aboutsummaryrefslogtreecommitdiff
path: root/manifests/subsystem/virtual
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/subsystem/virtual')
-rw-r--r--manifests/subsystem/virtual/instance.pp207
1 files changed, 207 insertions, 0 deletions
diff --git a/manifests/subsystem/virtual/instance.pp b/manifests/subsystem/virtual/instance.pp
new file mode 100644
index 0000000..726752f
--- /dev/null
+++ b/manifests/subsystem/virtual/instance.pp
@@ -0,0 +1,207 @@
+# Define a virtual server instance
+define nodo::subsystem::virtual::instance(
+ $context,
+ $distro = 'jessie',
+ $ensure = 'running',
+ $proxy = false,
+ $puppetmaster = false,
+ $gitd = false,
+ $mail = false,
+ $icecast = false,
+ $sound = false,
+ $tor = false,
+ $ticket = false,
+ $memory_limit = false,
+ $dns = false,
+ $jabber = false,
+ $mumble = false,
+ $gobby = false,
+ $yacy = false,
+ $rsync = false,
+ $avahi = false,
+ $munin_port = false,
+ $monkeysphere_ssh_port = false,
+ $implementation = false
+) {
+ # Instance id
+ if $context <= 9 {
+ $id = "0$context"
+ } else {
+ $id = $context
+ }
+
+ # Puppetmaster ssl port
+ case $puppetmaster_port {
+ '': { $puppetmaster_port = "8140" }
+ }
+
+ # Set puppetmaster non-ssl port
+ case $puppetmaster_nonssl_port {
+ '': { $puppetmaster_nonssl_port = "8141" }
+ }
+
+ # Tor port
+ case $tor_port {
+ '': { $tor_port = "9001" }
+ }
+
+ $dev = hiera('nodo::subsystem::vm::interface', 'eth0')
+
+ if $implementation == 'vserver' {
+ virtual::vserver { $name:
+ ensure => $ensure,
+ context => "$context",
+ mark => 'default',
+ distro => $distro,
+ interface => "${dev}:192.168.0.${context}/24",
+ hostname => "$name.$domain",
+ memory_limit => $memory_limit,
+ }
+
+ # Some nodes need a lot of space at /tmp otherwise some admin
+ # tasks like backups might not run.
+ file { "/etc/vservers/${name}/fstab":
+ source => [ "puppet:///modules/site_nodo/etc/fstab/vserver/$name",
+ "puppet:///modules/nodo/etc/fstab/vserver" ],
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => present,
+ notify => Exec["vs_restart_${name}"],
+ require => Exec["vs_create_${name}"],
+ }
+
+ # Sound support
+ if $sound {
+ if !defined(File["/usr/local/sbin/create-sound-devices"]) {
+ file { "/usr/local/sbin/create-sound-devices":
+ ensure => present,
+ source => "puppet:///modules/nodo/sound/devices.sh",
+ owner => root,
+ group => root,
+ mode => 755,
+ }
+ }
+ exec { "/usr/local/sbin/create-sound-devices ${name}":
+ unless => "/usr/local/sbin/create-sound-devices ${name} --check",
+ user => root,
+ require => [ Exec["vs_create_${name}"], File["/usr/local/sbin/create-sound-devices"] ],
+ }
+ }
+ }
+
+ # Create a munin virtual resource to be realized in the node
+ @@nodo::subsystem::monitor::munin { "${name}":
+ port => $munin_port ? {
+ false => "49$id",
+ default => $munin_port,
+ }
+ }
+
+ # Create a monkeysphere virtual resource to be realized in the node
+ @@nodo::subsystem::monkeysphere { "$name":
+ port => $monkeysphere_ssh_port ? {
+ false => "22$id",
+ default => $monkeysphere_ssh_port,
+ }
+ }
+
+ # Apply firewall rules just for running vservers
+ case $ensure {
+ 'running': {
+ firewall::virtual::ssh { "$name":
+ destination => "192.168.0.$context",
+ port_orig => "22$id",
+ port_dest => "22",
+ }
+
+ firewall::virtual::munin { "$name":
+ destination => "192.168.0.$context",
+ port_orig => "49$id",
+ port_dest => "49$id",
+ }
+
+ if $proxy {
+ class {
+ "firewall::virtual::http": destination => "192.168.0.$context";
+ "firewall::virtual::https": destination => "192.168.0.$context";
+ }
+ }
+
+ if $puppetmaster {
+ class {
+ "firewall::virtual::puppetmaster":
+ destination => "192.168.0.$context",
+ puppetmaster_port => $puppetmaster_port,
+ puppetmaster_nonssl_port => $puppetmaster_nonssl_port,
+ }
+ }
+
+ if $gitd {
+ class {
+ "firewall::virtual::gitd": destination => "192.168.0.$context";
+ }
+ }
+
+ if $icecast {
+ class {
+ "firewall::virtual::icecast": destination => "192.168.0.$context";
+ }
+ }
+
+ if $mail {
+ class {
+ "firewall::virtual::mail": destination => "192.168.0.$context";
+ }
+ }
+
+ if $dns {
+ class {
+ "firewall::virtual::dns": destination => "192.168.0.$context";
+ }
+ }
+
+ if $tor {
+ class {
+ "firewall::virtual::tor": destination => "192.168.0.$context";
+ }
+ }
+
+ if $jabber {
+ class {
+ "firewall::virtual::jabber": destination => "192.168.0.$context";
+ }
+ }
+
+ if $mumble {
+ class {
+ "firewall::virtual::mumble": destination => "192.168.0.$context";
+ }
+ }
+
+ if $gobby {
+ class {
+ "firewall::virtual::gobby": destination => "192.168.0.$context";
+ }
+ }
+
+ if $yacy {
+ class {
+ "firewall::virtual::yacy": destination => "192.168.0.$context";
+ }
+ }
+
+ if $rsync {
+ class {
+ "firewall::virtual::rsync": destination => "192.168.0.$context";
+ }
+ }
+
+ if $avahi {
+ class {
+ "firewall::virtual::mdns": destination => "192.168.0.$context";
+ }
+ }
+ }
+ }
+}