lxc-containers: use the proper way to create /dev/net/tun for openvpn
This commit is contained in:
parent
aa0d40e6c4
commit
5b733dc069
|
@ -0,0 +1,7 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
cd ${LXC_ROOTFS_MOUNT}/dev
|
||||||
|
|
||||||
|
mkdir net
|
||||||
|
mknod net/tun c 10 200
|
||||||
|
chmod 0666 net/tun
|
|
@ -41,7 +41,7 @@ lxc.network.ipv4.gateway={{ pillar['hosts-inet'][net][gw] }}
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
|
||||||
|
|
||||||
lxc.cap.drop = sys_module sys_time sys_nice sys_pacct sys_rawio sys_time
|
lxc.cap.drop = sys_module sys_time sys_nice sys_pacct sys_rawio sys_time mknod
|
||||||
|
|
||||||
lxc.cgroup.memory.limit_in_bytes = 512M
|
lxc.cgroup.memory.limit_in_bytes = 512M
|
||||||
lxc.cgroup.memory.kmem.tcp.limit_in_bytes = 128M
|
lxc.cgroup.memory.kmem.tcp.limit_in_bytes = 128M
|
||||||
|
@ -49,3 +49,4 @@ lxc.cgroup.memory.kmem.tcp.limit_in_bytes = 128M
|
||||||
|
|
||||||
# tuntap
|
# tuntap
|
||||||
lxc.cgroup.devices.allow = c 10:200 rw
|
lxc.cgroup.devices.allow = c 10:200 rw
|
||||||
|
lxc.hook.autodev = /var/lib/lxc/autodev.sh
|
||||||
|
|
|
@ -1,6 +1,11 @@
|
||||||
lxc:
|
lxc:
|
||||||
pkg.installed: []
|
pkg.installed: []
|
||||||
|
|
||||||
|
/var/lib/lxc/autodev.sh:
|
||||||
|
file.managed:
|
||||||
|
- source: salt://lxc-containers/autodev.sh
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
{%- set n = 0 %}
|
{%- set n = 0 %}
|
||||||
{%- for id, container in pillar['containers'].items() %}
|
{%- for id, container in pillar['containers'].items() %}
|
||||||
|
|
||||||
|
@ -22,19 +27,6 @@ lxc:
|
||||||
- require:
|
- require:
|
||||||
- cmd: /var/lib/lxc/{{ id }}
|
- cmd: /var/lib/lxc/{{ id }}
|
||||||
|
|
||||||
/var/lib/lxc/{{ id }}/rootfs/dev/net:
|
|
||||||
file.directory:
|
|
||||||
- mode: 0755
|
|
||||||
|
|
||||||
/var/lib/lxc/{{ id }}/rootfs/dev/net/tun:
|
|
||||||
file.mknod:
|
|
||||||
- ntype: 'c'
|
|
||||||
- major: 10
|
|
||||||
- minor: 200
|
|
||||||
- mode: 0666
|
|
||||||
- require:
|
|
||||||
- file: /var/lib/lxc/{{ id }}/rootfs/dev/net
|
|
||||||
|
|
||||||
/var/lib/lxc/{{ id }}/rootfs/etc/hosts:
|
/var/lib/lxc/{{ id }}/rootfs/etc/hosts:
|
||||||
file.managed:
|
file.managed:
|
||||||
- source: salt://lxc-containers/hosts
|
- source: salt://lxc-containers/hosts
|
||||||
|
|
|
@ -1,19 +1,6 @@
|
||||||
openvpn:
|
openvpn:
|
||||||
pkg.installed: []
|
pkg.installed: []
|
||||||
|
|
||||||
/dev/net:
|
|
||||||
file.directory:
|
|
||||||
- mode: 0755
|
|
||||||
|
|
||||||
/dev/net/tun:
|
|
||||||
file.mknod:
|
|
||||||
- ntype: 'c'
|
|
||||||
- major: 10
|
|
||||||
- minor: 200
|
|
||||||
- mode: 0666
|
|
||||||
- require:
|
|
||||||
- file: /dev/net
|
|
||||||
|
|
||||||
{%- for name, conf in pillar['openvpn'].items() %}
|
{%- for name, conf in pillar['openvpn'].items() %}
|
||||||
|
|
||||||
hostroutes-{{ name }}:
|
hostroutes-{{ name }}:
|
||||||
|
@ -56,8 +43,6 @@ autostart-{{ name }}:
|
||||||
require_in:
|
require_in:
|
||||||
- file: /etc/openvpn/{{ name }}.conf
|
- file: /etc/openvpn/{{ name }}.conf
|
||||||
- file: /etc/openvpn/{{ name }}.auth
|
- file: /etc/openvpn/{{ name }}.auth
|
||||||
require:
|
|
||||||
- file: /dev/net/tun
|
|
||||||
|
|
||||||
start-{{ name }}:
|
start-{{ name }}:
|
||||||
service.running:
|
service.running:
|
||||||
|
@ -68,7 +53,5 @@ start-{{ name }}:
|
||||||
watch:
|
watch:
|
||||||
- file: /etc/openvpn/{{ name }}.conf
|
- file: /etc/openvpn/{{ name }}.conf
|
||||||
- file: /etc/openvpn/{{ name }}.auth
|
- file: /etc/openvpn/{{ name }}.auth
|
||||||
require:
|
|
||||||
- file: /dev/net/tun
|
|
||||||
|
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
|
Loading…
Reference in New Issue