mirror of
https://github.com/valitydev/salt.git
synced 2024-11-07 17:09:03 +00:00
203 lines
5.9 KiB
ReStructuredText
203 lines
5.9 KiB
ReStructuredText
.. _config_lxc:
|
|
|
|
========================
|
|
Getting Started With LXC
|
|
========================
|
|
|
|
The LXC module is designed to install Salt in an LXC container on a controlled
|
|
and possibly remote minion.
|
|
|
|
In other words, Salt will connect to a minion, then from that minion:
|
|
|
|
- Provision and configure a container for networking access
|
|
- Use those modules to deploy salt and re-attach to master.
|
|
|
|
- :mod:`lxc runner <salt.runners.lxc>`
|
|
- :mod:`lxc module <salt.modules.lxc>`
|
|
- :mod:`seed <salt.modules.config>`
|
|
|
|
Limitations
|
|
-----------
|
|
|
|
- You can only act on one minion and one provider at a time.
|
|
- Listing images must be targeted to a particular LXC provider (nothing will be
|
|
outputted with ``all``)
|
|
|
|
Operation
|
|
---------
|
|
|
|
Salt's LXC support does use :mod:`lxc.init <salt.modules.lxc.init>`
|
|
via the :mod:`lxc.cloud_init_interface <salt.modules.lxc.cloud_init_interface>`
|
|
and seeds the minion via :mod:`seed.mkconfig <salt.modules.seed.mkconfig>`.
|
|
|
|
You can provide to those lxc VMs a profile and a network profile like if
|
|
you were directly using the minion module.
|
|
|
|
Order of operation:
|
|
|
|
- Create the LXC container on the desired minion (clone or template)
|
|
- Change LXC config options (if any need to be changed)
|
|
- Start container
|
|
- Change base passwords if any
|
|
- Change base DNS configuration if necessary
|
|
- Wait for LXC container to be up and ready for ssh
|
|
- Test SSH connection and bailout in error
|
|
- Upload deploy script and seeds, then re-attach the minion.
|
|
|
|
|
|
Provider configuration
|
|
----------------------
|
|
|
|
Here is a simple provider configuration:
|
|
|
|
.. code-block:: yaml
|
|
|
|
# Note: This example goes in /etc/salt/cloud.providers or any file in the
|
|
# /etc/salt/cloud.providers.d/ directory.
|
|
devhost10-lxc:
|
|
target: devhost10
|
|
driver: lxc
|
|
|
|
.. note::
|
|
.. versionchanged:: 2015.8.0
|
|
|
|
The ``provider`` parameter in cloud provider definitions was renamed to ``driver``. This
|
|
change was made to avoid confusion with the ``provider`` parameter that is used in cloud profile
|
|
definitions. Cloud provider definitions now use ``driver`` to refer to the Salt cloud module that
|
|
provides the underlying functionality to connect to a cloud host, while cloud profiles continue
|
|
to use ``provider`` to refer to provider configurations that you define.
|
|
|
|
Profile configuration
|
|
---------------------
|
|
|
|
Please read :ref:`tutorial-lxc` before anything else.
|
|
And specially :ref:`tutorial-lxc-profiles`.
|
|
|
|
Here are the options to configure your containers:
|
|
|
|
|
|
target
|
|
Host minion id to install the lxc Container into
|
|
lxc_profile
|
|
Name of the profile or inline options for the LXC vm creation/cloning,
|
|
please see :ref:`tutorial-lxc-profiles-container`.
|
|
network_profile
|
|
Name of the profile or inline options for the LXC vm network settings,
|
|
please see :ref:`tutorial-lxc-profiles-network`.
|
|
nic_opts
|
|
Totally optional.
|
|
Per interface new-style configuration options mappings which will
|
|
override any profile default option::
|
|
|
|
eth0: {'mac': '00:16:3e:01:29:40',
|
|
'gateway': None, (default)
|
|
'link': 'br0', (default)
|
|
'gateway': None, (default)
|
|
'netmask': '', (default)
|
|
'ip': '22.1.4.25'}}
|
|
|
|
password
|
|
password for root and sysadmin users
|
|
dnsservers
|
|
List of DNS servers to use. This is optional.
|
|
minion
|
|
minion configuration (see :ref:`Minion Configuration in Salt Cloud <salt-cloud-config>`)
|
|
bootstrap_delay
|
|
specify the time to wait (in seconds) between container creation
|
|
and salt bootstrap execution. It is useful to ensure that all essential services
|
|
have started before the bootstrap script is executed. By default there's no
|
|
wait time between container creation and bootstrap unless you are on systemd
|
|
where we wait that the system is no more in starting state.
|
|
bootstrap_shell
|
|
shell for bootstraping script (default: /bin/sh)
|
|
script
|
|
defaults to salt-boostrap
|
|
script_args
|
|
arguments which are given to the bootstrap script.
|
|
the {0} placeholder will be replaced by the path which contains the
|
|
minion config and key files, eg::
|
|
|
|
script_args="-c {0}"
|
|
|
|
|
|
Using profiles:
|
|
|
|
.. code-block:: yaml
|
|
|
|
# Note: This example would go in /etc/salt/cloud.profiles or any file in the
|
|
# /etc/salt/cloud.profiles.d/ directory.
|
|
devhost10-lxc:
|
|
provider: devhost10-lxc
|
|
lxc_profile: foo
|
|
network_profile: bar
|
|
minion:
|
|
master: 10.5.0.1
|
|
master_port: 4506
|
|
|
|
Using inline profiles (eg to override the network bridge):
|
|
|
|
.. code-block:: yaml
|
|
|
|
devhost11-lxc:
|
|
provider: devhost10-lxc
|
|
lxc_profile:
|
|
clone_from: foo
|
|
network_profile:
|
|
etho:
|
|
link: lxcbr0
|
|
minion:
|
|
master: 10.5.0.1
|
|
master_port: 4506
|
|
|
|
Using a lxc template instead of a clone:
|
|
|
|
.. code-block:: yaml
|
|
|
|
devhost11-lxc:
|
|
provider: devhost10-lxc
|
|
lxc_profile:
|
|
template: ubuntu
|
|
# options:
|
|
# release: trusty
|
|
network_profile:
|
|
etho:
|
|
link: lxcbr0
|
|
minion:
|
|
master: 10.5.0.1
|
|
master_port: 4506
|
|
|
|
Static ip:
|
|
|
|
.. code-block:: yaml
|
|
|
|
# Note: This example would go in /etc/salt/cloud.profiles or any file in the
|
|
# /etc/salt/cloud.profiles.d/ directory.
|
|
devhost10-lxc:
|
|
provider: devhost10-lxc
|
|
nic_opts:
|
|
eth0:
|
|
ipv4: 10.0.3.9
|
|
minion:
|
|
master: 10.5.0.1
|
|
master_port: 4506
|
|
|
|
DHCP:
|
|
|
|
.. code-block:: yaml
|
|
|
|
# Note: This example would go in /etc/salt/cloud.profiles or any file in the
|
|
# /etc/salt/cloud.profiles.d/ directory.
|
|
devhost10-lxc:
|
|
provider: devhost10-lxc
|
|
minion:
|
|
master: 10.5.0.1
|
|
master_port: 4506
|
|
|
|
Driver Support
|
|
--------------
|
|
|
|
- Container creation
|
|
- Image listing (LXC templates)
|
|
- Running container information (IP addresses, etc.)
|
|
|