diff --git a/conf/default.conf b/conf/default.conf new file mode 100644 index 0000000..89f8c4b --- /dev/null +++ b/conf/default.conf @@ -0,0 +1,6 @@ +lxc.net.0.type = veth +lxc.net.0.link = __LXC_BRIDGE__ +lxc.net.0.flags = up +lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 diff --git a/conf/lxc-net b/conf/lxc-net new file mode 100644 index 0000000..c19bedb --- /dev/null +++ b/conf/lxc-net @@ -0,0 +1,9 @@ +USE_LXC_BRIDGE="true" +LXC_BRIDGE="__LXC_BRIDGE__" +LXC_ADDR="__PLAGE_IP__.1" +LXC_NETMASK="255.255.255.0" +LXC_NETWORK="__PLAGE_IP__.0/24" +LXC_DHCP_RANGE="__PLAGE_IP__.2,__PLAGE_IP__.254" +LXC_DHCP_MAX="253" +LXC_DHCP_CONFILE="" +LXC_DOMAIN="" diff --git a/conf/lxc_bridge b/conf/lxc_bridge deleted file mode 100644 index ad75592..0000000 --- a/conf/lxc_bridge +++ /dev/null @@ -1,6 +0,0 @@ -auto __LXC_BRIDGE__ -iface __LXC_BRIDGE__ inet static - address __PLAGE_IP__.1/24 - bridge_ports none - bridge_fd 0 - bridge_maxwait 0 \ No newline at end of file diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index e69de29..f37d4cd 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -0,0 +1,175 @@ +## Some Nomad Job examples + +### Busybox + +`lxc-create --name=busybox --template=busybox` + +``` +job "job-busybox" { + datacenters = ["dc1"] + type = "service" + + group "group-busybox" { + task "task-busybox" { + driver = "lxc" + + config { + log_level = "info" + verbosity = "verbose" + template = "/usr/share/lxc/templates/lxc-busybox" + } + + resources { + cpu = 500 + memory = 256 + } + } + } +} +``` + +### Debian + +`lxc-create --name=debian --template=debian` + +``` +job "job-debian" { + datacenters = ["dc1"] + type = "service" + + group "group-debian" { + task "task-debian" { + driver = "lxc" + + config { + log_level = "info" + verbosity = "verbose" + template = "/usr/share/lxc/templates/lxc-debian" + } + + resources { + cpu = 500 + memory = 256 + } + } + } +} +``` + +### Debian Stretch + +`lxc-create --name=stretch --template=debian -- --release=stretch` + +``` +job "job-stretch" { + datacenters = ["dc1"] + type = "service" + + group "group-stretch" { + task "task-stretch" { + driver = "lxc" + + config { + log_level = "info" + verbosity = "verbose" + template = "/usr/share/lxc/templates/lxc-debian" + template_args = ["--release=stretch"] + } + + resources { + cpu = 500 + memory = 256 + } + } + } +} +} +``` + +### Debian Buster + +`lxc-create --name=buster --template=debian -- --release=buster` + +``` +job "job-buster" { + datacenters = ["dc1"] + type = "service" + + group "group-buster" { + task "task-buster" { + driver = "lxc" + + config { + log_level = "info" + verbosity = "verbose" + template = "/usr/share/lxc/templates/lxc-debian" + template_args = ["--release=buster"] + } + + resources { + cpu = 500 + memory = 256 + } + } + } +} +} +``` + +### Debian Buster from images.linuxcontainers.org + +`lxc-create --name=download-buster --template=download -- --dist=debian --release=buster --arch=amd64 --keyserver=hkp://keyserver.ubuntu.com` + +``` +job "job-download-buster" { + datacenters = ["dc1"] + type = "service" + + group "group-download-buster" { + task "task-download-buster" { + driver = "lxc" + + config { + log_level = "info" + verbosity = "verbose" + template = "/usr/share/lxc/templates/lxc-download" + template_args = ["--dist=debian","--release=buster","--arch=amd64","--keyserver=hkp://keyserver.ubuntu.com"] + } + + resources { + cpu = 500 + memory = 256 + } + } + } +} +``` + +### Debian Bullseye from images.linuxcontainers.org + +`lxc-create --name=download-bullseye --template=download -- --dist=debian --release=bullseye --arch=amd64 --keyserver=hkp://keyserver.ubuntu.com` + +``` +job "job-download-bullseye" { + datacenters = ["dc1"] + type = "service" + + group "group-download-bullseye" { + task "task-download-bullseye" { + driver = "lxc" + + config { + log_level = "info" + verbosity = "verbose" + template = "/usr/share/lxc/templates/lxc-download" + template_args = ["--dist=debian","--release=bullseye","--arch=amd64","--keyserver=hkp://keyserver.ubuntu.com"] + } + + resources { + cpu = 500 + memory = 256 + } + } + } +} +``` diff --git a/scripts/install b/scripts/install index fcc3fdd..9ea0f5f 100755 --- a/scripts/install +++ b/scripts/install @@ -187,11 +187,17 @@ then chmod 400 "$config_path/client.hcl" chown $app:$app "$config_path/client.hcl" - ynh_add_config --template="../conf/lxc_bridge" --destination="/etc/network/interfaces.d/$lxc_bridge" - ifup $lxc_bridge --interfaces=/etc/network/interfaces.d/$lxc_bridge - iptables -A FORWARD -i $lxc_bridge -o $main_iface -j ACCEPT - iptables -A FORWARD -i $main_iface -o $lxc_bridge -j ACCEPT - iptables -t nat -A POSTROUTING -s $plage_ip.0/24 -j MASQUERADE + echo "bind-interfaces +except-interface=lxdbr0" > /etc/dnsmasq.d/lxd + systemctl restart dnsmasq + + ynh_add_config --template="../conf/default.conf" --destination="/etc/lxc/default.conf" + ynh_add_config --template="../conf/lxc-net" --destination="/etc/default/lxc-net" + systemctl enable lxc-net --quiet + systemctl start lxc-net --quiet + #iptables -A FORWARD -i $lxc_bridge -o $main_iface -j ACCEPT + #iptables -A FORWARD -i $main_iface -o $lxc_bridge -j ACCEPT + #iptables -t nat -A POSTROUTING -s $plage_ip.0/24 -j MASQUERADE fi #================================================= diff --git a/scripts/remove b/scripts/remove index f4f579b..648451f 100755 --- a/scripts/remove +++ b/scripts/remove @@ -71,14 +71,6 @@ ynh_script_progression --message="Removing NGINX web server configuration..." # Remove the dedicated NGINX config ynh_remove_nginx_config -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." - -# Remove metapackage and its dependencies -ynh_remove_app_dependencies - #================================================= # CLOSE A PORT #================================================= @@ -100,10 +92,20 @@ then lxc_bridge=$(ynh_app_setting_get --app=$app --key=lxc_bridge) - ifdown --force $lxc_bridge - ynh_secure_remove --file="/etc/network/interfaces.d/$lxc_bridge" + systemctl stop lxc-net --quiet + systemctl disable lxc-net --quiet + ynh_secure_remove --file="/etc/default/lxc-net" + ynh_secure_remove --file="/etc/lxc/default.conf" fi +#================================================= +# REMOVE DEPENDENCIES +#================================================= +ynh_script_progression --message="Removing dependencies..." + +# Remove metapackage and its dependencies +ynh_remove_app_dependencies + #================================================= # SPECIFIC REMOVE #================================================= diff --git a/scripts/restore b/scripts/restore index aafd41a..0cc003f 100755 --- a/scripts/restore +++ b/scripts/restore @@ -112,11 +112,18 @@ then plage_ip=$(ynh_app_setting_get --app=$app --key=plage_ip) main_iface=$(ip route | grep default | awk '{print $5;}') ynh_app_setting_set --app=$app --key=main_iface --value=$main_iface - ynh_add_config --template="../conf/lxc_bridge" --destination="/etc/network/interfaces.d/$lxc_bridge" - ifup $lxc_bridge --interfaces=/etc/network/interfaces.d/$lxc_bridge - iptables -A FORWARD -i $lxc_bridge -o $main_iface -j ACCEPT - iptables -A FORWARD -i $main_iface -o $lxc_bridge -j ACCEPT - iptables -t nat -A POSTROUTING -s $plage_ip.0/24 -j MASQUERADE + + echo "bind-interfaces +except-interface=lxdbr0" > /etc/dnsmasq.d/lxd + systemctl restart dnsmasq + + ynh_add_config --template="../conf/lxc-net" --destination="/etc/default/lxc-net" + ynh_add_config --template="../conf/default.conf" --destination="/etc/lxc/default.conf" + systemctl enable lxc-net --quiet + systemctl start lxc-net --quiet + #iptables -A FORWARD -i $lxc_bridge -o $main_iface -j ACCEPT + #iptables -A FORWARD -i $main_iface -o $lxc_bridge -j ACCEPT + #iptables -t nat -A POSTROUTING -s $plage_ip.0/24 -j MASQUERADE fi #=================================================