this is what salty progress looks like
This commit is contained in:
parent
68e0ed1f4a
commit
95e7354749
|
@ -0,0 +1,13 @@
|
|||
hosts-inet:
|
||||
core:
|
||||
server1: 172.20.72.1
|
||||
serv-gw: 172.20.72.2
|
||||
pub-gw: 172.20.72.3
|
||||
priv1-gw: 172.20.72.4
|
||||
priv2-gw: 172.20.72.5
|
||||
upstream1: 172.20.72.6
|
||||
anon1: 172.20.72.7
|
||||
pub:
|
||||
pub-gw: 172.20.76.1
|
||||
serv:
|
||||
serv-gw: 172.20.73.1
|
|
@ -0,0 +1,7 @@
|
|||
subnets-inet:
|
||||
core: 172.20.72.0/26
|
||||
serv: 172.20.73.0/26
|
||||
pub: 172.20.76.0/23
|
||||
priv1: 172.20.74.0/28
|
||||
priv2: 172.20.75.0/28
|
||||
mgm: 10.0.0.0/24
|
|
@ -0,0 +1,5 @@
|
|||
base:
|
||||
'*':
|
||||
- hosts
|
||||
- subnets
|
||||
- vlans
|
|
@ -0,0 +1,4 @@
|
|||
vlans:
|
||||
core: 1
|
||||
server: 2
|
||||
public: 3
|
|
@ -7,24 +7,24 @@ lxc.rootfs.backend = dir
|
|||
lxc.autodev = 1
|
||||
lxc.kmsg = 0
|
||||
|
||||
{% for interface in container.interfaces %}
|
||||
lxc.network.type={{ interface['type'] }}
|
||||
{%- for net, type in container.interfaces.items() %}
|
||||
lxc.network.type={{ type }}
|
||||
lxc.network.flags=up
|
||||
{% if interface['type'] == 'veth' %}
|
||||
lxc.network.veth.pair={{ id }}-{{ interface['type'] }}
|
||||
{% endif %}
|
||||
{% if interface.get('v4') %}
|
||||
lxc.network.ipv4={{ interface['v4'] }}
|
||||
{% endif %}
|
||||
{% if interface.get('bridge') %}
|
||||
lxc.network.link={{ interface['bridge'] }}
|
||||
{% endif %}
|
||||
{% if interface.get('name') %}
|
||||
lxc.network.name={{ interface['name'] }}
|
||||
{% endif %}
|
||||
{% if type == 'veth' %}
|
||||
lxc.network.veth.pair={{ id }}-{{ net }}
|
||||
{%- endif %}
|
||||
{%- set inet_addr = pillar['hosts-inet'][net].get(id) %}
|
||||
{%- if inet_addr %}
|
||||
{%- set prefix_len = pillar['subnets-inet'][net].split('/')[1] %}
|
||||
lxc.network.ipv4={{ inet_addr }}/{{ prefix_len }}
|
||||
{%- endif %}
|
||||
{%- if type == 'veth' %}
|
||||
lxc.network.link=br-{{ net }}
|
||||
{%- endif %}
|
||||
lxc.network.name={{ net }}
|
||||
#lxc.network.ipv4.gateway=
|
||||
#lxc.network.ipv6=
|
||||
#lxc.network.ipv6.gateway=fe80::1
|
||||
{% endfor %}
|
||||
{%- endfor %}
|
||||
|
||||
## TODO: limits + caps
|
||||
|
|
|
@ -1,38 +1,31 @@
|
|||
public:
|
||||
pub-gw:
|
||||
interfaces:
|
||||
- type: veth
|
||||
bridge: br-core
|
||||
name: core
|
||||
v4: 172.20.72.1/26
|
||||
- type: phys
|
||||
bridge: bond0.2
|
||||
name: public
|
||||
v4: 172.20.76.1/23
|
||||
core:
|
||||
type: veth
|
||||
pub:
|
||||
type: phys
|
||||
|
||||
servers:
|
||||
serv-gw:
|
||||
interfaces:
|
||||
- type: veth
|
||||
bridge: br-core
|
||||
name: core
|
||||
v4: 172.20.72.2/26
|
||||
core:
|
||||
type: veth
|
||||
|
||||
priv1:
|
||||
priv1-gw:
|
||||
interfaces:
|
||||
- type: veth
|
||||
bridge: br-core
|
||||
name: core
|
||||
v4: 172.20.72.3/26
|
||||
core:
|
||||
type: veth
|
||||
|
||||
priv2:
|
||||
priv2-gw:
|
||||
interfaces:
|
||||
- type: veth
|
||||
bridge: br-core
|
||||
name: core
|
||||
v4: 172.20.72.4/26
|
||||
core:
|
||||
type: veth
|
||||
|
||||
upstream1:
|
||||
interfaces:
|
||||
- type: veth
|
||||
bridge: br-core
|
||||
name: core
|
||||
v4: 172.20.72.5/26
|
||||
core:
|
||||
type: veth
|
||||
|
||||
anon1:
|
||||
interface:
|
||||
core:
|
||||
type: veth
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
|
||||
{% for net, hosts in pillar['hosts-inet'].items() %}
|
||||
{% if hosts.get(id) %}
|
||||
{{ hosts[id] }} {{ id }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
{{ pillar['hosts-inet']['core']['server1'] }} salt
|
|
@ -7,7 +7,7 @@ lxc:
|
|||
|
||||
/var/lib/lxc/{{ id }}:
|
||||
cmd.run:
|
||||
- name: lxc-create -n {{ id }} -B dir -t download -- -d debian -r jessie -a amd64 -- --packages salt-minion
|
||||
- name: lxc-create -n {{ id }} -B dir -t debian -- -r stretch --packages=salt-minion
|
||||
- require:
|
||||
- pkg: lxc
|
||||
- creates: /var/lib/lxc/{{ id }}
|
||||
|
@ -20,6 +20,14 @@ lxc:
|
|||
id: {{ id }}
|
||||
container: {{ container }}
|
||||
|
||||
/var/lib/lxc/{{ id }}/rootfs/etc/hosts:
|
||||
file.managed:
|
||||
- source: salt://lxc-containers-1/hosts
|
||||
- template: 'jinja'
|
||||
- context:
|
||||
id: {{ id }}
|
||||
container: {{ container }}
|
||||
|
||||
autostart-{{ id }}:
|
||||
service.enabled:
|
||||
- name: lxc@{{ id }}
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
openssh-server:
|
||||
pkg.purged: []
|
|
@ -0,0 +1,2 @@
|
|||
bird:
|
||||
pkg.installed: []
|
|
@ -27,26 +27,25 @@ bond0.{{ vlan }}:
|
|||
- network: bond0
|
||||
{% endfor %}
|
||||
|
||||
br-core:
|
||||
{%- for net in ['core', 'public'] %}
|
||||
{%- set vlan = pillar['vlans'][net] %}
|
||||
br-{{ net }}:
|
||||
network.managed:
|
||||
- type: bridge
|
||||
ports: bond0.1
|
||||
ports: bond0.{{ vlan }}
|
||||
{%- set ip_addr = pillar['hosts-inet'][net].get('server1') %}
|
||||
{%- if ip_addr %}
|
||||
{%- set prefix_len = pillar['subnets-inet'][net].split('/')[1] %}
|
||||
proto: manual
|
||||
address: {{ ip_addr }}/{{ prefix_len }}
|
||||
{%- else %}
|
||||
proto: static
|
||||
{%- endif %}
|
||||
address: {{ pillar['subnets-inet']['core'] }}
|
||||
bypassfirewall: True
|
||||
use:
|
||||
- network: bond0.1
|
||||
- network: bond0.{{ vlan }}
|
||||
require:
|
||||
- network: bond0.1
|
||||
|
||||
|
||||
br-public:
|
||||
network.managed:
|
||||
- type: bridge
|
||||
ports: bond0.2
|
||||
proto: manual
|
||||
bypassfirewall: True
|
||||
use:
|
||||
- network: bond0.2
|
||||
require:
|
||||
- network: bond0.2
|
||||
- network: bond0.{{ vlan}}
|
||||
{%- endfor %}
|
||||
|
||||
|
|
12
salt/top.sls
12
salt/top.sls
|
@ -3,3 +3,15 @@ base:
|
|||
- salt-master
|
||||
- server1-network
|
||||
- lxc-containers-1
|
||||
- ospf
|
||||
'*-gw':
|
||||
- no-ssh
|
||||
- ospf
|
||||
'upstream*':
|
||||
- no-ssh
|
||||
- ospf
|
||||
- unbound
|
||||
'anon*':
|
||||
- no-ssh
|
||||
- ospf
|
||||
- unbound
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
unbound:
|
||||
pkg.installed: []
|
|
@ -1,9 +1,11 @@
|
|||
Machine-readable here: [salt-pillar/subnets](./salt-pillar/subnets/init.sls)
|
||||
|
||||
## 172.20.72.0/21
|
||||
|
||||
* 172.20.72.0-172.20.72.63/26 CORE
|
||||
* 172.20.72.64/26 RESERVED FOR EPXANDING CORE
|
||||
* 172.20.72.128/25
|
||||
* 172.20.73.0-172.20.72.63/26 SERVERS
|
||||
* 172.20.73.0-172.20.73.63/26 SERVERS
|
||||
* 172.20.73.64/26 RESERVED FOR EXPANDING SERVERS
|
||||
* 172.20.73.128/25
|
||||
* 172.20.74.0/24:
|
||||
|
|
Loading…
Reference in New Issue