summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2021-05-24 13:08:30 +0200
committerJan Dittberner <jandd@cacert.org>2021-05-24 13:08:30 +0200
commit148531b9138e29a60946104a53355aecc4fa2d5c (patch)
treeed2886bca5a79b27769f3c63d190c807d2335b11
parent04941fa806e68029238de7d152a7bfe72a5d246d (diff)
downloadcacert-puppet-148531b9138e29a60946104a53355aecc4fa2d5c.tar.gz
cacert-puppet-148531b9138e29a60946104a53355aecc4fa2d5c.tar.xz
cacert-puppet-148531b9138e29a60946104a53355aecc4fa2d5c.zip
Add profile for LXC host for infra03
Setup ntp, dnsmasq and resolv.conf for LXC hosting
-rw-r--r--hieradata/common.yaml3
-rw-r--r--sitemodules/profiles/files/lxc_host/resolv.conf2
-rw-r--r--sitemodules/profiles/manifests/lxc_host.pp73
-rw-r--r--sitemodules/profiles/templates/lxc_host/dnsmasq_00infra.epp21
-rw-r--r--sitemodules/roles/manifests/infra03.pp1
5 files changed, 100 insertions, 0 deletions
diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 860074a..f7ce96d 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -230,3 +230,6 @@ profiles::icinga2_agent::master_certificate: |
X74w5WZ7FlNdQHRFvvjNI849fVb2MoLxeIwd7W5flv6gpLlMX49PMp62ZtfupbRJ
5AtYgSC6FbF3WwkRKTz2/KZi5j0oCHqxl31HY1Hx
-----END CERTIFICATE-----
+profiles::lxc_host::dns_forward_servers:
+ - 172.16.2.2
+ - 172.16.2.3
diff --git a/sitemodules/profiles/files/lxc_host/resolv.conf b/sitemodules/profiles/files/lxc_host/resolv.conf
new file mode 100644
index 0000000..117adab
--- /dev/null
+++ b/sitemodules/profiles/files/lxc_host/resolv.conf
@@ -0,0 +1,2 @@
+search infra.cacert.org intra.cacert.org cacert.org
+nameserver 127.0.0.1
diff --git a/sitemodules/profiles/manifests/lxc_host.pp b/sitemodules/profiles/manifests/lxc_host.pp
new file mode 100644
index 0000000..7e37c29
--- /dev/null
+++ b/sitemodules/profiles/manifests/lxc_host.pp
@@ -0,0 +1,73 @@
+# Class: profiles::lxc_host
+# =========================
+#
+# This class defines configuration for an LXC container host system.
+#
+# Parameters
+# ----------
+#
+# @param dns_forward_servers DNS servers to forward recursive queries to
+#
+# @param lxc_bridge_interface interface name of the LXC network bridge
+#
+# @param lxc_dns_domain DNS domain name for local DNS names
+#
+# @param mx_target Hostname of the default MX record for containers
+#
+# Examples
+# --------
+#
+# @example
+# class roles::myhost {
+# include profiles::base
+# }
+#
+# Authors
+# -------
+#
+# Jan Dittberner <jandd@cacert.org>
+#
+# Copyright
+# ---------
+#
+# Copyright 2021 Jan Dittberner
+#
+class profiles::lxc_host (
+ $dns_forward_servers,
+ $lxc_bridge_interface = 'br0',
+ $lxc_dns_domain = 'infra.cacert.org',
+ $mx_target = 'emailout.intra.cacert.org',
+) {
+ # setup dnsmasq
+ package { 'dnsmasq':
+ ensure => installed,
+ }
+ -> file { '/etc/dnsmasq.d/00infra':
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ content => epp('profiles/lxc_host/dnsmasq_00infra.epp',
+ { 'servers' => $dns_forward_servers,
+ 'interface' => $lxc_bridge_interface,
+ 'local_domain' => $lxc_dns_domain,
+ 'mx_target' => $mx_target,
+ }),
+ }
+ -> service { 'dsnmasq':
+ ensure => running,
+ enable => true,
+ }
+
+ package { ['ntp', 'sntp']:
+ ensure => installed,
+ }
+
+ file { '/etc/resolv.conf':
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ source => 'puppet:///modules/profiles/lxc_host/resolv.conf',
+ }
+}
diff --git a/sitemodules/profiles/templates/lxc_host/dnsmasq_00infra.epp b/sitemodules/profiles/templates/lxc_host/dnsmasq_00infra.epp
new file mode 100644
index 0000000..3418104
--- /dev/null
+++ b/sitemodules/profiles/templates/lxc_host/dnsmasq_00infra.epp
@@ -0,0 +1,21 @@
+<%- |
+ Array[String] $servers,
+ String $local_domain,
+ String $interface,
+ String $mx_target,
+| -%>
+no-resolv
+<%- $servers.each |$server| { %>
+server=<%= $server %>
+<%- } %>
+
+local=/<%= $local_domain %>/
+interface=<%= $interface %>
+no-dhcp-interface=<%= $interface %>
+bind-interfaces
+
+expand-hosts
+domain=<%= $local_domain %>
+
+mx-target=<%= $mx_target %>
+localmx
diff --git a/sitemodules/roles/manifests/infra03.pp b/sitemodules/roles/manifests/infra03.pp
index ac5dc72..f1f6fe7 100644
--- a/sitemodules/roles/manifests/infra03.pp
+++ b/sitemodules/roles/manifests/infra03.pp
@@ -22,5 +22,6 @@
#
class roles::infra03 {
include profiles::base
+ include profiles::lxc_host
#include profiles::icinga2_satellite
}