o Disable IPv6 in LXC containers.

o Create LXC configuration from Ansible vars.
author: Trygve Laugstøl <trygvis@inamo.no> 2018-08-27 20:36:21 +0200
committer: Trygve Laugstøl <trygvis@inamo.no> 2018-08-27 20:37:42 +0200
commit: 1c9619633840a0e7588a5fdf6996faddf32e8090 (patch)
tree: 940c220b53d451d8d3316341c4a111db53ce7bad
parent: 9881c25ef9d70c442bf486f85381022432600984 (diff)
download: infra-1c9619633840a0e7588a5fdf6996faddf32e8090.tar.gz
infra-1c9619633840a0e7588a5fdf6996faddf32e8090.tar.bz2
infra-1c9619633840a0e7588a5fdf6996faddf32e8090.tar.xz
infra-1c9619633840a0e7588a5fdf6996faddf32e8090.zip
5 files changed, 53 insertions, 0 deletions
diff --git a/ansible/host_vars/knot.yml b/ansible/host_vars/knot.yml
new file mode 100644
index 0000000..ec97b6a
--- /dev/null
+++ b/ansible/host_vars/knot.yml
@@ -0,0 +1,9 @@
+lxc_containers:
+  sz-prod:
+    ipv4:
+      address: 10.0.3.3/24
+      gateway: 10.0.3.1
+  sz-test:
+    ipv4:
+      address: 10.0.3.4/24
+      gateway: 10.0.3.1
diff --git a/ansible/knot.yml b/ansible/knot.yml
index 136c9b3..05207b8 100644
--- a/ansible/knot.yml
+++ b/ansible/knot.yml
@@ -10,3 +10,7 @@
       import_role: name=mosquitto-server
       tags: mosquitto-server
       become: true
+    - name: lxc-host
+      import_role: name=lxc-host
+      tags: lxc-host
+      become: true
diff --git a/ansible/roles/lxc-host/tasks/main.yml b/ansible/roles/lxc-host/tasks/main.yml
new file mode 100644
index 0000000..a043d4c
--- /dev/null
+++ b/ansible/roles/lxc-host/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+#- debug:
+#    msg: key="{{ item.key }}", ipv4="{{ item.value.ipv4 }}"
+#  with_dict: "{{ lxc_containers }}"
+- name: Set IPv4 address
+  lineinfile:
+    path: "/var/lib/lxc/{{ item.key }}/config"
+    regexp: "lxc.network.ipv4 *="
+    line: "lxc.network.ipv4 = {{ item.value.ipv4.address }}"
+  with_dict: "{{ lxc_containers }}"
+- name: Set IPv4 gateway
+  lineinfile:
+    path: "/var/lib/lxc/{{ item.key }}/config"
+    regexp: "lxc.network.ipv4.gateway *="
+    line: "lxc.network.ipv4.gateway = {{ item.value.ipv4.gateway }}"
+    insertafter: "lxc.network.ipv4 *="
+  with_dict: "{{ lxc_containers }}"
+- name: Set logfile
+  lineinfile:
+    path: "/var/lib/lxc/{{ item.key }}/config"
+    regexp: "lxc.logfile *="
+    line: "lxc.logfile = /var/lib/lxc/{{ item.key }}/{{ item.key }}.log"
+  with_dict: "{{ lxc_containers }}"
diff --git a/ansible/roles/lxc-machine/handlers/main.yml b/ansible/roles/lxc-machine/handlers/main.yml
new file mode 100644
index 0000000..3f96231
--- /dev/null
+++ b/ansible/roles/lxc-machine/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: restart sysctl
+  service:
+    name: systemd-sysctl.service
+    state: restarted
+
diff --git a/ansible/roles/lxc-machine/tasks/main.yml b/ansible/roles/lxc-machine/tasks/main.yml
index 24d64c8..626428c 100644
--- a/ansible/roles/lxc-machine/tasks/main.yml
+++ b/ansible/roles/lxc-machine/tasks/main.yml
@@ -10,5 +10,16 @@
         install_recommends: no
       with_items:
         - systemd-cron
+        - ca-certificates
+        - unzip
+        - sudo
+
+- name: disable ipv6
+  tags:
+    - disable-ipv6
+  copy:
+    dest: /etc/sysctl.d/99-disable-ipv6.conf
+    content: net.ipv6.conf.all.disable_ipv6=1
+  notify: restart sysctl
 
 # TODO: unattended upgrades, postfix client
author	Trygve Laugstøl <trygvis@inamo.no>	2018-08-27 20:36:21 +0200
committer	Trygve Laugstøl <trygvis@inamo.no>	2018-08-27 20:37:42 +0200
commit	1c9619633840a0e7588a5fdf6996faddf32e8090 (patch)
tree	940c220b53d451d8d3316341c4a111db53ce7bad
parent	9881c25ef9d70c442bf486f85381022432600984 (diff)
download	infra-1c9619633840a0e7588a5fdf6996faddf32e8090.tar.gz infra-1c9619633840a0e7588a5fdf6996faddf32e8090.tar.bz2 infra-1c9619633840a0e7588a5fdf6996faddf32e8090.tar.xz infra-1c9619633840a0e7588a5fdf6996faddf32e8090.zip