Commit 67962231 by Jocelyn Delalande

lxc-host: Allow stretch containers and fix Jessie setup

parent a8756085
......@@ -3,6 +3,8 @@ LXC management
LXC containers are only half-automated through the *lxc-host* role.
It works with Debian Stretch only.
Ansible vars
------------
......@@ -61,7 +63,7 @@ To create a new container:
myhostname=foo
lxc-create -B best -n ${myhostname} -t download -- \
--dist debian --release jessie --arch amd64
--dist debian --release stretch --arch amd64
Then register it in `dmz_hosts` variable (in site.yml) registering propper
distro/release and ip-addr and run the provision :
......
- name: Install lxc packages
# Only jessie-backports offers both lxc and python-lxc
apt: pkg={{ item }} state=installed default_release=jessie-backports
apt: pkg={{ item }} state=installed
with_items:
- lxc
- python-lxc
......
lxc.rootfs = /var/lib/lxc/{{ item.name }}/rootfs
{% if item.lxc.version == 'jessie' %}
lxc.tty = 4
lxc.pts = 1024
lxc.arch = amd64
lxc.utsname = {{ item.name }}
lxc.cap.drop = sys_module mac_admin mac_override sys_time
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br-dmz
lxc.network.hwaddr = {{ item.mac }}
{% if item.lxc.autostart|default(False) %}
lxc.start.auto = 1
{% endif %}
# Default policy: deny everything and allow mknod without perms
lxc.cgroup.devices.deny = a
......@@ -28,6 +19,23 @@ lxc.cgroup.devices.allow = c 1:8 rwm # /dev/random
lxc.cgroup.devices.allow = c 5:2 rwm # /dev/ptmx
lxc.cgroup.devices.allow = c 254:0 rwm # /dev/rtc0
lxc.cgroup.devices.allow = c 136:* rwm # /dev/pts*
{% else %}
# Distribution configuration
lxc.include = /usr/share/lxc/config/debian.common.conf
{% endif %}
lxc.arch = amd64 # linux64?
lxc.rootfs = /var/lib/lxc/{{ item.name }}/rootfs
lxc.rootfs.backend = btrfs
lxc.utsname = {{ item.name }}
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br-dmz
lxc.network.hwaddr = {{ item.mac }}
{% if item.lxc.autostart|default(False) %}
lxc.start.auto = 1
{% endif %}
{% if 'pts' in item.lxc.features|default([]) %}
......@@ -51,7 +59,6 @@ lxc.cgroup.devices.allow = c 4:7 rwm # dev/tty7
lxc.cgroup.devices.allow = c 4:8 rwm # dev/tty8
lxc.cgroup.devices.allow = c 4:9 rwm # dev/tty9
lxc.cgroup.devices.allow = c 4:10 rwm # dev/tty10
{% endif %}
{% if 'audio' in item.lxc.features|default([]) %}
......@@ -76,9 +83,6 @@ lxc.cgroup.devices.allow = c 248:* rwm # /dev/lirc*
lxc.mount.entry = /dev/lirc0 dev/lirc0 none bind,optional,create=file
{% endif %}
{% if item.lxc.distro == 'debian' %}{% if item.lxc.version == 'jessie' %}
lxc.autodev = 1
lxc.kmsg = 0
{% endif %}{% endif %}
lxc.seccomp = /usr/share/lxc/config/common.seccomp
\ No newline at end of file
{% if 'dangerous' in item.lxc.features|default([]) %}
lxc.seccomp = /usr/share/lxc/config/common.seccomp
{% endif %}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment