Archive abandoned project

2025-02-15 00:56:26 +09:00 · 2025-02-15 00:56:26 +09:00 · 65be894048
commit 65be894048
parent bc8862d90b
501 changed files with 24305 additions and 0 deletions
--- a/esh_lxd/recipes/containers.rb
+++ b/esh_lxd/recipes/containers.rb
@ -0,0 +1,136 @@
+#
+# Cookbook:: esh_lxd
+# Recipe:: containers
+#
+# Copyright:: 2022, https://easyself.host
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+node['esh']['lxd']['containers'].each do |container, params|
+  if params['type'] == 'lxc'
+    execute "create container #{container}" do
+      command "lxc launch images:#{params['image']} #{container}"
+      not_if "lxc info #{container}"
+      live_stream true
+    end
+  end
+  if params['type'] == 'vm'
+    execute "create vm #{container}" do
+      command <<~EOT
+        lxc launch images:#{params['image']} #{container} --vm
+        sleep 1m
+        lxc stop #{container}
+      EOT
+      not_if "lxc info #{container}"
+      live_stream true
+    end
+  end
+
+  params['volumes'].each do |name, vol_params|
+    execute "create volume #{name} on #{vol_params['pool']} for #{container}" do
+      command "lxc storage volume create #{vol_params['pool']} #{name}"
+      not_if "lxc storage volume show #{vol_params['pool']} #{name}"
+      live_stream true
+    end
+
+    execute "add volume #{name} on #{vol_params['pool']} for #{container}:/var/lib/#{name}" do
+      command "lxc config device add #{container} #{name} disk pool=#{vol_params['pool']} source=#{name} path=#{vol_params['path']}"
+      not_if "lxc config device get #{container} #{name} path"
+      live_stream true
+    end
+  end
+  
+  if params['type'] == 'vm'
+    execute "set vm mem #{container}" do
+      command "lxc config set #{container} limits.memory=#{params['mem']}"
+      not_if "lxc config get #{container} limits.memory | grep #{params['mem']}"
+      live_stream true
+    end
+    execute "set vm cpu #{container}" do
+      command "lxc config set #{container} limits.cpu=#{params['cpu']}"
+      not_if "lxc config get #{container} limits.cpu | grep #{params['cpu']}"
+      live_stream true
+    end
+    execute "set vm disk #{container}" do
+      command "lxc config device override #{container} root size=#{params['disk']}"
+      not_if "lxc config device get #{container} root size | grep -q #{params['disk']}"
+      live_stream true
+    end
+    execute "start vm #{container}" do
+      command "lxc start #{container} && sleep 1m"
+      only_if "lxc info #{container} | grep -q STOPPED"
+      live_stream true
+    end
+  end
+
+  unless params['cinc_flavor'].nil?
+    distribution = params['cinc_flavor'].split('/').first
+    release = params['cinc_flavor'].split('/').last
+    cinc_url = node['esh']['cinc'][distribution][release]['url']
+    filename = cinc_url.split('/').last
+
+    esh_cinc_download cinc_url do
+      distribution distribution
+      release release
+    end
+
+    execute "push cinc to container #{container}" do
+      command "lxc file push #{Chef::Config['file_cache_path']}/#{distribution}/#{release}/#{filename} #{container}/opt/"
+      not_if "lxc exec #{container} -- test -f /opt/#{filename}"
+      live_stream true
+      # Sometimes the container has just been created and copy fail since
+      # starting take a few secs
+      retries 3
+    end
+
+    execute "install cinc to container #{container}" do
+      command "lxc exec #{container} -- apt install -y /opt/#{filename}"
+      not_if "lxc exec #{container} -- dpkg -s cinc"
+      live_stream true
+    end
+  end
+
+  execute "lxc restart #{container}" do
+    command "lxc restart #{container}"
+    action :nothing
+  end
+
+  unless params['apparmor'].nil?
+    execute "set apparmor profile for #{container}" do
+      command "lxc config set #{container} raw.lxc lxc.apparmor.profile=#{params['apparmor']}"
+      not_if do
+        `lxc config get #{container} raw.lxc`.strip == "lxc.apparmor.profile=#{params['apparmor']}"
+      end
+      live_stream true
+      notifies :run, "execute[lxc restart #{container}]", :immediately
+    end
+  end
+
+  unless params['security.nesting'].nil?
+    execute "set security.nesting for #{container}" do
+      command "lxc config set #{container} security.nesting=#{params['security.nesting']}"
+      not_if do
+        `lxc config get #{container} security.nesting`.strip == params['security.nesting']
+      end
+      live_stream true
+      notifies :run, "execute[lxc restart #{container}]", :immediately
+    end
+  end
+
+  next if params['cloudflared'].nil?
+  params['cloudflared'].each do |tunnel_name, tunnel_hostname|
+    esh_cloudflared_tunnel tunnel_name do
+      tunnel_hostname tunnel_hostname
+    end
+  end
+end
--- a/esh_lxd/recipes/default.rb
+++ b/esh_lxd/recipes/default.rb
@ -0,0 +1,17 @@
+#
+# Cookbook:: esh_lxd
+# Recipe:: default
+#
+# Copyright:: 2022, https://easyself.host
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
--- a/esh_lxd/recipes/resolved.rb
+++ b/esh_lxd/recipes/resolved.rb
@ -0,0 +1,39 @@
+#
+# Cookbook:: esh_lxd
+# Recipe:: resolved
+#
+# Copyright:: 2022, https://easyself.host
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dns_address = `lxc network get lxdbr0 ipv4.address`.strip.chomp('/24')
+
+systemd_unit 'lxd-dns.service' do
+  content <<~EOU
+  [Unit]
+  Description=LXD DNS configuration
+  BindsTo=sys-subsystem-net-devices-lxdbr0.device
+  After=sys-subsystem-net-devices-lxdbr0.device
+
+  [Service]
+  Type=oneshot
+  ExecStart=/usr/bin/resolvectl dns lxdbr0 #{dns_address}
+  ExecStart=/usr/bin/resolvectl domain lxdbr0 ~lxd
+  ExecStopPost=/usr/bin/resolvectl revert lxdbr0
+  RemainAfterExit=yes
+
+  [Install]
+  WantedBy=sys-subsystem-net-devices-lxdbr0.device
+  EOU
+  action [:create, :enable, :start]
+end
--- a/esh_lxd/recipes/setup.rb
+++ b/esh_lxd/recipes/setup.rb
@ -0,0 +1,79 @@
+#
+# Cookbook:: esh_lxd
+# Recipe:: setup
+#
+# Copyright:: 2022, https://easyself.host
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# systemd need to be booted with systemd.unified_cgroup_hierarchy=0
+# otherwise, cgroup v1 container cannot be started, only v2
+# and some docker containers use v1
+
+#execute 'set systemd boot mode to cgroup v1' do
+#  command <<~EOT
+#  echo '# use cgroup1' >> /etc/default/grub
+#  echo 'GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX systemd.unified_cgroup_hierarchy=0"' \
+#    >> /etc/default/grub
+#  EOT
+#  notifies :run, 'execute[update grub]', :immediately
+#  not_if 'grep -q cgroup1 /etc/default/grub'
+#end
+#
+#cgroup = `stat -fc %T /sys/fs/cgroup/`.strip
+#ruby_block 'Check cgroup version' do
+#  block do
+#    if cgroup == 'cgroup2fs'
+#      Chef::Log.fatal('You need to reboot now to enable cgroup v1!')
+#      raise 'You need to reboot now to enable cgroup v1!'
+#    end
+#  end
+#  action :run
+#end
+#
+#execute 'update grub' do
+#  command 'update-grub2'
+#  action :nothing
+#end
+
+template '/tmp/lxd.yml' do
+  owner 'root'
+  group 'root'
+  mode '0644'
+  not_if 'lxc storage info nvme'
+  action :create
+end
+
+execute 'lxd init' do
+  command 'lxd init --preseed < /tmp/lxd.yml'
+  not_if 'lxc storage info nvme'
+  action :run
+end
+
+execute 'lxd change images storage location' do
+  command <<~EOT
+  lxc storage volume create nvme images
+  lxc config set storage.images_volume nvme/images
+  EOT
+  action :run
+  not_if 'lxc storage volume info nvme images'
+end
+
+unless node['esh']['lxd']['mtu'].nil?
+  mtu = node['esh']['lxd']['mtu']
+  execute "lxc network set lxdbr0 bridge.mtu #{mtu}" do
+    command "lxc network set lxdbr0 bridge.mtu #{mtu}"
+    action :run
+    not_if "lxc network get lxdbr0 bridge.mtu | grep -q #{mtu}"
+  end
+end