Created
November 11, 2021 10:47
-
-
Save aivanise/e6efcbdf18ca998a9dcaa808feba952f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # build a nested lxd lxd ;) container using the host zfs | |
| set -o errexit | |
| if [[ -z "$1" ]]; then | |
| echo "usage $0 hostname cluster_host [ pool_name ] [ cluster_password ]" | |
| echo "usage $0 lxd3 lxd1 rpool/lxd3" | |
| exit | |
| fi | |
| set -x | |
| name=$1 | |
| echo building $name | |
| :; lxc delete $name --force || true | |
| :; lxc launch images:centos/8 $name -c security.nesting=true -c security.privileged=true | |
| :; lxc config device add $name zfs unix-char path=/dev/zfs | |
| # networking | |
| :; ip=$(getent hosts $name | cut -d' ' -f 1); echo got IP $ip | |
| while [[ -z "$(lxc --quiet ls --format csv lxd3 -c 4)" ]]; do sleep 1; done | |
| # get the first ethernet device | |
| :; netdev=$(lxc exec $name -- nmcli --terse -f DEVICE,TYPE device status < /dev/null | fgrep ethernet | head -1| cut -d: -f1) | |
| # clean up everything | |
| :; lxc exec $name -- nmcli --terse -f UUID con show < /dev/null | xargs -r lxc exec $name -- nmcli con del | |
| # add the bridge | |
| :; lxc exec $name -- nmcli con add con-name br0 ifname br0 type bridge stp no ip4 $ip/23 gw4 192.168.220.254 ipv4.dns 192.168.220.254 ipv4.dns-search 2e-systems.com | |
| # and the eth itself | |
| :; lxc exec $name -- nmcli con add con-name $netdev ifname $netdev type ethernet master br0 | |
| # install software | |
| :; rel=$(lxc exec $name -- cat /etc/centos-release | tr -dc "0-9." | cut -d. -f1-2 | tr . _ ) | |
| :; lxc exec $name -- dnf -y install dnf-plugins-core https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm https://zfsonlinux.org/epel/zfs-release.el$rel.noarch.rpm | |
| :; lxc exec $name -- dnf config-manager --disable zfs | |
| :; lxc exec $name -- dnf config-manager --enable zfs-kmod | |
| :; lxc exec $name -- dnf -y install snapd zfs openssh-server | |
| :; lxc exec $name -- systemctl enable --now snapd.socket | |
| :; lxc exec $name -- systemctl enable --now snapd | |
| :; lxc exec $name -- systemctl mask zfs-mount zfs-zed zfs-share | |
| :; lxc exec $name -- dnf -y install fuse squashfuse fuse-overlayfs snapd less strace nmap socat | |
| # sometimes this fails with udev or snap mount errors | |
| until lxc exec $name -- snap install lxd; do sleep 10; done | |
| :; lxc restart $name --force --timeout 2 | |
| while [[ -z "$(lxc --quiet ls --format csv $name -c 4)" ]]; do sleep 1; done | |
| # only if cluster_address is specified | |
| [[ "$2" ]] | |
| cluster_address=$2 | |
| pool=${HOSTNAME%%.*}/$name/lxd | |
| [[ "$3" ]] && pool=$3 | |
| [[ "$4" ]] && cluster_password=$4 | |
| :; cat<<EOF>/tmp/cluster.yaml | |
| cluster: | |
| enabled: true | |
| server_name: ${name} | |
| server_address: ${name}:8443 | |
| cluster_address: $cluster_address:8443 | |
| cluster_certificate: "$(openssl s_client -showcerts $cluster_address:8443 <<< "" 2> /dev/null| openssl x509 | sed ':a;N;$!ba;s/\n/\n\n/g') | |
| " | |
| cluster_password: "$cluster_password" | |
| member_config: | |
| - entity: storage-pool | |
| name: ee | |
| key: source | |
| value: $pool | |
| EOF | |
| :; cat<<EOF>/tmp/hosts | |
| 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 | |
| ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 | |
| EOF | |
| :; lxc file push /tmp/hosts $name/etc/hosts | |
| :; lxc file push /tmp/cluster.yaml $name/tmp/cluster.yaml | |
| :; lxc exec $name -- bash -ic 'lxd init --preseed < /tmp/cluster.yaml' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment