Puppet Class: vagrant::lxc

Defined in:
modules/vagrant/manifests/lxc.pp

Overview

SPDX-License-Identifier: Apache-2.0

Class: vagrant::lxc

Provision LXC for use as a Vagrant container.

WARNING: For use only in the Labs environment. Installation of the vagrant-lxc plugin is done by fetching ruby gems over the internet.



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
 
# File 'modules/vagrant/manifests/lxc.pp', line 9

class vagrant::lxc {
    require ::vagrant
    require ::lxc

    ensure_packages('build-essential')
    ensure_packages('ruby-dev')

    ::vagrant::plugin { 'vagrant-lxc':
        ensure  => present,
        require => [
            Package['build-essential'],
            Package['ruby-dev'],
        ],
    }

    # Make sure that the plugin wrapper script is NOT installed
    file { '/usr/local/bin/vagrant-lxc-wrapper':
        ensure  => 'absent',
        require => Vagrant::Plugin['vagrant-lxc'],
    }

    # Allow sudo for common vagrant lxc commands instead of using the plugin's
    # kind of scary sudo proxy ruby script.
    # See https://github.com/fgrehm/vagrant-lxc/blob/master/lib/vagrant-lxc/command/sudoers.rb
    sudo::user { 'vagrant-lxc':
        user       => 'mwvagrant',
        privileges => [
            ## vagrant-lxc < 2.1.0
            # Container config file
            'ALL=(root) NOPASSWD: /bin/cat /var/lib/lxc/*/config',
            # Shared folders
            'ALL=(root) NOPASSWD: /bin/mkdir -p /var/lib/lxc/*/rootfs/*',
            'ALL=(root) NOPASSWD: /bin/sed -r -e * -ibak /etc/exports',
            'ALL=(root) NOPASSWD: /usr/bin/tee -a /etc/exports',
            'ALL=(root) NOPASSWD: /usr/sbin/exportfs -ar',
            # Container config customizations and pruning
            'ALL=(root) NOPASSWD: /bin/cp -f /tmp/lxc-config* /var/lib/lxc/*/config',
            'ALL=(root) NOPASSWD: /bin/chown root\:root /var/lib/lxc/*/config*',
            # Template import
            "ALL=(root) NOPASSWD: /bin/cp ${::vagrant::vagrant_home}/gems/gems/vagrant-lxc*/scripts/lxc-template /usr/share/lxc/templates/*",
            'ALL=(root) NOPASSWD: /bin/chmod +x /usr/share/lxc/templates/*',
            # Template removal
            'ALL=(root) NOPASSWD: /bin/rm /usr/share/lxc/templates/*',
            # Private network script and commands
            'ALL=(root) NOPASSWD: /sbin/ip addr add */24 dev *',
            'ALL=(root) NOPASSWD: /sbin/ifconfig * down',
            'ALL=(root) NOPASSWD: /sbin/brctl addbr *',
            'ALL=(root) NOPASSWD: /sbin/brctl delbr *',
            "ALL=(root) NOPASSWD: ${::vagrant::vagrant_home}/gems/gems/vagrant-lxc*/scripts/pipework *",
            # Driver commands
            'ALL=(root) NOPASSWD: /usr/bin/which lxc-*',
            'ALL=(root) NOPASSWD: /usr/bin/lxc-attach --name *',
            'ALL=(root) NOPASSWD: /usr/bin/lxc-attach -h',
            'ALL=(root) NOPASSWD: /usr/bin/lxc-config lxc.lxcpath',
            'ALL=(root) NOPASSWD: /usr/bin/lxc-create --version',
            'ALL=(root) NOPASSWD: /usr/bin/lxc-create -B * --template * --name *',
            'ALL=(root) NOPASSWD: /usr/bin/lxc-destroy --name *',
            'ALL=(root) NOPASSWD: /usr/bin/lxc-info --name *',
            'ALL=(root) NOPASSWD: /usr/bin/lxc-ls',
            'ALL=(root) NOPASSWD: /usr/bin/lxc-shutdown --name *',
            'ALL=(root) NOPASSWD: /usr/bin/lxc-start -d --name *',
            'ALL=(root) NOPASSWD: /usr/bin/lxc-stop --name *',
            'ALL=(root) NOPASSWD: /usr/bin/lxc-version',
            # Cleanup tmp files
            'ALL=(root) NOPASSWD: /bin/rm -rf /var/lib/lxc/*/rootfs/tmp/*',
            # NFS
            'ALL=(root) NOPASSWD: /etc/init.d/nfs-kernel-server *',
            'ALL=(root) NOPASSWD: /bin/sed -r -e * -ibak /tmp/exports',
            'ALL=(root) NOPASSWD: /bin/cp /tmp/exports /etc/exports',

            ## vagrant-lxc >= 2.1.0 (uses /usr/bin/env)
            # Container config file
            'ALL=(root) NOPASSWD: /usr/bin/env cat /var/lib/lxc/*/config',
            # Shared folders
            'ALL=(root) NOPASSWD: /usr/bin/env mkdir -p /var/lib/lxc/*/rootfs/*',
            'ALL=(root) NOPASSWD: /usr/bin/env sed -r -e * -ibak /etc/exports',
            'ALL=(root) NOPASSWD: /usr/bin/env tee -a /etc/exports',
            'ALL=(root) NOPASSWD: /usr/bin/env exportfs -ar',
            # Container config customizations and pruning
            'ALL=(root) NOPASSWD: /usr/bin/env cp -f /tmp/lxc-config* /var/lib/lxc/*/config',
            'ALL=(root) NOPASSWD: /usr/bin/env cp -f /srv/mediawiki-vagrant/lxc-config* /var/lib/lxc/*/config',
            'ALL=(root) NOPASSWD: /usr/bin/env chown root\:root /var/lib/lxc/*/config*',
            # Template import
            "ALL=(root) NOPASSWD: /usr/bin/env cp ${::vagrant::vagrant_home}/gems/gems/vagrant-lxc*/scripts/lxc-template /usr/share/lxc/templates/*",
            'ALL=(root) NOPASSWD: /usr/bin/env chmod +x /usr/share/lxc/templates/*',
            # Template removal
            'ALL=(root) NOPASSWD: /usr/bin/env rm /usr/share/lxc/templates/*',
            # Private network script and commands
            'ALL=(root) NOPASSWD: /usr/bin/env ip addr add */24 dev *',
            'ALL=(root) NOPASSWD: /usr/bin/env ifconfig * down',
            'ALL=(root) NOPASSWD: /usr/bin/env brctl addbr *',
            'ALL=(root) NOPASSWD: /usr/bin/env brctl delbr *',
            "ALL=(root) NOPASSWD: /usr/bin/env ${::vagrant::vagrant_home}/gems/*/gems/vagrant-lxc*/scripts/pipework *",
            # Driver commands
            'ALL=(root) NOPASSWD: /usr/bin/env which lxc-*',
            'ALL=(root) NOPASSWD: /usr/bin/env lxc-attach --name *',
            'ALL=(root) NOPASSWD: /usr/bin/env lxc-attach -h',
            'ALL=(root) NOPASSWD: /usr/bin/env lxc-config lxc.lxcpath',
            'ALL=(root) NOPASSWD: /usr/bin/env lxc-create --version',
            'ALL=(root) NOPASSWD: /usr/bin/env lxc-create -B * --template * --name *',
            'ALL=(root) NOPASSWD: /usr/bin/env lxc-destroy --name *',
            'ALL=(root) NOPASSWD: /usr/bin/env lxc-info --name *',
            'ALL=(root) NOPASSWD: /usr/bin/env lxc-ls',
            'ALL=(root) NOPASSWD: /usr/bin/env lxc-shutdown --name *',
            'ALL=(root) NOPASSWD: /usr/bin/env lxc-start -d --name *',
            'ALL=(root) NOPASSWD: /usr/bin/env lxc-stop --name *',
            'ALL=(root) NOPASSWD: /usr/bin/env lxc-update-config -c /var/lib/lxc/*',
            'ALL=(root) NOPASSWD: /usr/bin/env lxc-update-config -c /srv/vagrant-data/*',
            'ALL=(root) NOPASSWD: /usr/bin/env lxc-version',
            # Cleanup tmp files
            'ALL=(root) NOPASSWD: /usr/bin/env rm -rf /var/lib/lxc/*/rootfs/tmp/*',
            # NFS
            'ALL=(root) NOPASSWD: /usr/bin/env /etc/init.d/nfs-kernel-server *',
            'ALL=(root) NOPASSWD: /usr/bin/env sed -r -e * -ibak /tmp/exports',
            'ALL=(root) NOPASSWD: /usr/bin/env cp /tmp/exports /etc/exports',

            # Vagrant 1.9.1
            # NFS
            'ALL=(root) NOPASSWD: /bin/chown 0\:0 /tmp/vagrant*',
            'ALL=(root) NOPASSWD: /bin/mv -f /tmp/vagrant* /etc/exports',
            'ALL=(root) NOPASSWD: /bin/chown 0\:0 /srv/mediawiki-vagrant/vagrant*',
            'ALL=(root) NOPASSWD: /bin/mv -f /srv/mediawiki-vagrant/vagrant* /etc/exports',
        ],
    }
}