules/networking/manifests/init.pp @@ -0,0 +1,18 @@ +class networking ( + String $addr4, + String $gw4, # TODO default this to first address in subnet +) { + + # TODO choose a sensible provider here + + networking::networkd { '20-puppet': + network => { + 'Address' => $addr4, + 'Gateway' => $gw4, + 'IPv6AcceptRA' => 1, + }, + notify_ => true, + manage_directory => true, + } + +} diff --git a/modules/networking/manifests/networkd.pp b/modules/networking/manifests/networkd.pp new file mode 100644 index 0000000..4376a29 --- /dev/null +++ b/modules/networking/manifests/networkd.pp @@ -0,0 +1,32 @@ +define networking::networkd ( + Hash $network, + Optional[Hash] $match = { 'Name' => $facts['networking']['primary'] }, + String $root = '/', + String $path = "${root}/etc/systemd/network", + String $filename = $name, + String $file = "${path}/${filename}.conf", + Boolean $notify_ = true, + Boolean $manage_directory = true, +) { + + if $manage_directory { + file { $path: + ensure => directory, + purge => true, + recurse => true, + } + } + + inifile::create_ini_settings({ + 'Match' => $match, + 'Network' => $network, + }, { path => $file, }) + + if $notify_ { + Ini_Setting <| path == $file |> + ~> exec { 'networkctl reload': + path => ['/bin', '/usr/bin',], + refreshonly => true, + } + } +} diff --git a/modules/networking/templates/interface.epp b/modules/networking/templates/interface.epp new file mode 100644 index 0000000..d824f69 --- /dev/null +++ b/modules/networking/templates/interface.epp @@ -0,0 +1,16 @@ +# File managed by puppet +auto host0 +# allow-hotplug host0 + +iface host0 inet <%= if $addr4 { 'static' } else { 'dhcp' } %> +<%- if $addr4 { -%> + address <%= $addr4 %> + <%- if $gw4 { -%> + gateway <%= $gw4 %> + <%- } -%> +<%- } -%> + + +iface host0 inet6 auto + private 0 + diff --git a/modules/nspawn/manifests/machine.pp b/modules/nspawn/manifests/machine.pp index a16a82c..8ba9bf3 100644 --- a/modules/nspawn/manifests/machine.pp +++ b/modules/nspawn/manifests/machine.pp @@ -32,7 +32,7 @@ define nspawn::machine ( create_resources("nspawn::os::${os}", { $machine => $os_opts }) service { "systemd-nspawn@${machine}.service": - enable => true, + enable => $enable, } } diff --git a/modules/nspawn/manifests/os/arch.pp b/modules/nspawn/manifests/os/arch.pp index 0affee1..e5fc210 100644 --- a/modules/nspawn/manifests/os/arch.pp +++ b/modules/nspawn/manifests/os/arch.pp @@ -4,35 +4,11 @@ define nspawn::os::arch ( ensure_packages(['arch-install-scripts']) - exec { "/usr/bin/pacstrap /var/lib/machines/${machine} base puppet": - creates => "/var/lib/machines/${machine}/etc/os-release", - } - - file { "/var/lib/machines/${machine}/etc/systemd/network/20-puppet.conf": - content => @(EOF) - [Match] - Name=host0 + $machine_path = "/var/lib/machines/${machine}" - [Network] - Address=10.0.0.43/23 - Gateway=10.0.0.1 - IPv6AcceptRA=1 - | EOF + exec { "/usr/bin/pacstrap '${machine_path}' base puppet": + creates => "${machine_path}/etc/os-release", } - if $facts['machined-info'][$machine]['State'] == 'running' { - notify { "Notify skipping ${machine} setup": - message => "Skipping setup for ${machine}, already running", - } - } else { - exec { "Enable systemd-networkd on ${machine}": - command => [ '/usr/bin/systemd-nspawn', - '-M', $machine, - '--quiet', - 'systemctl', 'enable', 'systemd-networkd', - ], - # among others - creates => "/var/lib/machines/${machine}/etc/systemd/system/multi-user.target.wants/systemd-networkd.service", - } - } + nspawn::util::enable_networkd { $machine: } } diff --git a/modules/nspawn/manifests/os/debian.pp b/modules/nspawn/manifests/os/debian.pp index b8a1bd4..fbab9ac 100644 --- a/modules/nspawn/manifests/os/debian.pp +++ b/modules/nspawn/manifests/os/debian.pp @@ -2,48 +2,23 @@ define nspawn::os::debian ( String $os_version, String $machine = $name, ) { + ensure_packages(['debootstrap']) exec { "/usr/bin/deboostrap ${os_version} /var/lib/machines/${machine}": creates => "/var/lib/machines/${machine}/etc/os-release", } - file { "/var/lib/machines/${machine}/etc/network/interfaces": - ensure => file, - content => @(EOF) - # File managed by puppet - # See interfaces(5) - source-directory /etc/network/interfaces.d - | EOF - } - - file { "/var/lib/machines/${machine}/etc/network/interfaces.d": - ensure => directory, - } - - file { "/var/lib/machines/${machine}/etc/network/interfaces.d/puppet": - ensure => file, - content => @(EOF) - # File managed by puppet - auto host0 - # allow-hotplug host0 - - iface host0 inet static - address 10.0.0.42/23 - gateway 10.0.0.1 - - iface host0 inet6 auto - private 0 - | EOF - } - $puppet_deb = "/var/lib/machines/${machine}/tmp/puppet7-release-${os_version}.deb" file { $puppet_deb: ensure => file, source => "https://apt.puppet.com/puppet7-release-${os_version}.deb" } - if $facts['machined-info'][$machine]['State'] == 'running' { + $running = $facts['machined-info'][$machine] != Undef or $facts['machined-info'][$machine]['State'] == 'running' + + if $running { + # TODO notify { "Notify skipping ${machine} setup": message => "Skipping setup for ${machine}, already running", } @@ -67,4 +42,8 @@ define nspawn::os::debian ( creates => "/var/lib/machines/${machine}/opt/puppetlabs/bin/puppet", } } + + nspawn::util::disable_networking { $machine: } + nspawn::util::enable_networkd { $machine: } + } diff --git a/modules/nspawn/manifests/util/disable_networking.pp b/modules/nspawn/manifests/util/disable_networking.pp new file mode 100644 index 0000000..4a9b31b --- /dev/null +++ b/modules/nspawn/manifests/util/disable_networking.pp @@ -0,0 +1,22 @@ +define nspawn::util::disable_networking ( + String $machine = $name, + String $machine_path = "/var/lib/machines/${machine}", +) { + + + $cmd = if $facts['machined-info'][$machine]['State'] == 'running' { + [ 'systemctl', '-M', $machine, 'disable', 'networking' ] + } else { + [ 'systemd-nspawn', '-M', $machine, '--quiet', + 'systemctl', 'disable', 'networking' ] + } + + exec { "Disable networking on ${machine}": + command => $cmd, + path => [ '/bin', '/usr/bin', ], + # among others + # creates => "${machine_path}/etc/systemd/system/multi-user.target.wants/systemd-networkd.service", + } + +} + diff --git a/modules/nspawn/manifests/util/enable_networkd.pp b/modules/nspawn/manifests/util/enable_networkd.pp new file mode 100644 index 0000000..2b532b9 --- /dev/null +++ b/modules/nspawn/manifests/util/enable_networkd.pp @@ -0,0 +1,35 @@ +define nspawn::util::enable_networkd ( + String $machine = $name, + String $machine_path = "/var/lib/machines/${machine}", +) { + + # TODO only do this if the directory is empty + networking::networkd { "Initial networking on ${machine}": + filename => '20-puppet-initial', + match => { 'Name' => 'host0', }, + root => $machine_path, + network => { + 'DHCP' => 'ipv4', + 'IPv6AcceptRA' => 1, + }, + notify_ => false, + manage_directory => false, + } + + $running = $facts['machined-info'][$machine] != Undef or $facts['machined-info'][$machine]['State'] == 'running' + + $cmd = if $running { + [ 'systemctl', '-M', $machine, 'enable', 'systemd-networkd' ] + } else { + [ 'systemd-nspawn', '-M', $machine, '--quiet', + 'systemctl', 'enable', 'systemd-networkd' ] + } + + exec { "Enable systemd-networkd on ${machine}": + command => $cmd, + path => [ '/bin', '/usr/bin', ], + # among others + creates => "${machine_path}/etc/systemd/system/multi-user.target.wants/systemd-networkd.service", + } + +} |