this is what salty progress looks like

This commit is contained in:
Astro 2016-11-06 02:49:56 +01:00
parent 68e0ed1f4a
commit 95e7354749
14 changed files with 120 additions and 61 deletions

View File

@ -0,0 +1,13 @@
hosts-inet:
core:
server1: 172.20.72.1
serv-gw: 172.20.72.2
pub-gw: 172.20.72.3
priv1-gw: 172.20.72.4
priv2-gw: 172.20.72.5
upstream1: 172.20.72.6
anon1: 172.20.72.7
pub:
pub-gw: 172.20.76.1
serv:
serv-gw: 172.20.73.1

View File

@ -0,0 +1,7 @@
subnets-inet:
core: 172.20.72.0/26
serv: 172.20.73.0/26
pub: 172.20.76.0/23
priv1: 172.20.74.0/28
priv2: 172.20.75.0/28
mgm: 10.0.0.0/24

5
salt-pillar/top.sls Normal file
View File

@ -0,0 +1,5 @@
base:
'*':
- hosts
- subnets
- vlans

View File

@ -0,0 +1,4 @@
vlans:
core: 1
server: 2
public: 3

View File

@ -7,24 +7,24 @@ lxc.rootfs.backend = dir
lxc.autodev = 1 lxc.autodev = 1
lxc.kmsg = 0 lxc.kmsg = 0
{% for interface in container.interfaces %} {%- for net, type in container.interfaces.items() %}
lxc.network.type={{ interface['type'] }} lxc.network.type={{ type }}
lxc.network.flags=up lxc.network.flags=up
{% if interface['type'] == 'veth' %} {% if type == 'veth' %}
lxc.network.veth.pair={{ id }}-{{ interface['type'] }} lxc.network.veth.pair={{ id }}-{{ net }}
{% endif %} {%- endif %}
{% if interface.get('v4') %} {%- set inet_addr = pillar['hosts-inet'][net].get(id) %}
lxc.network.ipv4={{ interface['v4'] }} {%- if inet_addr %}
{% endif %} {%- set prefix_len = pillar['subnets-inet'][net].split('/')[1] %}
{% if interface.get('bridge') %} lxc.network.ipv4={{ inet_addr }}/{{ prefix_len }}
lxc.network.link={{ interface['bridge'] }} {%- endif %}
{% endif %} {%- if type == 'veth' %}
{% if interface.get('name') %} lxc.network.link=br-{{ net }}
lxc.network.name={{ interface['name'] }} {%- endif %}
{% endif %} lxc.network.name={{ net }}
#lxc.network.ipv4.gateway= #lxc.network.ipv4.gateway=
#lxc.network.ipv6= #lxc.network.ipv6=
#lxc.network.ipv6.gateway=fe80::1 #lxc.network.ipv6.gateway=fe80::1
{% endfor %} {%- endfor %}
## TODO: limits + caps ## TODO: limits + caps

View File

@ -1,38 +1,31 @@
public: pub-gw:
interfaces: interfaces:
- type: veth core:
bridge: br-core type: veth
name: core pub:
v4: 172.20.72.1/26 type: phys
- type: phys
bridge: bond0.2
name: public
v4: 172.20.76.1/23
servers: serv-gw:
interfaces: interfaces:
- type: veth core:
bridge: br-core type: veth
name: core
v4: 172.20.72.2/26
priv1: priv1-gw:
interfaces: interfaces:
- type: veth core:
bridge: br-core type: veth
name: core
v4: 172.20.72.3/26
priv2: priv2-gw:
interfaces: interfaces:
- type: veth core:
bridge: br-core type: veth
name: core
v4: 172.20.72.4/26
upstream1: upstream1:
interfaces: interfaces:
- type: veth core:
bridge: br-core type: veth
name: core
v4: 172.20.72.5/26 anon1:
interface:
core:
type: veth

View File

@ -0,0 +1,10 @@
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
{% for net, hosts in pillar['hosts-inet'].items() %}
{% if hosts.get(id) %}
{{ hosts[id] }} {{ id }}
{% endif %}
{% endfor %}
{{ pillar['hosts-inet']['core']['server1'] }} salt

View File

@ -7,7 +7,7 @@ lxc:
/var/lib/lxc/{{ id }}: /var/lib/lxc/{{ id }}:
cmd.run: cmd.run:
- name: lxc-create -n {{ id }} -B dir -t download -- -d debian -r jessie -a amd64 -- --packages salt-minion - name: lxc-create -n {{ id }} -B dir -t debian -- -r stretch --packages=salt-minion
- require: - require:
- pkg: lxc - pkg: lxc
- creates: /var/lib/lxc/{{ id }} - creates: /var/lib/lxc/{{ id }}
@ -20,6 +20,14 @@ lxc:
id: {{ id }} id: {{ id }}
container: {{ container }} container: {{ container }}
/var/lib/lxc/{{ id }}/rootfs/etc/hosts:
file.managed:
- source: salt://lxc-containers-1/hosts
- template: 'jinja'
- context:
id: {{ id }}
container: {{ container }}
autostart-{{ id }}: autostart-{{ id }}:
service.enabled: service.enabled:
- name: lxc@{{ id }} - name: lxc@{{ id }}

2
salt/no-ssh.sls Normal file
View File

@ -0,0 +1,2 @@
openssh-server:
pkg.purged: []

2
salt/ospf/init.sls Normal file
View File

@ -0,0 +1,2 @@
bird:
pkg.installed: []

View File

@ -27,26 +27,25 @@ bond0.{{ vlan }}:
- network: bond0 - network: bond0
{% endfor %} {% endfor %}
br-core: {%- for net in ['core', 'public'] %}
{%- set vlan = pillar['vlans'][net] %}
br-{{ net }}:
network.managed: network.managed:
- type: bridge - type: bridge
ports: bond0.1 ports: bond0.{{ vlan }}
{%- set ip_addr = pillar['hosts-inet'][net].get('server1') %}
{%- if ip_addr %}
{%- set prefix_len = pillar['subnets-inet'][net].split('/')[1] %}
proto: manual proto: manual
address: {{ ip_addr }}/{{ prefix_len }}
{%- else %}
proto: static
{%- endif %}
address: {{ pillar['subnets-inet']['core'] }}
bypassfirewall: True bypassfirewall: True
use: use:
- network: bond0.1 - network: bond0.{{ vlan }}
require: require:
- network: bond0.1 - network: bond0.{{ vlan}}
{%- endfor %}
br-public:
network.managed:
- type: bridge
ports: bond0.2
proto: manual
bypassfirewall: True
use:
- network: bond0.2
require:
- network: bond0.2

View File

@ -3,3 +3,15 @@ base:
- salt-master - salt-master
- server1-network - server1-network
- lxc-containers-1 - lxc-containers-1
- ospf
'*-gw':
- no-ssh
- ospf
'upstream*':
- no-ssh
- ospf
- unbound
'anon*':
- no-ssh
- ospf
- unbound

2
salt/unbound.sls Normal file
View File

@ -0,0 +1,2 @@
unbound:
pkg.installed: []

View File

@ -1,9 +1,11 @@
Machine-readable here: [salt-pillar/subnets](./salt-pillar/subnets/init.sls)
## 172.20.72.0/21 ## 172.20.72.0/21
* 172.20.72.0-172.20.72.63/26 CORE * 172.20.72.0-172.20.72.63/26 CORE
* 172.20.72.64/26 RESERVED FOR EPXANDING CORE * 172.20.72.64/26 RESERVED FOR EPXANDING CORE
* 172.20.72.128/25 * 172.20.72.128/25
* 172.20.73.0-172.20.72.63/26 SERVERS * 172.20.73.0-172.20.73.63/26 SERVERS
* 172.20.73.64/26 RESERVED FOR EXPANDING SERVERS * 172.20.73.64/26 RESERVED FOR EXPANDING SERVERS
* 172.20.73.128/25 * 172.20.73.128/25
* 172.20.74.0/24: * 172.20.74.0/24: