forked from zentralwerk/network
this is what salty progress looks like
This commit is contained in:
parent
68e0ed1f4a
commit
95e7354749
|
@ -0,0 +1,13 @@
|
||||||
|
hosts-inet:
|
||||||
|
core:
|
||||||
|
server1: 172.20.72.1
|
||||||
|
serv-gw: 172.20.72.2
|
||||||
|
pub-gw: 172.20.72.3
|
||||||
|
priv1-gw: 172.20.72.4
|
||||||
|
priv2-gw: 172.20.72.5
|
||||||
|
upstream1: 172.20.72.6
|
||||||
|
anon1: 172.20.72.7
|
||||||
|
pub:
|
||||||
|
pub-gw: 172.20.76.1
|
||||||
|
serv:
|
||||||
|
serv-gw: 172.20.73.1
|
|
@ -0,0 +1,7 @@
|
||||||
|
subnets-inet:
|
||||||
|
core: 172.20.72.0/26
|
||||||
|
serv: 172.20.73.0/26
|
||||||
|
pub: 172.20.76.0/23
|
||||||
|
priv1: 172.20.74.0/28
|
||||||
|
priv2: 172.20.75.0/28
|
||||||
|
mgm: 10.0.0.0/24
|
|
@ -0,0 +1,5 @@
|
||||||
|
base:
|
||||||
|
'*':
|
||||||
|
- hosts
|
||||||
|
- subnets
|
||||||
|
- vlans
|
|
@ -0,0 +1,4 @@
|
||||||
|
vlans:
|
||||||
|
core: 1
|
||||||
|
server: 2
|
||||||
|
public: 3
|
|
@ -7,24 +7,24 @@ lxc.rootfs.backend = dir
|
||||||
lxc.autodev = 1
|
lxc.autodev = 1
|
||||||
lxc.kmsg = 0
|
lxc.kmsg = 0
|
||||||
|
|
||||||
{% for interface in container.interfaces %}
|
{%- for net, type in container.interfaces.items() %}
|
||||||
lxc.network.type={{ interface['type'] }}
|
lxc.network.type={{ type }}
|
||||||
lxc.network.flags=up
|
lxc.network.flags=up
|
||||||
{% if interface['type'] == 'veth' %}
|
{% if type == 'veth' %}
|
||||||
lxc.network.veth.pair={{ id }}-{{ interface['type'] }}
|
lxc.network.veth.pair={{ id }}-{{ net }}
|
||||||
{% endif %}
|
{%- endif %}
|
||||||
{% if interface.get('v4') %}
|
{%- set inet_addr = pillar['hosts-inet'][net].get(id) %}
|
||||||
lxc.network.ipv4={{ interface['v4'] }}
|
{%- if inet_addr %}
|
||||||
{% endif %}
|
{%- set prefix_len = pillar['subnets-inet'][net].split('/')[1] %}
|
||||||
{% if interface.get('bridge') %}
|
lxc.network.ipv4={{ inet_addr }}/{{ prefix_len }}
|
||||||
lxc.network.link={{ interface['bridge'] }}
|
{%- endif %}
|
||||||
{% endif %}
|
{%- if type == 'veth' %}
|
||||||
{% if interface.get('name') %}
|
lxc.network.link=br-{{ net }}
|
||||||
lxc.network.name={{ interface['name'] }}
|
{%- endif %}
|
||||||
{% endif %}
|
lxc.network.name={{ net }}
|
||||||
#lxc.network.ipv4.gateway=
|
#lxc.network.ipv4.gateway=
|
||||||
#lxc.network.ipv6=
|
#lxc.network.ipv6=
|
||||||
#lxc.network.ipv6.gateway=fe80::1
|
#lxc.network.ipv6.gateway=fe80::1
|
||||||
{% endfor %}
|
{%- endfor %}
|
||||||
|
|
||||||
## TODO: limits + caps
|
## TODO: limits + caps
|
||||||
|
|
|
@ -1,38 +1,31 @@
|
||||||
public:
|
pub-gw:
|
||||||
interfaces:
|
interfaces:
|
||||||
- type: veth
|
core:
|
||||||
bridge: br-core
|
type: veth
|
||||||
name: core
|
pub:
|
||||||
v4: 172.20.72.1/26
|
type: phys
|
||||||
- type: phys
|
|
||||||
bridge: bond0.2
|
|
||||||
name: public
|
|
||||||
v4: 172.20.76.1/23
|
|
||||||
|
|
||||||
servers:
|
serv-gw:
|
||||||
interfaces:
|
interfaces:
|
||||||
- type: veth
|
core:
|
||||||
bridge: br-core
|
type: veth
|
||||||
name: core
|
|
||||||
v4: 172.20.72.2/26
|
|
||||||
|
|
||||||
priv1:
|
priv1-gw:
|
||||||
interfaces:
|
interfaces:
|
||||||
- type: veth
|
core:
|
||||||
bridge: br-core
|
type: veth
|
||||||
name: core
|
|
||||||
v4: 172.20.72.3/26
|
|
||||||
|
|
||||||
priv2:
|
priv2-gw:
|
||||||
interfaces:
|
interfaces:
|
||||||
- type: veth
|
core:
|
||||||
bridge: br-core
|
type: veth
|
||||||
name: core
|
|
||||||
v4: 172.20.72.4/26
|
|
||||||
|
|
||||||
upstream1:
|
upstream1:
|
||||||
interfaces:
|
interfaces:
|
||||||
- type: veth
|
core:
|
||||||
bridge: br-core
|
type: veth
|
||||||
name: core
|
|
||||||
v4: 172.20.72.5/26
|
anon1:
|
||||||
|
interface:
|
||||||
|
core:
|
||||||
|
type: veth
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
127.0.0.1 localhost
|
||||||
|
::1 localhost ip6-localhost ip6-loopback
|
||||||
|
|
||||||
|
{% for net, hosts in pillar['hosts-inet'].items() %}
|
||||||
|
{% if hosts.get(id) %}
|
||||||
|
{{ hosts[id] }} {{ id }}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
{{ pillar['hosts-inet']['core']['server1'] }} salt
|
|
@ -7,7 +7,7 @@ lxc:
|
||||||
|
|
||||||
/var/lib/lxc/{{ id }}:
|
/var/lib/lxc/{{ id }}:
|
||||||
cmd.run:
|
cmd.run:
|
||||||
- name: lxc-create -n {{ id }} -B dir -t download -- -d debian -r jessie -a amd64 -- --packages salt-minion
|
- name: lxc-create -n {{ id }} -B dir -t debian -- -r stretch --packages=salt-minion
|
||||||
- require:
|
- require:
|
||||||
- pkg: lxc
|
- pkg: lxc
|
||||||
- creates: /var/lib/lxc/{{ id }}
|
- creates: /var/lib/lxc/{{ id }}
|
||||||
|
@ -20,6 +20,14 @@ lxc:
|
||||||
id: {{ id }}
|
id: {{ id }}
|
||||||
container: {{ container }}
|
container: {{ container }}
|
||||||
|
|
||||||
|
/var/lib/lxc/{{ id }}/rootfs/etc/hosts:
|
||||||
|
file.managed:
|
||||||
|
- source: salt://lxc-containers-1/hosts
|
||||||
|
- template: 'jinja'
|
||||||
|
- context:
|
||||||
|
id: {{ id }}
|
||||||
|
container: {{ container }}
|
||||||
|
|
||||||
autostart-{{ id }}:
|
autostart-{{ id }}:
|
||||||
service.enabled:
|
service.enabled:
|
||||||
- name: lxc@{{ id }}
|
- name: lxc@{{ id }}
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
openssh-server:
|
||||||
|
pkg.purged: []
|
|
@ -0,0 +1,2 @@
|
||||||
|
bird:
|
||||||
|
pkg.installed: []
|
|
@ -27,26 +27,25 @@ bond0.{{ vlan }}:
|
||||||
- network: bond0
|
- network: bond0
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
br-core:
|
{%- for net in ['core', 'public'] %}
|
||||||
|
{%- set vlan = pillar['vlans'][net] %}
|
||||||
|
br-{{ net }}:
|
||||||
network.managed:
|
network.managed:
|
||||||
- type: bridge
|
- type: bridge
|
||||||
ports: bond0.1
|
ports: bond0.{{ vlan }}
|
||||||
|
{%- set ip_addr = pillar['hosts-inet'][net].get('server1') %}
|
||||||
|
{%- if ip_addr %}
|
||||||
|
{%- set prefix_len = pillar['subnets-inet'][net].split('/')[1] %}
|
||||||
proto: manual
|
proto: manual
|
||||||
|
address: {{ ip_addr }}/{{ prefix_len }}
|
||||||
|
{%- else %}
|
||||||
|
proto: static
|
||||||
|
{%- endif %}
|
||||||
|
address: {{ pillar['subnets-inet']['core'] }}
|
||||||
bypassfirewall: True
|
bypassfirewall: True
|
||||||
use:
|
use:
|
||||||
- network: bond0.1
|
- network: bond0.{{ vlan }}
|
||||||
require:
|
require:
|
||||||
- network: bond0.1
|
- network: bond0.{{ vlan}}
|
||||||
|
{%- endfor %}
|
||||||
|
|
||||||
br-public:
|
|
||||||
network.managed:
|
|
||||||
- type: bridge
|
|
||||||
ports: bond0.2
|
|
||||||
proto: manual
|
|
||||||
bypassfirewall: True
|
|
||||||
use:
|
|
||||||
- network: bond0.2
|
|
||||||
require:
|
|
||||||
- network: bond0.2
|
|
||||||
|
|
||||||
|
|
12
salt/top.sls
12
salt/top.sls
|
@ -3,3 +3,15 @@ base:
|
||||||
- salt-master
|
- salt-master
|
||||||
- server1-network
|
- server1-network
|
||||||
- lxc-containers-1
|
- lxc-containers-1
|
||||||
|
- ospf
|
||||||
|
'*-gw':
|
||||||
|
- no-ssh
|
||||||
|
- ospf
|
||||||
|
'upstream*':
|
||||||
|
- no-ssh
|
||||||
|
- ospf
|
||||||
|
- unbound
|
||||||
|
'anon*':
|
||||||
|
- no-ssh
|
||||||
|
- ospf
|
||||||
|
- unbound
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
unbound:
|
||||||
|
pkg.installed: []
|
|
@ -1,9 +1,11 @@
|
||||||
|
Machine-readable here: [salt-pillar/subnets](./salt-pillar/subnets/init.sls)
|
||||||
|
|
||||||
## 172.20.72.0/21
|
## 172.20.72.0/21
|
||||||
|
|
||||||
* 172.20.72.0-172.20.72.63/26 CORE
|
* 172.20.72.0-172.20.72.63/26 CORE
|
||||||
* 172.20.72.64/26 RESERVED FOR EPXANDING CORE
|
* 172.20.72.64/26 RESERVED FOR EPXANDING CORE
|
||||||
* 172.20.72.128/25
|
* 172.20.72.128/25
|
||||||
* 172.20.73.0-172.20.72.63/26 SERVERS
|
* 172.20.73.0-172.20.73.63/26 SERVERS
|
||||||
* 172.20.73.64/26 RESERVED FOR EXPANDING SERVERS
|
* 172.20.73.64/26 RESERVED FOR EXPANDING SERVERS
|
||||||
* 172.20.73.128/25
|
* 172.20.73.128/25
|
||||||
* 172.20.74.0/24:
|
* 172.20.74.0/24:
|
||||||
|
|
Loading…
Reference in New Issue