Skip to content
Snippets Groups Projects
Commit b97798b2 authored by Michael Loipführer's avatar Michael Loipführer
Browse files

fixes

parent cfa37d67
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lustmolch.py
+ 21
8
View file @ b97798b2
...@@ -13,14 +13,14 @@ cfg_template = namedtuple('cfg_template', ['source', 'path', 'filename']) ...@@ -13,14 +13,14 @@ cfg_template = namedtuple('cfg_template', ['source', 'path', 'filename'])
template_files_host = [ template_files_host = [
cfg_template('nginx', Path('/etc/nginx/sites-available'), '{name}'), cfg_template('nginx', Path('/etc/nginx/sites-available'), '{name}'),
cfg_template('nspawn', Path('/etc/systemd/nspawn'), '{name}.nspawn'),
cfg_template('80-container-ve.network', Path('/etc/systemd/network'), cfg_template('80-container-ve.network', Path('/etc/systemd/network'),
'80-container.ve-{name}.network') '80-container-ve-{name}.network')
] ]
nspawn_config = cfg_template('nspawn', Path('/etc/systemd/nspawn'), '{name}.nspawn')
template_files_container = [ template_files_container = [
cfg_template('sshd_config', Path('/etc/ssh'), 'sshd_config'), cfg_template('sshd_config', Path('/etc/ssh'), 'sshd_config'),
cfg_template('80-container.host0.network', Path('/etc/systemd/network'), cfg_template('80-container-host0.network', Path('/etc/systemd/network'),
'80-container.host0.network') '80-container-host0.network')
] ]
FLAVOUR = 'buster' FLAVOUR = 'buster'
...@@ -113,7 +113,7 @@ def next_ip_address(config_file, name): ...@@ -113,7 +113,7 @@ def next_ip_address(config_file, name):
else: else:
ip_container[3] = ip_c[3] + 1 ip_container[3] = ip_c[3] + 1
return (ip_host.join('.'), ip_container.join('.')) return ('.'.join(str(x) for x in ip_host), '.'.join(str(x) for x in ip_container))
def update_config(config_file, name, container): def update_config(config_file, name, container):
...@@ -149,7 +149,7 @@ def create_container(dry_run, config_file, name): ...@@ -149,7 +149,7 @@ def create_container(dry_run, config_file, name):
www_dir.mkdir(parents=True, exist_ok=True) www_dir.mkdir(parents=True, exist_ok=True)
# place configuration files # place configuration files
ip_address_container, ip_address_host = next_ip_address(config_file, name) ip_address_host, ip_address_container = next_ip_address(config_file, name)
ssh_port = next_ssh_port(config_file, name) ssh_port = next_ssh_port(config_file, name)
context = { context = {
'name': name, 'name': name,
...@@ -183,6 +183,13 @@ def create_container(dry_run, config_file, name): ...@@ -183,6 +183,13 @@ def create_container(dry_run, config_file, name):
Path(script_location_host).chmod(0o755) Path(script_location_host).chmod(0o755)
run(['systemd-nspawn', '-D', str(machine_path), script_location], check=True) run(['systemd-nspawn', '-D', str(machine_path), script_location], check=True)
click.echo(f'Installing systemd-nspawn config for container {name}')
if not dry_run:
template = env.get_template('host/' + nspawn_config.source)
file_name = nspawn_config.path / (nspawn_config.filename.format(**context))
with open(file_name, 'w+') as cfg_file:
cfg_file.write(template.render(context))
click.echo('Copying config files into container') click.echo('Copying config files into container')
if not dry_run: if not dry_run:
for cfg in template_files_container: for cfg in template_files_container:
...@@ -197,9 +204,9 @@ def create_container(dry_run, config_file, name): ...@@ -197,9 +204,9 @@ def create_container(dry_run, config_file, name):
if not dry_run: if not dry_run:
for ip_range in SSN_IP_RANGES: for ip_range in SSN_IP_RANGES:
run(['iptables', '-A', 'INPUT', '-p', 'tcp', '-m', 'tcp', run(['iptables', '-A', 'INPUT', '-p', 'tcp', '-m', 'tcp',
'--dport', ssh_port, '-s', ip_range, '-j', 'ACCEPT']) '--dport', str(ssh_port), '-s', ip_range, '-j', 'ACCEPT'])
run(['iptables', '-t' , 'nat', '-A', 'PREROUTING', '-p', 'tcp', run(['iptables', '-t' , 'nat', '-A', 'PREROUTING', '-p', 'tcp',
'-m' ,'tcp', '--dport', ssh_port, '-s', ip_range, '-j', 'DNAT', '-m' ,'tcp', '--dport', str(ssh_port), '-s', ip_range, '-j', 'DNAT',
'--to-destination', f'{ip_address_container}:22']) '--to-destination', f'{ip_address_container}:22'])
run(['iptables', '-t', 'nat', '-A', 'POSTROUTING', '-o', f've-{name}', run(['iptables', '-t', 'nat', '-A', 'POSTROUTING', '-o', f've-{name}',
'-j', 'SNAT', '--to-source', IP_LUSTMOLCH]) '-j', 'SNAT', '--to-source', IP_LUSTMOLCH])
...@@ -264,6 +271,12 @@ def remove_container(dry_run, config_file, name): ...@@ -264,6 +271,12 @@ def remove_container(dry_run, config_file, name):
file_name.unlink() file_name.unlink()
except OSError as e: except OSError as e:
click.echo(f'{e} ignored when removing file {file_name}') click.echo(f'{e} ignored when removing file {file_name}')
click.echo('Removing nspawn config')
try:
(nspawn_config.path / nspawn_config.filename.format(name=name)).unlink()
except OSError as e:
click.echo(f'{e} ignored when removing nspawn config')
# delete container itself # delete container itself
click.echo(f'Removing container') click.echo(f'Removing container')
......
templates/container/80-container.host0.network templates/container/80-container-host0.network
+ 2
1
View file @ b97798b2
...@@ -17,7 +17,8 @@ Name=host0 ...@@ -17,7 +17,8 @@ Name=host0
[Network] [Network]
DHCP=no DHCP=no
DNS={{ ip_address_host }} DNS=10.150.127.2
DNS=10.150.125.2
Address={{ ip_address_container }}/{{ ip_subnet_length }} Address={{ ip_address_container }}/{{ ip_subnet_length }}
Gateway={{ ip_address_host }} Gateway={{ ip_address_host }}
LLDP=yes LLDP=yes
......
templates/container/bootstrap.sh
+ 3
2
View file @ b97798b2
...@@ -2,5 +2,6 @@ ...@@ -2,5 +2,6 @@
apt-get update apt-get update
apt-get -y upgrade apt-get -y upgrade
apt-get -y install dbus openssh-server vim systemd-networkd apt-get -y install dbus openssh-server vim
systemctl enable systemd-networkd.service systemctl enable systemd-networkd.service
\ No newline at end of file systemctl enable systemd-resolved.service
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment