diff options
Diffstat (limited to 'manifests/subsystem/virtual')
-rw-r--r-- | manifests/subsystem/virtual/instance.pp | 207 |
1 files changed, 207 insertions, 0 deletions
diff --git a/manifests/subsystem/virtual/instance.pp b/manifests/subsystem/virtual/instance.pp new file mode 100644 index 0000000..726752f --- /dev/null +++ b/manifests/subsystem/virtual/instance.pp @@ -0,0 +1,207 @@ +# Define a virtual server instance +define nodo::subsystem::virtual::instance( + $context, + $distro = 'jessie', + $ensure = 'running', + $proxy = false, + $puppetmaster = false, + $gitd = false, + $mail = false, + $icecast = false, + $sound = false, + $tor = false, + $ticket = false, + $memory_limit = false, + $dns = false, + $jabber = false, + $mumble = false, + $gobby = false, + $yacy = false, + $rsync = false, + $avahi = false, + $munin_port = false, + $monkeysphere_ssh_port = false, + $implementation = false +) { + # Instance id + if $context <= 9 { + $id = "0$context" + } else { + $id = $context + } + + # Puppetmaster ssl port + case $puppetmaster_port { + '': { $puppetmaster_port = "8140" } + } + + # Set puppetmaster non-ssl port + case $puppetmaster_nonssl_port { + '': { $puppetmaster_nonssl_port = "8141" } + } + + # Tor port + case $tor_port { + '': { $tor_port = "9001" } + } + + $dev = hiera('nodo::subsystem::vm::interface', 'eth0') + + if $implementation == 'vserver' { + virtual::vserver { $name: + ensure => $ensure, + context => "$context", + mark => 'default', + distro => $distro, + interface => "${dev}:192.168.0.${context}/24", + hostname => "$name.$domain", + memory_limit => $memory_limit, + } + + # Some nodes need a lot of space at /tmp otherwise some admin + # tasks like backups might not run. + file { "/etc/vservers/${name}/fstab": + source => [ "puppet:///modules/site_nodo/etc/fstab/vserver/$name", + "puppet:///modules/nodo/etc/fstab/vserver" ], + owner => "root", + group => "root", + mode => 0644, + ensure => present, + notify => Exec["vs_restart_${name}"], + require => Exec["vs_create_${name}"], + } + + # Sound support + if $sound { + if !defined(File["/usr/local/sbin/create-sound-devices"]) { + file { "/usr/local/sbin/create-sound-devices": + ensure => present, + source => "puppet:///modules/nodo/sound/devices.sh", + owner => root, + group => root, + mode => 755, + } + } + exec { "/usr/local/sbin/create-sound-devices ${name}": + unless => "/usr/local/sbin/create-sound-devices ${name} --check", + user => root, + require => [ Exec["vs_create_${name}"], File["/usr/local/sbin/create-sound-devices"] ], + } + } + } + + # Create a munin virtual resource to be realized in the node + @@nodo::subsystem::monitor::munin { "${name}": + port => $munin_port ? { + false => "49$id", + default => $munin_port, + } + } + + # Create a monkeysphere virtual resource to be realized in the node + @@nodo::subsystem::monkeysphere { "$name": + port => $monkeysphere_ssh_port ? { + false => "22$id", + default => $monkeysphere_ssh_port, + } + } + + # Apply firewall rules just for running vservers + case $ensure { + 'running': { + firewall::virtual::ssh { "$name": + destination => "192.168.0.$context", + port_orig => "22$id", + port_dest => "22", + } + + firewall::virtual::munin { "$name": + destination => "192.168.0.$context", + port_orig => "49$id", + port_dest => "49$id", + } + + if $proxy { + class { + "firewall::virtual::http": destination => "192.168.0.$context"; + "firewall::virtual::https": destination => "192.168.0.$context"; + } + } + + if $puppetmaster { + class { + "firewall::virtual::puppetmaster": + destination => "192.168.0.$context", + puppetmaster_port => $puppetmaster_port, + puppetmaster_nonssl_port => $puppetmaster_nonssl_port, + } + } + + if $gitd { + class { + "firewall::virtual::gitd": destination => "192.168.0.$context"; + } + } + + if $icecast { + class { + "firewall::virtual::icecast": destination => "192.168.0.$context"; + } + } + + if $mail { + class { + "firewall::virtual::mail": destination => "192.168.0.$context"; + } + } + + if $dns { + class { + "firewall::virtual::dns": destination => "192.168.0.$context"; + } + } + + if $tor { + class { + "firewall::virtual::tor": destination => "192.168.0.$context"; + } + } + + if $jabber { + class { + "firewall::virtual::jabber": destination => "192.168.0.$context"; + } + } + + if $mumble { + class { + "firewall::virtual::mumble": destination => "192.168.0.$context"; + } + } + + if $gobby { + class { + "firewall::virtual::gobby": destination => "192.168.0.$context"; + } + } + + if $yacy { + class { + "firewall::virtual::yacy": destination => "192.168.0.$context"; + } + } + + if $rsync { + class { + "firewall::virtual::rsync": destination => "192.168.0.$context"; + } + } + + if $avahi { + class { + "firewall::virtual::mdns": destination => "192.168.0.$context"; + } + } + } + } +} |