forked from saratov/infra
47 lines
1.2 KiB
Django/Jinja
47 lines
1.2 KiB
Django/Jinja
lxc.rootfs = /mnt/osl/var/lib/lxc/{{cont_name}}/rootfs
|
|
lxc.utsname = {{cont_name}}
|
|
lxc.tty = 4
|
|
lxc.pts = 1024
|
|
#lxc.id_map = u 0 100000 65536
|
|
#lxc.id_map = g 0 100000 65536
|
|
lxc.cap.drop = sys_module mac_admin mac_override sys_time
|
|
|
|
# When using LXC with apparmor, uncomment the next line to run unconfined:
|
|
#lxc.aa_profile = unconfined
|
|
|
|
{% for k,v in stack['nodes'][tmp_node]['net'].iteritems() %}
|
|
#networking for {{k}}
|
|
lxc.network.type = veth
|
|
lxc.network.flags = up
|
|
lxc.network.link = {{v.bridge}}
|
|
lxc.network.name = {{k}}
|
|
lxc.network.mtu = 1500
|
|
{% for a in v.ipv4 %}
|
|
lxc.network.ipv4 = {{a}}
|
|
{% endfor %}
|
|
{% if v.default is defined %}
|
|
lxc.network.ipv4.gateway = {{v.default}}
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
|
|
#cgroups
|
|
lxc.cgroup.devices.deny = a
|
|
# /dev/null and zero
|
|
lxc.cgroup.devices.allow = c 1:3 rwm
|
|
lxc.cgroup.devices.allow = c 1:5 rwm
|
|
# consoles
|
|
lxc.cgroup.devices.allow = c 5:1 rwm
|
|
lxc.cgroup.devices.allow = c 5:0 rwm
|
|
lxc.cgroup.devices.allow = c 4:0 rwm
|
|
lxc.cgroup.devices.allow = c 4:1 rwm
|
|
# /dev/{,u}random
|
|
lxc.cgroup.devices.allow = c 1:9 rwm
|
|
lxc.cgroup.devices.allow = c 1:8 rwm
|
|
lxc.cgroup.devices.allow = c 136:* rwm
|
|
lxc.cgroup.devices.allow = c 5:2 rwm
|
|
# rtc
|
|
lxc.cgroup.devices.allow = c 10:135 rwm
|
|
|
|
lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
|