LXC containers management

  • makinastates lxc container integration consists in:

    • spawning lxc containers including static ip allocation and port mapping
    • providing NAT, DHCP & DNS (dnsmasq & makinastates magicbridge)
    • configuring reverse proxies on the baremetal using:
      • a frontal haproxy proxy incoming https(s) requests
      • iptable to reverse proxy ssh requests
  • WARNING currently only those backing store are supported/tested: dir, overlayfs.

  • We name:

    $controller : the station from where we will operate to controll other resources

    $cn : the compute node where we will spawn LXC containers

    $vm : the LXC container to spawn

    $vm_tmpl : the name of the container to clone from

Preliminary configuration

  • Go into makina-states folder:

    cd /srv/makina-states
  • Edit database.sls, specially ips, vms, & cloud_vm_attrs:

    $EDITOR etc/makina-states/database.sls
    • ips should container the ips for $controller (usually localhost), and the $cn

    • vms should contain a reference to indicate where we will spawn your container

          mycontainer.foo.loc:  # <- baremetal
            - foocontainer.truc.foo # <- container
    • cloud_vm_attrs should certainly contain domains to proxy http requests to underlyiung containers

  • Define shell variable to copy/paste following commands:

    export controller="$(hostname -f)"
    export cn="$(hostname -f)"
    # export cn="c.foo.net"
    export vm="d.foo.net"
    export vm_tmpl="makinastates"

Preparation on the controller

  • Refresh cache:

    # bin/salt-call -lall \
    #  state.sls makina-states.services.cache.memcached # the first time
    service memcached restart
    # or with limit on hosts that the run will be
    ANSIBLE_TARGETS="$controller,$vm,$cn" _scripts/refresh_makinastates_pillar.sh

Preinstalling makina-states (controller & each compute node)

  • Installing it on controller:

    ANSIBLE_TARGETS="$controller" bin/ansible-playbook \
  • Installing it on compute nodes:

    ANSIBLE_TARGETS="$cn" bin/ansible-playbook \

Configure the dns on a full makina-states infra with mc_pillar

ANSIBLE_TARGETS="$DNS_MASTER" bin/ansible-playbook \
  • Configure compute_node with:
ANSIBLE_TARGETS="$cn" ansible-playbook \

Cooking and delivery of container / container templates

  • Initialise a lxc container that will be the base of our image (after creation go edit in it until sastified of the result):

    ANSIBLE_TARGETS="$controller,lxc$vm_tmpl" bin/ansible-playbook \
  • Synchronise it to an offline image, this will copy the container to the image, and remove parts from it (like sshkeys) to impersonate it:

    ANSIBLE_TARGETS="$controller" bin/ansible-playbook \
      ansible/plays/cloud/snapshot_container.yml -e "lxc_template=$vm_tmpl lxc_container_name=lxc$vm_tmpl"
    • Arguments:

      ANSIBLE_TARGETS : compute node where the container resides (must be in ansible inventory)

      lxc_template : lxc image to create

      lxc_container_name : lxc container which serve as a base for the image

  • Transfer the template to the compute node where you want to spawn containers from that image:

    ANSIBLE_TARGETS="$cn" ansible-playbook \
     ansible/plays/cloud/sync_container.yml \
         -e "lxc_orig_host=$controller lxc_container_name=$vm_tmpl"
    • Arguments:

      ANSIBLE_TARGETS : both orig and dest

      lxc_host : where to transfer container/template

      lxc_orig_host : where from transfer container/template

      lxc_container_name : lxc container to transfer

lxc template creation

release=vivid  # choose your distrib here
lxc-create -t ubuntu -n ${release}
lxc-clone -n lxcmakinastates${release} -o ${release} -- -r ${release}
lxc-attach -n lxcmakinastates${release}
apt-get install git python ca-certificates
git clone https://github.com/makinacorpus/makina-states.git /srv/makina-states
/srv/makina-states/_scripts/boot-salt.sh -C -n lxccontainer --highstates || ( \
    && \
    . /srv/makina-states/venv/bin/activate &&\
    pip install --upgrade pip &&\
    deactivate &&\
    /srv/makina-states/_scripts/boot-salt.sh -C --highstates)
# any additionnal stuff to complete the image
# cmd1

Initialise a container

  • Initialise and finish the container provisioning (from scratch)

    ANSIBLE_TARGETS="$cn,$vm" bin/ansible-playbook \
    • Arguments:

      ANSIBLE_TARGETS : compute node where the container resides (must be in ansible inventary) & lxc container to create

      lxc_from_container : lxc container from which initing the container

      lxc_backing_store : (opt) backing store to use

  • Initialise and finish the container provisioning (from template):

    ANSIBLE_TARGETS="$cn,vm" bin/ansible-playbook \
      ansible/plays/cloud/create_container.yml -e "lxc_from_container=$vm_tmpl"
  • Special case: use overlayfs to create the container:

    ANSIBLE_TARGETS="$cn,$vm" bin/ansible-playbook \
     ansible/plays/cloud/create_container.yml \
      -e "lxc_from_container=$vm_tmpl lxc_backing_store=overlayfs"
Last Updated: 2017-04-11