salt/doc/topics/cloud/lxc.rst

.. _config_lxc:

========================
Getting Started With LXC
========================

The LXC module is designed to install Salt in an LXC container on a controlled
and possibly remote minion.

In other words, Salt will connect to a minion, then from that minion:

- Provision and configure a container for networking access
- Use those modules to deploy salt and re-attach to master.

    - :mod:`lxc runner <salt.runners.lxc>`
    - :mod:`lxc module <salt.modules.lxc>`
    - :mod:`seed <salt.modules.config>`

Limitations
-----------

- You can only act on one minion and one provider at a time.
- Listing images must be targeted to a particular LXC provider (nothing will be
  outputted with ``all``)

Operation
---------

Salt's LXC support does use :mod:`lxc.init <salt.modules.lxc.init>`
via the :mod:`lxc.cloud_init_interface <salt.modules.lxc.cloud_init_interface>`
and seeds the minion via :mod:`seed.mkconfig <salt.modules.seed.mkconfig>`.

You can provide to those lxc VMs a profile and a network profile like if
you were directly using the minion module.

Order of operation:

- Create the LXC container on the desired minion (clone or template)
- Change LXC config options (if any need to be changed)
- Start container
- Change base passwords if any
- Change base DNS configuration if necessary
- Wait for LXC container to be up and ready for ssh
- Test SSH connection and bailout in error
- Upload deploy script and seeds, then re-attach the minion.


Provider configuration
----------------------

Here is a simple provider configuration:

.. code-block:: yaml

    # Note: This example goes in /etc/salt/cloud.providers or any file in the
    # /etc/salt/cloud.providers.d/ directory.
    devhost10-lxc:
      target: devhost10
      driver: lxc

.. note::
    .. versionchanged:: 2015.8.0

    The ``provider`` parameter in cloud provider definitions was renamed to ``driver``. This
    change was made to avoid confusion with the ``provider`` parameter that is used in cloud profile
    definitions. Cloud provider definitions now use ``driver`` to refer to the Salt cloud module that
    provides the underlying functionality to connect to a cloud host, while cloud profiles continue
    to use ``provider`` to refer to provider configurations that you define.

Profile configuration
---------------------

Please read :ref:`tutorial-lxc` before anything else.
And specially :ref:`tutorial-lxc-profiles`.

Here are the options to configure your containers:


    target
        Host minion id to install the lxc Container into
    lxc_profile
        Name of the profile or inline options for the LXC vm creation/cloning,
        please see :ref:`tutorial-lxc-profiles-container`.
    network_profile
        Name of the profile or inline options for the LXC vm network settings,
        please see :ref:`tutorial-lxc-profiles-network`.
    nic_opts
        Totally optional.
        Per interface new-style configuration options mappings which will
        override any profile default option::

              eth0: {'mac': '00:16:3e:01:29:40',
                            'gateway': None, (default)
                            'link': 'br0', (default)
                            'gateway': None, (default)
                            'netmask': '', (default)
                            'ip': '22.1.4.25'}}

    password
        password for root and sysadmin users
    dnsservers
        List of DNS servers to use. This is optional.
    minion
        minion configuration (see :ref:`Minion Configuration in Salt Cloud <salt-cloud-config>`)
    bootstrap_delay
        specify the time to wait (in seconds) between container creation
        and salt bootstrap execution. It is useful to ensure that all essential services
        have started before the bootstrap script is executed. By default there's no
        wait time between container creation and bootstrap unless you are on systemd
        where we wait that the system is no more in starting state.
    bootstrap_shell
        shell for bootstraping script (default: /bin/sh)
    script
        defaults to salt-boostrap
    script_args
        arguments which are given to the bootstrap script.
        the {0} placeholder will be replaced by the path which contains the
        minion config and key files, eg::

            script_args="-c {0}"


Using profiles:

.. code-block:: yaml

    # Note: This example would go in /etc/salt/cloud.profiles or any file in the
    # /etc/salt/cloud.profiles.d/ directory.
    devhost10-lxc:
      provider: devhost10-lxc
      lxc_profile: foo
      network_profile: bar
      minion:
        master: 10.5.0.1
        master_port: 4506

Using inline profiles (eg to override the network bridge):

.. code-block:: yaml

    devhost11-lxc:
      provider: devhost10-lxc
      lxc_profile:
        clone_from: foo
      network_profile:
        etho:
          link: lxcbr0
      minion:
        master: 10.5.0.1
        master_port: 4506

Using a lxc template instead of a clone:

.. code-block:: yaml

    devhost11-lxc:
      provider: devhost10-lxc
      lxc_profile:
        template: ubuntu
        # options:
        #   release: trusty
      network_profile:
        etho:
          link: lxcbr0
      minion:
        master: 10.5.0.1
        master_port: 4506

Static ip:

.. code-block:: yaml

    # Note: This example would go in /etc/salt/cloud.profiles or any file in the
    # /etc/salt/cloud.profiles.d/ directory.
    devhost10-lxc:
      provider: devhost10-lxc
      nic_opts:
        eth0:
          ipv4: 10.0.3.9
      minion:
        master: 10.5.0.1
        master_port: 4506

DHCP:

.. code-block:: yaml

    # Note: This example would go in /etc/salt/cloud.profiles or any file in the
    # /etc/salt/cloud.profiles.d/ directory.
    devhost10-lxc:
      provider: devhost10-lxc
      minion:
        master: 10.5.0.1
        master_port: 4506

Driver Support
--------------

- Container creation
- Image listing (LXC templates)
- Running container information (IP addresses, etc.)