network/salt/lxc-containers/config

# For lxcfs and sane defaults
lxc.include = /usr/share/lxc/config/common.conf

lxc.utsname = {{ id }}
# Handled by lxc@.service
lxc.start.auto = 0
lxc.rootfs = /var/lib/lxc/{{ id }}/rootfs
lxc.rootfs.backend = dir

lxc.autodev = 1
lxc.kmsg = 0

{%- set n = 0 %}
{%- for net, conf in container['interfaces'].items() %}
lxc.network.type={{ conf['type'] }}
lxc.network.flags=up
lxc.network.hwaddr={{ hwaddr_prefix }}:{{ n.__str()__.rjust(2, '0') }}
{%- if conf['type'] == 'veth' %}
lxc.network.veth.pair={{ id }}-{{ net }}
{%- endif %}
{%- set hosts = pillar['hosts-inet'].get(net) %}
{%- set inet_addr = hosts and hosts.get(id) %}
{%- if inet_addr %}
{%- set prefix_len = pillar['subnets-inet'][net].split('/')[1] %}
lxc.network.ipv4={{ inet_addr }}/{{ prefix_len }}
{%- endif %}
{%- if conf['type'] == 'veth' %}
lxc.network.link=br-{{ net }}
{%- elif conf['type'] == 'phys' %}
lxc.network.link=bond0.{{ pillar['vlans'].get(net) }}
{%- endif %}
lxc.network.name={{ net }}
{%- set gw = conf.get('gw') %}
{%- if gw %}
lxc.network.ipv4.gateway={{ pillar['hosts-inet'][net][gw] }}
{%- endif %}
#lxc.network.ipv6=
#lxc.network.ipv6.gateway=fe80::1

{%- set n = n + 1 %}
{%- endfor %}


lxc.cap.drop = sys_module sys_time sys_nice sys_pacct sys_rawio sys_time mknod

lxc.cgroup.memory.limit_in_bytes = 512M
lxc.cgroup.memory.kmem.tcp.limit_in_bytes = 128M


# tuntap
lxc.cgroup.devices.allow = c 10:200 rw
lxc.hook.autodev = /var/lib/lxc/autodev.sh
lxc-containers: limits n caps 2016-11-18 02:34:03 +01:00			`# For lxcfs and sane defaults`
			`lxc.include = /usr/share/lxc/config/common.conf`

add the salt playground :) 2016-11-03 00:26:30 +01:00			`lxc.utsname = {{ id }}`
			`# Handled by lxc@.service`
			`lxc.start.auto = 0`
			`lxc.rootfs = /var/lib/lxc/{{ id }}/rootfs`
			`lxc.rootfs.backend = dir`

			`lxc.autodev = 1`
			`lxc.kmsg = 0`

lxc-containers: generate hwaddrs 2016-11-26 02:51:59 +01:00			`{%- set n = 0 %}`
hot-fixes 2016-11-06 23:16:44 +01:00			`{%- for net, conf in container['interfaces'].items() %}`
			`lxc.network.type={{ conf['type'] }}`
add the salt playground :) 2016-11-03 00:26:30 +01:00			`lxc.network.flags=up`
lxc-containers: generate hwaddrs 2016-11-26 02:51:59 +01:00			`lxc.network.hwaddr={{ hwaddr_prefix }}:{{ n.__str()__.rjust(2, '0') }}`
current state 2016-11-08 22:36:08 +01:00			`{%- if conf['type'] == 'veth' %}`
this is what salty progress looks like 2016-11-06 02:49:56 +01:00			`lxc.network.veth.pair={{ id }}-{{ net }}`
			`{%- endif %}`
upstream 2016-11-09 01:18:00 +01:00			`{%- set hosts = pillar['hosts-inet'].get(net) %}`
			`{%- set inet_addr = hosts and hosts.get(id) %}`
this is what salty progress looks like 2016-11-06 02:49:56 +01:00			`{%- if inet_addr %}`
			`{%- set prefix_len = pillar['subnets-inet'][net].split('/')[1] %}`
			`lxc.network.ipv4={{ inet_addr }}/{{ prefix_len }}`
			`{%- endif %}`
hot-fixes 2016-11-06 23:16:44 +01:00			`{%- if conf['type'] == 'veth' %}`
this is what salty progress looks like 2016-11-06 02:49:56 +01:00			`lxc.network.link=br-{{ net }}`
current state 2016-11-08 22:36:08 +01:00			`{%- elif conf['type'] == 'phys' %}`
			`lxc.network.link=bond0.{{ pillar['vlans'].get(net) }}`
this is what salty progress looks like 2016-11-06 02:49:56 +01:00			`{%- endif %}`
			`lxc.network.name={{ net }}`
upstream 2016-11-09 01:18:00 +01:00			`{%- set gw = conf.get('gw') %}`
			`{%- if gw %}`
			`lxc.network.ipv4.gateway={{ pillar['hosts-inet'][net][gw] }}`
current state 2016-11-08 22:36:08 +01:00			`{%- endif %}`
add the salt playground :) 2016-11-03 00:26:30 +01:00			`#lxc.network.ipv6=`
			`#lxc.network.ipv6.gateway=fe80::1`
lxc-containers: generate hwaddrs 2016-11-26 02:51:59 +01:00
			`{%- set n = n + 1 %}`
this is what salty progress looks like 2016-11-06 02:49:56 +01:00			`{%- endfor %}`
add the salt playground :) 2016-11-03 00:26:30 +01:00
lxc-containers: limits n caps 2016-11-18 02:34:03 +01:00
lxc-containers: use the proper way to create /dev/net/tun for openvpn 2016-11-28 23:23:06 +01:00			`lxc.cap.drop = sys_module sys_time sys_nice sys_pacct sys_rawio sys_time mknod`
lxc-containers: limits n caps 2016-11-18 02:34:03 +01:00
			`lxc.cgroup.memory.limit_in_bytes = 512M`
			`lxc.cgroup.memory.kmem.tcp.limit_in_bytes = 128M`

this is the shit 2016-11-15 01:33:17 +01:00
			`# tuntap`
			`lxc.cgroup.devices.allow = c 10:200 rw`
lxc-containers: use the proper way to create /dev/net/tun for openvpn 2016-11-28 23:23:06 +01:00			`lxc.hook.autodev = /var/lib/lxc/autodev.sh`