lxc-containers: use the proper way to create /dev/net/tun for openvpn
This commit is contained in:
parent
aa0d40e6c4
commit
5b733dc069
|
@ -0,0 +1,7 @@
|
|||
#!/bin/sh
|
||||
|
||||
cd ${LXC_ROOTFS_MOUNT}/dev
|
||||
|
||||
mkdir net
|
||||
mknod net/tun c 10 200
|
||||
chmod 0666 net/tun
|
|
@ -41,7 +41,7 @@ lxc.network.ipv4.gateway={{ pillar['hosts-inet'][net][gw] }}
|
|||
{%- endfor %}
|
||||
|
||||
|
||||
lxc.cap.drop = sys_module sys_time sys_nice sys_pacct sys_rawio sys_time
|
||||
lxc.cap.drop = sys_module sys_time sys_nice sys_pacct sys_rawio sys_time mknod
|
||||
|
||||
lxc.cgroup.memory.limit_in_bytes = 512M
|
||||
lxc.cgroup.memory.kmem.tcp.limit_in_bytes = 128M
|
||||
|
@ -49,3 +49,4 @@ lxc.cgroup.memory.kmem.tcp.limit_in_bytes = 128M
|
|||
|
||||
# tuntap
|
||||
lxc.cgroup.devices.allow = c 10:200 rw
|
||||
lxc.hook.autodev = /var/lib/lxc/autodev.sh
|
||||
|
|
|
@ -1,6 +1,11 @@
|
|||
lxc:
|
||||
pkg.installed: []
|
||||
|
||||
/var/lib/lxc/autodev.sh:
|
||||
file.managed:
|
||||
- source: salt://lxc-containers/autodev.sh
|
||||
mode: 0755
|
||||
|
||||
{%- set n = 0 %}
|
||||
{%- for id, container in pillar['containers'].items() %}
|
||||
|
||||
|
@ -22,19 +27,6 @@ lxc:
|
|||
- require:
|
||||
- cmd: /var/lib/lxc/{{ id }}
|
||||
|
||||
/var/lib/lxc/{{ id }}/rootfs/dev/net:
|
||||
file.directory:
|
||||
- mode: 0755
|
||||
|
||||
/var/lib/lxc/{{ id }}/rootfs/dev/net/tun:
|
||||
file.mknod:
|
||||
- ntype: 'c'
|
||||
- major: 10
|
||||
- minor: 200
|
||||
- mode: 0666
|
||||
- require:
|
||||
- file: /var/lib/lxc/{{ id }}/rootfs/dev/net
|
||||
|
||||
/var/lib/lxc/{{ id }}/rootfs/etc/hosts:
|
||||
file.managed:
|
||||
- source: salt://lxc-containers/hosts
|
||||
|
|
|
@ -1,19 +1,6 @@
|
|||
openvpn:
|
||||
pkg.installed: []
|
||||
|
||||
/dev/net:
|
||||
file.directory:
|
||||
- mode: 0755
|
||||
|
||||
/dev/net/tun:
|
||||
file.mknod:
|
||||
- ntype: 'c'
|
||||
- major: 10
|
||||
- minor: 200
|
||||
- mode: 0666
|
||||
- require:
|
||||
- file: /dev/net
|
||||
|
||||
{%- for name, conf in pillar['openvpn'].items() %}
|
||||
|
||||
hostroutes-{{ name }}:
|
||||
|
@ -56,8 +43,6 @@ autostart-{{ name }}:
|
|||
require_in:
|
||||
- file: /etc/openvpn/{{ name }}.conf
|
||||
- file: /etc/openvpn/{{ name }}.auth
|
||||
require:
|
||||
- file: /dev/net/tun
|
||||
|
||||
start-{{ name }}:
|
||||
service.running:
|
||||
|
@ -68,7 +53,5 @@ start-{{ name }}:
|
|||
watch:
|
||||
- file: /etc/openvpn/{{ name }}.conf
|
||||
- file: /etc/openvpn/{{ name }}.auth
|
||||
require:
|
||||
- file: /dev/net/tun
|
||||
|
||||
{%- endfor %}
|
||||
|
|
Loading…
Reference in New Issue