improved lxc_host

8 years ago · f406f04b72
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,3 @@
 group_vars/all.yaml
 inventory
 *.retry
--- a/group_vars/all.yaml.example
+++ b/group_vars/all.yaml.example
@ -0,0 +1,2 @@
 user_ca_key: ""
 ext_gateway: 
--- a/inventory.example
+++ b/inventory.example
@ -0,0 +1,2 @@
 [GROUP]
 HOSTNAME   ansible_host=IP  ansible_user=root
--- a/prepare_host.yaml
+++ b/prepare_host.yaml
@ -5,17 +5,36 @@
      apt: name={{ item }} state=latest
      with_items:
          - lxc
          - lxc-dev
          - python
          - python-dev
          - python-pip
    - name: install lxc python support
      pip: name=lxc-python2 state=latest
          - python-lxc
    - name: install bridge utilities
      apt: name=bridge-utils state=latest
      notify: restart networking
    # We should fix this bug. We really should. It's a bug.
    # Bridge-utils requires a complete system reboot to enable the new bridge.
    - name: configure bridge
      template:
          src: templates/interfaces.j2
          dest: /etc/network/interfaces
      notify: restart networking
    - name: install utilities
      apt: name=vim state=latest
      apt: name={{ item }} state=latest
      with_items:
          - vim
          - htop
    - name: add ca pub key
      command: |
              echo "ssh-rsa {{ user_ca_key }}" > /etc/ssh/user_ca.pub
              echo "TrustedUserCAKeys /etc/ssh/user_ca.pub" >> /etc/ssh/sshd_config
    - name: restart ssh
      service: name=ssh state=restarted
      copy:
        content: "ssh-rsa {{ user_ca_key }}"
        dest: /etc/ssh/user_ca.pub
    - name: trust ca pub key
      lineinfile:
        dest: /etc/ssh/sshd_config
        state: present
        line: "TrustedUserCAKeys /etc/ssh/user_ca.pub"
      notify: restart sshd
  handlers:
      - name: restart networking
        service: name=networking state=reloaded
      - name: restart sshd
        service: name=networking state=reloaded

--- a/roles/lxc_guest/defaults/main.yaml
+++ b/roles/lxc_guest/defaults/main.yaml
@ -1,4 +1,3 @@
 ---
 auto_start: true
 container_state: started
 user_ca_key: ""
--- a/roles/lxc_guest/tasks/main.yaml
+++ b/roles/lxc_guest/tasks/main.yaml
@ -8,7 +8,7 @@
      lxc_container:
          name: "{{ vm_name }}"
          backing_store: lvm
          vg_name: sysvg
          vg_name: "{{ inventory_hostname }}vg"
          lv_name: "vm_{{ vm_name }}"
          fs_type: xfs
          container_log: true
--- a/roles/lxc_guest/templates/config.j2
+++ b/roles/lxc_guest/templates/config.j2
@ -11,5 +11,5 @@ lxc.network.flags = up
 lxc.network.link = br0
 lxc.network.name = eth0
 lxc.network.ipv4 = {{ hostvars[vm_name]['ansible_host'] }}/24
 lxc.network.ipv4.gateway = {{ hostvars['ext_gateway']['ansible_host'] }}
 lxc.network.ipv4.gateway = {{ ext_gateway }}
 lxc.start.auto = {% if auto_start %}1{% else %}0{% endif %}
--- a/templates/interfaces.j2
+++ b/templates/interfaces.j2
@ -0,0 +1,17 @@
 # This file describes the network interfaces available on your system
 # and how to activate them. For more information, see interfaces(5).

 source /etc/network/interfaces.d/*

 # The loopback network interface
 auto lo
 iface lo inet loopback

 # The primary network interface
 auto br0
 iface br0 inet static
        address {{ ansible_default_ipv4.address }}
        netmask 255.255.255.0
        gateway {{ ext_gateway }}
        bridge_ports eth0
        bridge_fd 1