aboutsummaryrefslogtreecommitdiff
path: root/manifests/vserver.pp
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/vserver.pp')
-rw-r--r--manifests/vserver.pp190
1 files changed, 0 insertions, 190 deletions
diff --git a/manifests/vserver.pp b/manifests/vserver.pp
index 8cebffe..94c10ee 100644
--- a/manifests/vserver.pp
+++ b/manifests/vserver.pp
@@ -53,194 +53,4 @@ class nodo::vserver inherits nodo {
}
}
- # Define a vserver instance
- define instance($context, $ensure = 'running', $proxy = false,
- $puppetmaster = false, $gitd = false, $mail = false,
- $icecast = false, $sound = false, $tor = false,
- $ticket = false, $memory_limit = false, $distro = 'squeeze',
- $dns = false, $munin_port = false, $monkeysphere_ssh_port = false,
- $jabber = false, $mumble = false, $gobby = false, $yacy = false, $rsync = false) {
-
- # set instance id
- if $context <= 9 {
- $id = "0$context"
- } else {
- $id = $context
- }
-
- # set puppetmaster ssl port
- case $puppetmaster_port {
- '': { $puppetmaster_port = "8140" }
- }
-
- # set puppetmaster non-ssl port
- case $puppetmaster_nonssl_port {
- '': { $puppetmaster_nonssl_port = "8141" }
- }
-
- # set tor port
- case $tor_port {
- '': { $tor_port = "9001" }
- }
-
- vserver { $name:
- ensure => $ensure,
- context => "$context",
- mark => 'default',
- distro => $distro,
- interface => "eth0:192.168.0.$context/24",
- hostname => "$name.$domain",
- memory_limit => $memory_limit,
- }
-
- # Some nodes need a lot of space at /tmp otherwise some admin
- # tasks like backups might not run.
- file { "/etc/vservers/${name}/fstab":
- source => [ "puppet:///modules/site-nodo/etc/fstab/vserver/$name",
- "puppet:///modules/nodo/etc/fstab/vserver" ],
- owner => "root",
- group => "root",
- mode => 0644,
- ensure => present,
- notify => Exec["vs_restart_${name}"],
- require => Exec["vs_create_${name}"],
- }
-
- # Create a munin virtual resource to be realized in the node
- @@munin_node { "$name":
- port => $munin_port ? {
- false => "49$id",
- default => $munin_port,
- }
- }
-
- # Create a monkeysphere virtual resource to be realized in the node
- @@monkeysphere_host { "$name":
- port => $monkeysphere_ssh_port ? {
- false => "22$id",
- default => $monkeysphere_ssh_port,
- }
- }
-
- # Sound support
- if $sound {
- if !defined(File["/usr/local/sbin/create-sound-devices"]) {
- file { "/usr/local/sbin/create-sound-devices":
- ensure => present,
- source => "puppet:///modules/nodo/sound/devices.sh",
- owner => root,
- group => root,
- mode => 755,
- }
- }
- exec { "/usr/local/sbin/create-sound-devices ${name}":
- unless => "/usr/local/sbin/create-sound-devices ${name} --check",
- user => root,
- require => [ Exec["vs_create_${name}"], File["/usr/local/sbin/create-sound-devices"] ],
- }
- }
-
- # SSL computational DoS mitigation
- # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
- $firewall_ssl_ratelimit = $firewall_ssl_ratelimit ? {
- '' => $firewall_global_ssl_ratelimit ? {
- '' => '-',
- default => $firewall_global_ssl_ratelimit,
- },
- default => $firewall_ssl_ratelimit,
- }
-
- # Apply firewall rules just for running vservers
- case $ensure {
- 'running': {
- firewall::vserver::ssh { "$name":
- destination => "192.168.0.$context",
- port_orig => "22$id",
- port_dest => "22",
- }
-
- firewall::vserver::munin { "$name":
- destination => "192.168.0.$context",
- port_orig => "49$id",
- port_dest => "49$id",
- }
-
- if $proxy {
- class {
- "firewall::vserver::http": destination => "192.168.0.$context";
- "firewall::vserver::https": destination => "192.168.0.$context";
- }
- }
-
- if $puppetmaster {
- class {
- "firewall::vserver::puppetmaster":
- destination => "192.168.0.$context",
- puppetmaster_port => $puppetmaster_port,
- puppetmaster_nonssl_port => $puppetmaster_nonssl_port,
- }
- }
-
- if $gitd {
- class {
- "firewall::vserver::gitd": destination => "192.168.0.$context";
- }
- }
-
- if $icecast {
- class {
- "firewall::vserver::icecast": destination => "192.168.0.$context";
- }
- }
-
- if $mail {
- class {
- "firewall::vserver::mail": destination => "192.168.0.$context";
- }
- }
-
- if $dns {
- class {
- "firewall::vserver::dns": destination => "192.168.0.$context";
- }
- }
-
- if $tor {
- class {
- "firewall::vserver::tor": destination => "192.168.0.$context";
- }
- }
-
- if $jabber {
- class {
- "firewall::vserver::jabber": destination => "192.168.0.$context";
- }
- }
-
- if $mumble {
- class {
- "firewall::vserver::mumble": destination => "192.168.0.$context";
- }
- }
-
- if $gobby {
- class {
- "firewall::vserver::gobby": destination => "192.168.0.$context";
- }
- }
-
- if $yacy {
- class {
- "firewall::vserver::yacy": destination => "192.168.0.$context";
- }
- }
-
- if $rsync {
- class {
- "firewall::vserver::rsync": destination => "192.168.0.$context";
- }
- }
- }
- }
- }
}