Implement bridge

2024-09-03 19:55:53 +02:00 · 2022-07-22 02:31:36 +02:00 · 2022-07-22 02:31:36 +02:00 · dbb99a141a
commit dbb99a141a
parent fb0d5a7fb8
7 changed files with 225 additions and 26 deletions
--- a/conf/default.conf
+++ b/conf/default.conf
@ -0,0 +1,6 @@
+lxc.net.0.type = veth
+lxc.net.0.link = __LXC_BRIDGE__
+lxc.net.0.flags = up
+lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
--- a/conf/lxc-net
+++ b/conf/lxc-net
@ -0,0 +1,9 @@
+USE_LXC_BRIDGE="true"
+LXC_BRIDGE="__LXC_BRIDGE__"
+LXC_ADDR="__PLAGE_IP__.1"
+LXC_NETMASK="255.255.255.0"
+LXC_NETWORK="__PLAGE_IP__.0/24"
+LXC_DHCP_RANGE="__PLAGE_IP__.2,__PLAGE_IP__.254"
+LXC_DHCP_MAX="253"
+LXC_DHCP_CONFILE=""
+LXC_DOMAIN=""
--- a/conf/lxc_bridge
+++ b/conf/lxc_bridge
@ -1,6 +0,0 @@
-auto __LXC_BRIDGE__
-iface __LXC_BRIDGE__ inet static
-        address __PLAGE_IP__.1/24
-        bridge_ports none
-        bridge_fd 0
-        bridge_maxwait 0
--- a/doc/DISCLAIMER.md
+++ b/doc/DISCLAIMER.md
@ -0,0 +1,175 @@
+## Some Nomad Job examples
+
+### Busybox
+
+`lxc-create --name=busybox --template=busybox`
+
+```
+job "job-busybox" {
+  datacenters = ["dc1"]
+  type        = "service"
+
+  group "group-busybox" {
+    task "task-busybox" {
+      driver = "lxc"
+
+      config {
+        log_level = "info"
+        verbosity = "verbose"
+        template  = "/usr/share/lxc/templates/lxc-busybox"
+      }
+
+      resources {
+        cpu    = 500
+        memory = 256
+      }
+    }
+  }
+}
+```
+
+### Debian
+
+`lxc-create --name=debian --template=debian`
+
+```
+job "job-debian" {
+  datacenters = ["dc1"]
+  type        = "service"
+
+  group "group-debian" {
+    task "task-debian" {
+      driver = "lxc"
+
+      config {
+        log_level = "info"
+        verbosity = "verbose"
+        template  = "/usr/share/lxc/templates/lxc-debian"
+      }
+
+      resources {
+        cpu    = 500
+        memory = 256
+      }
+    }
+  }
+}
+```
+
+### Debian Stretch
+
+`lxc-create --name=stretch --template=debian -- --release=stretch`
+
+```
+job "job-stretch" {
+  datacenters = ["dc1"]
+  type        = "service"
+
+  group "group-stretch" {
+    task "task-stretch" {
+      driver = "lxc"
+
+      config {
+        log_level = "info"
+        verbosity = "verbose"
+        template  = "/usr/share/lxc/templates/lxc-debian"
+		template_args = ["--release=stretch"]
+      }
+
+      resources {
+        cpu    = 500
+        memory = 256
+      }
+    }
+  }
+}
+}
+```
+
+### Debian Buster
+
+`lxc-create --name=buster --template=debian -- --release=buster`
+
+```
+job "job-buster" {
+  datacenters = ["dc1"]
+  type        = "service"
+
+  group "group-buster" {
+    task "task-buster" {
+      driver = "lxc"
+
+      config {
+        log_level = "info"
+        verbosity = "verbose"
+        template  = "/usr/share/lxc/templates/lxc-debian"
+		template_args = ["--release=buster"]
+      }
+
+      resources {
+        cpu    = 500
+        memory = 256
+      }
+    }
+  }
+}
+}
+```
+
+### Debian Buster from images.linuxcontainers.org
+
+`lxc-create --name=download-buster --template=download -- --dist=debian --release=buster --arch=amd64 --keyserver=hkp://keyserver.ubuntu.com`
+
+```
+job "job-download-buster" {
+  datacenters = ["dc1"]
+  type        = "service"
+
+  group "group-download-buster" {
+    task "task-download-buster" {
+      driver = "lxc"
+
+      config {
+        log_level = "info"
+        verbosity = "verbose"
+        template  = "/usr/share/lxc/templates/lxc-download"
+		template_args = ["--dist=debian","--release=buster","--arch=amd64","--keyserver=hkp://keyserver.ubuntu.com"]
+      }
+
+      resources {
+        cpu    = 500
+        memory = 256
+      }
+    }
+  }
+}
+```
+
+### Debian Bullseye from images.linuxcontainers.org
+
+`lxc-create --name=download-bullseye --template=download -- --dist=debian --release=bullseye --arch=amd64 --keyserver=hkp://keyserver.ubuntu.com`
+
+```
+job "job-download-bullseye" {
+  datacenters = ["dc1"]
+  type        = "service"
+
+  group "group-download-bullseye" {
+    task "task-download-bullseye" {
+      driver = "lxc"
+
+      config {
+        log_level = "info"
+        verbosity = "verbose"
+        template  = "/usr/share/lxc/templates/lxc-download"
+		template_args = ["--dist=debian","--release=bullseye","--arch=amd64","--keyserver=hkp://keyserver.ubuntu.com"]
+      }
+
+      resources {
+        cpu    = 500
+        memory = 256
+      }
+    }
+  }
+}
+```
--- a/scripts/install
+++ b/scripts/install
@ -187,11 +187,17 @@ then
 	chmod 400 "$config_path/client.hcl"
 	chown $app:$app "$config_path/client.hcl"

-	ynh_add_config --template="../conf/lxc_bridge" --destination="/etc/network/interfaces.d/$lxc_bridge"
-	ifup $lxc_bridge --interfaces=/etc/network/interfaces.d/$lxc_bridge
-	iptables -A FORWARD -i $lxc_bridge -o $main_iface -j ACCEPT
-	iptables -A FORWARD -i $main_iface -o $lxc_bridge -j ACCEPT
-	iptables -t nat -A POSTROUTING -s $plage_ip.0/24 -j MASQUERADE
+	echo "bind-interfaces
+except-interface=lxdbr0" > /etc/dnsmasq.d/lxd
+	systemctl restart dnsmasq
+
+	ynh_add_config --template="../conf/default.conf" --destination="/etc/lxc/default.conf"
+	ynh_add_config --template="../conf/lxc-net" --destination="/etc/default/lxc-net"
+	systemctl enable lxc-net --quiet
+	systemctl start lxc-net --quiet
+	#iptables -A FORWARD -i $lxc_bridge -o $main_iface -j ACCEPT
+	#iptables -A FORWARD -i $main_iface -o $lxc_bridge -j ACCEPT
+	#iptables -t nat -A POSTROUTING -s $plage_ip.0/24 -j MASQUERADE
 fi

 #=================================================
--- a/scripts/remove
+++ b/scripts/remove
@ -71,14 +71,6 @@ ynh_script_progression --message="Removing NGINX web server configuration..."
 # Remove the dedicated NGINX config
 ynh_remove_nginx_config

-#=================================================
-# REMOVE DEPENDENCIES
-#=================================================
-ynh_script_progression --message="Removing dependencies..."
-
-# Remove metapackage and its dependencies
-ynh_remove_app_dependencies
-
 #=================================================
 # CLOSE A PORT
 #=================================================
@ -100,10 +92,20 @@ then

 	lxc_bridge=$(ynh_app_setting_get --app=$app --key=lxc_bridge)

-	ifdown --force $lxc_bridge
-	ynh_secure_remove --file="/etc/network/interfaces.d/$lxc_bridge"
+	systemctl stop lxc-net --quiet
+	systemctl disable lxc-net --quiet
+	ynh_secure_remove --file="/etc/default/lxc-net"
+	ynh_secure_remove --file="/etc/lxc/default.conf"
 fi

+#=================================================
+# REMOVE DEPENDENCIES
+#=================================================
+ynh_script_progression --message="Removing dependencies..."
+
+# Remove metapackage and its dependencies
+ynh_remove_app_dependencies
+
 #=================================================
 # SPECIFIC REMOVE
 #=================================================
--- a/scripts/restore
+++ b/scripts/restore
@ -112,11 +112,18 @@ then
 	plage_ip=$(ynh_app_setting_get --app=$app --key=plage_ip)
 	main_iface=$(ip route | grep default | awk '{print $5;}')
 	ynh_app_setting_set --app=$app --key=main_iface --value=$main_iface
-	ynh_add_config --template="../conf/lxc_bridge" --destination="/etc/network/interfaces.d/$lxc_bridge"
-	ifup $lxc_bridge --interfaces=/etc/network/interfaces.d/$lxc_bridge
-	iptables -A FORWARD -i $lxc_bridge -o $main_iface -j ACCEPT
-	iptables -A FORWARD -i $main_iface -o $lxc_bridge -j ACCEPT
-	iptables -t nat -A POSTROUTING -s $plage_ip.0/24 -j MASQUERADE
+
+	echo "bind-interfaces
+except-interface=lxdbr0" > /etc/dnsmasq.d/lxd
+	systemctl restart dnsmasq
+
+	ynh_add_config --template="../conf/lxc-net" --destination="/etc/default/lxc-net"
+	ynh_add_config --template="../conf/default.conf" --destination="/etc/lxc/default.conf"
+	systemctl enable lxc-net --quiet
+	systemctl start lxc-net --quiet
+	#iptables -A FORWARD -i $lxc_bridge -o $main_iface -j ACCEPT
+	#iptables -A FORWARD -i $main_iface -o $lxc_bridge -j ACCEPT
+	#iptables -t nat -A POSTROUTING -s $plage_ip.0/24 -j MASQUERADE
 fi

 #=================================================