Getting Started With LXC

The LXC module is designed to install Salt in an LXC container on a controlled and possibly remote minion.

In other words, Salt will connect to a minion, then from that minion:

  • Provision and configure a container for networking access

  • Use those modules to deploy salt and re-attach to master.

Limitations

  • You can only act on one minion and one provider at a time.
  • Listing images must be targeted to a particular LXC provider (nothing will be outputted with all)

Warning

On pre 2015.5.2, you need to specify explitly the network bridge

Operation

Salt's LXC support does use lxc.init via the lxc.cloud_init_interface and seeds the minion via seed.mkconfig.

You can provide to those lxc VMs a profile and a network profile like if you were directly using the minion module.

Order of operation:

  • Create the LXC container on the desired minion (clone or template)
  • Change LXC config options (if any need to be changed)
  • Start container
  • Change base passwords if any
  • Change base DNS configuration if necessary
  • Wait for LXC container to be up and ready for ssh
  • Test SSH connection and bailout in error
  • Upload deploy script and seeds, then re-attach the minion.

Provider configuration

Here is a simple provider configuration:

# Note: This example goes in /etc/salt/cloud.providers or any file in the
# /etc/salt/cloud.providers.d/ directory.
devhost10-lxc:
  target: devhost10
  provider: lxc

Profile configuration

Please read LXC Management with Salt before anything else. And specially Profiles.

Here are the options to configure your containers:

target
Host minion id to install the lxc Container into
lxc_profile
Name of the profile or inline options for the LXC vm creation/cloning, please see Container Profiles.
network_profile
Name of the profile or inline options for the LXC vm network settings, please see Network Profiles.
nic_opts

Totally optionnal. Per interface new-style configuration options mappings which will override any profile default option:

eth0: {'mac': '00:16:3e:01:29:40',
              'gateway': None, (default)
              'link': 'br0', (default)
              'gateway': None, (default)
              'netmask': '', (default)
              'ip': '22.1.4.25'}}
password
password for root and sysadmin users
dnsservers
List of DNS servers to use. This is optional.
minion
minion configuration (see Minion Configuration in Salt Cloud)
bootstrap_shell
shell for bootstraping script (default: /bin/sh)
script
defaults to salt-boostrap
script_args

arguments which are given to the bootstrap script. the {0} placeholder will be replaced by the path which contains the minion config and key files, eg:

script_args="-c {0}"

Using profiles:

# Note: This example would go in /etc/salt/cloud.profiles or any file in the
# /etc/salt/cloud.profiles.d/ directory.
devhost10-lxc:
  provider: devhost10-lxc
  lxc_profile: foo
  network_profile: bar
  minion:
    master: 10.5.0.1
    master_port: 4506

Using inline profiles (eg to override the network bridge):

devhost11-lxc:
  provider: devhost10-lxc
  lxc_profile:
    clone_from: foo
  network_profile:
    etho:
      link: lxcbr0
  minion:
    master: 10.5.0.1
    master_port: 4506

Template instead of a clone:

devhost11-lxc:
  provider: devhost10-lxc
  lxc_profile:
    template: ubuntu
  network_profile:
    etho:
      link: lxcbr0
  minion:
    master: 10.5.0.1
    master_port: 4506

Static ip:

# Note: This example would go in /etc/salt/cloud.profiles or any file in the
# /etc/salt/cloud.profiles.d/ directory.
devhost10-lxc:
  provider: devhost10-lxc
  nic_opts:
    eth0:
      ipv4: 10.0.3.9
  minion:
    master: 10.5.0.1
    master_port: 4506

DHCP:

# Note: This example would go in /etc/salt/cloud.profiles or any file in the
# /etc/salt/cloud.profiles.d/ directory.
devhost10-lxc:
  provider: devhost10-lxc
  minion:
    master: 10.5.0.1
    master_port: 4506

Driver Support

  • Container creation
  • Image listing (LXC templates)
  • Running container information (IP addresses, etc.)