forked from evolix/ansible-roles
Add role for LXC
This commit is contained in:
parent
1af13e40c1
commit
39bc3d27fb
18
lxc/defaults/main.yml
Normal file
18
lxc/defaults/main.yml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
---
|
||||||
|
# Should LXC containers run in unprivilegied (non root) mode?
|
||||||
|
lxc_unprivilegied_containers: true
|
||||||
|
|
||||||
|
# Network type to use. See lxc.container.conf(5).
|
||||||
|
lxc_network_type: "none"
|
||||||
|
|
||||||
|
# Partition to bind mount into containers.
|
||||||
|
lxc_mount_part: "/home"
|
||||||
|
|
||||||
|
# List of LXC containers to create.
|
||||||
|
# Eg.:
|
||||||
|
# lxc_containers:
|
||||||
|
# - name: php56
|
||||||
|
# release: jessie
|
||||||
|
# - name: php70
|
||||||
|
# release: stretch
|
||||||
|
lxc_containers: []
|
52
lxc/tasks/create-container.yml
Normal file
52
lxc/tasks/create-container.yml
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
---
|
||||||
|
- name: Check if container exists
|
||||||
|
command: "lxc-ls {{name}}"
|
||||||
|
register: container_exists
|
||||||
|
|
||||||
|
- name: Create container
|
||||||
|
command: "lxc-create -n {{name}} -t download -- --dist debian --release {{release}} --arch amd64"
|
||||||
|
when: container_exists.stdout_lines == []
|
||||||
|
|
||||||
|
- name: Disable network configuration inside container
|
||||||
|
replace:
|
||||||
|
name: "/var/lib/lxc/{{name}}/rootfs/etc/default/networking"
|
||||||
|
regexp: "^#CONFIGURE_INTERFACES=yes"
|
||||||
|
replace: CONFIGURE_INTERFACES=no
|
||||||
|
when: lxc_network_type == "none"
|
||||||
|
|
||||||
|
- name: Disable interface shut down on halt inside container
|
||||||
|
lineinfile:
|
||||||
|
name: "/var/lib/lxc/{{name}}/rootfs/etc/default/halt"
|
||||||
|
line: "NETDOWN=no"
|
||||||
|
when: lxc_network_type == "none"
|
||||||
|
|
||||||
|
- name: Make the container poweroff on SIGPWR (sent by lxc-stop) on jessie
|
||||||
|
file:
|
||||||
|
src: /lib/systemd/system/poweroff.target
|
||||||
|
dest: "/var/lib/lxc/{{name}}/rootfs/etc/systemd/system/sigpwr.target"
|
||||||
|
state: link
|
||||||
|
when: release == 'jessie'
|
||||||
|
|
||||||
|
- name: Set the DNS resolvers
|
||||||
|
command: "cp /etc/resolv.conf /var/lib/lxc/{{name}}/rootfs/etc/"
|
||||||
|
|
||||||
|
- name: Add hostname in /etc/hosts
|
||||||
|
lineinfile:
|
||||||
|
name: "/var/lib/lxc/{{name}}/rootfs/etc/hosts"
|
||||||
|
line: "127.0.0.1 {{name}}"
|
||||||
|
|
||||||
|
# Still needed?
|
||||||
|
- name: Fix permission on /dev
|
||||||
|
lineinfile:
|
||||||
|
name: "/var/lib/lxc/{{name}}/rootfs/etc/rc.local"
|
||||||
|
line: "chmod 755 /dev"
|
||||||
|
insertbefore: "^exit 0$"
|
||||||
|
|
||||||
|
- name: Check if container is running
|
||||||
|
command: "lxc-ls --running {{name}}"
|
||||||
|
register: container_running
|
||||||
|
|
||||||
|
- name: "Start {{name}} container"
|
||||||
|
command: "lxc-start -dn {{name}}"
|
||||||
|
when: container_running.stdout_lines == []
|
||||||
|
|
21
lxc/tasks/main.yml
Normal file
21
lxc/tasks/main.yml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
- name: Install lxc tools
|
||||||
|
apt:
|
||||||
|
name: lxc
|
||||||
|
|
||||||
|
- name: Copy LXC default containers configuration
|
||||||
|
template:
|
||||||
|
src: default.conf
|
||||||
|
dest: /etc/lxc/
|
||||||
|
|
||||||
|
- name: Check if root has subuids
|
||||||
|
command: grep '^root:100000:10000$' /etc/subuid
|
||||||
|
register: root_subuids
|
||||||
|
|
||||||
|
- name: Add subuid and subgid ranges to root
|
||||||
|
command: usermod -v 100000-199999 -w 100000-109999 root
|
||||||
|
when: not root_subuids.rc
|
||||||
|
|
||||||
|
- name: Create containers
|
||||||
|
include: "create-container.yml name={{item.name}} release={{item.release}}"
|
||||||
|
with_items: lxc_containers
|
22
lxc/templates/default.conf
Normal file
22
lxc/templates/default.conf
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
{% if lxc_unprivilegied_containers %}
|
||||||
|
# Run containers in unprivilegied mode.
|
||||||
|
# Map both user and group IDs in range 0-9999 in the container to the IDs
|
||||||
|
# 100000-109999 on the host.
|
||||||
|
lxc.id_map = u 0 100000 10000
|
||||||
|
lxc.id_map = g 0 100000 10000
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
|
# Set the default network virtualization method.
|
||||||
|
lxc.network.type = {{lxc_network_type}}
|
||||||
|
|
||||||
|
{% if lxc_mount_part %}
|
||||||
|
# Mount {{lxc_mount_part}} into containers.
|
||||||
|
# lxc.mount.entry = {{lxc_mount_part}} {{lxc_mount_part |replace('/', '')}} none bind 0 0
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
|
# Only one tty is enough.
|
||||||
|
# This require that you disabled others tty ([2-6]) in systemd.
|
||||||
|
lxc.tty = 1
|
||||||
|
|
||||||
|
# Run 64bits containers
|
||||||
|
lxc.arch = x86_64
|
Loading…
Reference in a new issue