lxc-containers: use the proper way to create /dev/net/tun for openvpn

This commit is contained in:
Astro 2016-11-28 23:23:06 +01:00
parent aa0d40e6c4
commit 5b733dc069
4 changed files with 14 additions and 31 deletions

View File

@ -0,0 +1,7 @@
#!/bin/sh
cd ${LXC_ROOTFS_MOUNT}/dev
mkdir net
mknod net/tun c 10 200
chmod 0666 net/tun

View File

@ -41,7 +41,7 @@ lxc.network.ipv4.gateway={{ pillar['hosts-inet'][net][gw] }}
{%- endfor %}
lxc.cap.drop = sys_module sys_time sys_nice sys_pacct sys_rawio sys_time
lxc.cap.drop = sys_module sys_time sys_nice sys_pacct sys_rawio sys_time mknod
lxc.cgroup.memory.limit_in_bytes = 512M
lxc.cgroup.memory.kmem.tcp.limit_in_bytes = 128M
@ -49,3 +49,4 @@ lxc.cgroup.memory.kmem.tcp.limit_in_bytes = 128M
# tuntap
lxc.cgroup.devices.allow = c 10:200 rw
lxc.hook.autodev = /var/lib/lxc/autodev.sh

View File

@ -1,6 +1,11 @@
lxc:
pkg.installed: []
/var/lib/lxc/autodev.sh:
file.managed:
- source: salt://lxc-containers/autodev.sh
mode: 0755
{%- set n = 0 %}
{%- for id, container in pillar['containers'].items() %}
@ -22,19 +27,6 @@ lxc:
- require:
- cmd: /var/lib/lxc/{{ id }}
/var/lib/lxc/{{ id }}/rootfs/dev/net:
file.directory:
- mode: 0755
/var/lib/lxc/{{ id }}/rootfs/dev/net/tun:
file.mknod:
- ntype: 'c'
- major: 10
- minor: 200
- mode: 0666
- require:
- file: /var/lib/lxc/{{ id }}/rootfs/dev/net
/var/lib/lxc/{{ id }}/rootfs/etc/hosts:
file.managed:
- source: salt://lxc-containers/hosts

View File

@ -1,19 +1,6 @@
openvpn:
pkg.installed: []
/dev/net:
file.directory:
- mode: 0755
/dev/net/tun:
file.mknod:
- ntype: 'c'
- major: 10
- minor: 200
- mode: 0666
- require:
- file: /dev/net
{%- for name, conf in pillar['openvpn'].items() %}
hostroutes-{{ name }}:
@ -56,8 +43,6 @@ autostart-{{ name }}:
require_in:
- file: /etc/openvpn/{{ name }}.conf
- file: /etc/openvpn/{{ name }}.auth
require:
- file: /dev/net/tun
start-{{ name }}:
service.running:
@ -68,7 +53,5 @@ start-{{ name }}:
watch:
- file: /etc/openvpn/{{ name }}.conf
- file: /etc/openvpn/{{ name }}.auth
require:
- file: /dev/net/tun
{%- endfor %}