diff options
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/vserver.pp | 190 | ||||
-rw-r--r-- | manifests/vserver/instance.pp | 190 |
2 files changed, 190 insertions, 190 deletions
diff --git a/manifests/vserver.pp b/manifests/vserver.pp index 8cebffe..94c10ee 100644 --- a/manifests/vserver.pp +++ b/manifests/vserver.pp @@ -53,194 +53,4 @@ class nodo::vserver inherits nodo { } } - # Define a vserver instance - define instance($context, $ensure = 'running', $proxy = false, - $puppetmaster = false, $gitd = false, $mail = false, - $icecast = false, $sound = false, $tor = false, - $ticket = false, $memory_limit = false, $distro = 'squeeze', - $dns = false, $munin_port = false, $monkeysphere_ssh_port = false, - $jabber = false, $mumble = false, $gobby = false, $yacy = false, $rsync = false) { - - # set instance id - if $context <= 9 { - $id = "0$context" - } else { - $id = $context - } - - # set puppetmaster ssl port - case $puppetmaster_port { - '': { $puppetmaster_port = "8140" } - } - - # set puppetmaster non-ssl port - case $puppetmaster_nonssl_port { - '': { $puppetmaster_nonssl_port = "8141" } - } - - # set tor port - case $tor_port { - '': { $tor_port = "9001" } - } - - vserver { $name: - ensure => $ensure, - context => "$context", - mark => 'default', - distro => $distro, - interface => "eth0:192.168.0.$context/24", - hostname => "$name.$domain", - memory_limit => $memory_limit, - } - - # Some nodes need a lot of space at /tmp otherwise some admin - # tasks like backups might not run. - file { "/etc/vservers/${name}/fstab": - source => [ "puppet:///modules/site-nodo/etc/fstab/vserver/$name", - "puppet:///modules/nodo/etc/fstab/vserver" ], - owner => "root", - group => "root", - mode => 0644, - ensure => present, - notify => Exec["vs_restart_${name}"], - require => Exec["vs_create_${name}"], - } - - # Create a munin virtual resource to be realized in the node - @@munin_node { "$name": - port => $munin_port ? { - false => "49$id", - default => $munin_port, - } - } - - # Create a monkeysphere virtual resource to be realized in the node - @@monkeysphere_host { "$name": - port => $monkeysphere_ssh_port ? { - false => "22$id", - default => $monkeysphere_ssh_port, - } - } - - # Sound support - if $sound { - if !defined(File["/usr/local/sbin/create-sound-devices"]) { - file { "/usr/local/sbin/create-sound-devices": - ensure => present, - source => "puppet:///modules/nodo/sound/devices.sh", - owner => root, - group => root, - mode => 755, - } - } - exec { "/usr/local/sbin/create-sound-devices ${name}": - unless => "/usr/local/sbin/create-sound-devices ${name} --check", - user => root, - require => [ Exec["vs_create_${name}"], File["/usr/local/sbin/create-sound-devices"] ], - } - } - - # SSL computational DoS mitigation - # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html - $firewall_ssl_ratelimit = $firewall_ssl_ratelimit ? { - '' => $firewall_global_ssl_ratelimit ? { - '' => '-', - default => $firewall_global_ssl_ratelimit, - }, - default => $firewall_ssl_ratelimit, - } - - # Apply firewall rules just for running vservers - case $ensure { - 'running': { - firewall::vserver::ssh { "$name": - destination => "192.168.0.$context", - port_orig => "22$id", - port_dest => "22", - } - - firewall::vserver::munin { "$name": - destination => "192.168.0.$context", - port_orig => "49$id", - port_dest => "49$id", - } - - if $proxy { - class { - "firewall::vserver::http": destination => "192.168.0.$context"; - "firewall::vserver::https": destination => "192.168.0.$context"; - } - } - - if $puppetmaster { - class { - "firewall::vserver::puppetmaster": - destination => "192.168.0.$context", - puppetmaster_port => $puppetmaster_port, - puppetmaster_nonssl_port => $puppetmaster_nonssl_port, - } - } - - if $gitd { - class { - "firewall::vserver::gitd": destination => "192.168.0.$context"; - } - } - - if $icecast { - class { - "firewall::vserver::icecast": destination => "192.168.0.$context"; - } - } - - if $mail { - class { - "firewall::vserver::mail": destination => "192.168.0.$context"; - } - } - - if $dns { - class { - "firewall::vserver::dns": destination => "192.168.0.$context"; - } - } - - if $tor { - class { - "firewall::vserver::tor": destination => "192.168.0.$context"; - } - } - - if $jabber { - class { - "firewall::vserver::jabber": destination => "192.168.0.$context"; - } - } - - if $mumble { - class { - "firewall::vserver::mumble": destination => "192.168.0.$context"; - } - } - - if $gobby { - class { - "firewall::vserver::gobby": destination => "192.168.0.$context"; - } - } - - if $yacy { - class { - "firewall::vserver::yacy": destination => "192.168.0.$context"; - } - } - - if $rsync { - class { - "firewall::vserver::rsync": destination => "192.168.0.$context"; - } - } - } - } - } } diff --git a/manifests/vserver/instance.pp b/manifests/vserver/instance.pp new file mode 100644 index 0000000..c2ad6e9 --- /dev/null +++ b/manifests/vserver/instance.pp @@ -0,0 +1,190 @@ +# Define a vserver instance +define vserver::instance($context, $ensure = 'running', $proxy = false, + $puppetmaster = false, $gitd = false, $mail = false, + $icecast = false, $sound = false, $tor = false, + $ticket = false, $memory_limit = false, $distro = 'squeeze', + $dns = false, $munin_port = false, $monkeysphere_ssh_port = false, + $jabber = false, $mumble = false, $gobby = false, $yacy = false, $rsync = false) { + + # set instance id + if $context <= 9 { + $id = "0$context" + } else { + $id = $context + } + + # set puppetmaster ssl port + case $puppetmaster_port { + '': { $puppetmaster_port = "8140" } + } + + # set puppetmaster non-ssl port + case $puppetmaster_nonssl_port { + '': { $puppetmaster_nonssl_port = "8141" } + } + + # set tor port + case $tor_port { + '': { $tor_port = "9001" } + } + + vserver { $name: + ensure => $ensure, + context => "$context", + mark => 'default', + distro => $distro, + interface => "eth0:192.168.0.$context/24", + hostname => "$name.$domain", + memory_limit => $memory_limit, + } + + # Some nodes need a lot of space at /tmp otherwise some admin + # tasks like backups might not run. + file { "/etc/vservers/${name}/fstab": + source => [ "puppet:///modules/site-nodo/etc/fstab/vserver/$name", + "puppet:///modules/nodo/etc/fstab/vserver" ], + owner => "root", + group => "root", + mode => 0644, + ensure => present, + notify => Exec["vs_restart_${name}"], + require => Exec["vs_create_${name}"], + } + + # Create a munin virtual resource to be realized in the node + @@munin_node { "$name": + port => $munin_port ? { + false => "49$id", + default => $munin_port, + } + } + + # Create a monkeysphere virtual resource to be realized in the node + @@monkeysphere_host { "$name": + port => $monkeysphere_ssh_port ? { + false => "22$id", + default => $monkeysphere_ssh_port, + } + } + + # Sound support + if $sound { + if !defined(File["/usr/local/sbin/create-sound-devices"]) { + file { "/usr/local/sbin/create-sound-devices": + ensure => present, + source => "puppet:///modules/nodo/sound/devices.sh", + owner => root, + group => root, + mode => 755, + } + } + exec { "/usr/local/sbin/create-sound-devices ${name}": + unless => "/usr/local/sbin/create-sound-devices ${name} --check", + user => root, + require => [ Exec["vs_create_${name}"], File["/usr/local/sbin/create-sound-devices"] ], + } + } + + # SSL computational DoS mitigation + # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html + $firewall_ssl_ratelimit = $firewall_ssl_ratelimit ? { + '' => $firewall_global_ssl_ratelimit ? { + '' => '-', + default => $firewall_global_ssl_ratelimit, + }, + default => $firewall_ssl_ratelimit, + } + + # Apply firewall rules just for running vservers + case $ensure { + 'running': { + firewall::vserver::ssh { "$name": + destination => "192.168.0.$context", + port_orig => "22$id", + port_dest => "22", + } + + firewall::vserver::munin { "$name": + destination => "192.168.0.$context", + port_orig => "49$id", + port_dest => "49$id", + } + + if $proxy { + class { + "firewall::vserver::http": destination => "192.168.0.$context"; + "firewall::vserver::https": destination => "192.168.0.$context"; + } + } + + if $puppetmaster { + class { + "firewall::vserver::puppetmaster": + destination => "192.168.0.$context", + puppetmaster_port => $puppetmaster_port, + puppetmaster_nonssl_port => $puppetmaster_nonssl_port, + } + } + + if $gitd { + class { + "firewall::vserver::gitd": destination => "192.168.0.$context"; + } + } + + if $icecast { + class { + "firewall::vserver::icecast": destination => "192.168.0.$context"; + } + } + + if $mail { + class { + "firewall::vserver::mail": destination => "192.168.0.$context"; + } + } + + if $dns { + class { + "firewall::vserver::dns": destination => "192.168.0.$context"; + } + } + + if $tor { + class { + "firewall::vserver::tor": destination => "192.168.0.$context"; + } + } + + if $jabber { + class { + "firewall::vserver::jabber": destination => "192.168.0.$context"; + } + } + + if $mumble { + class { + "firewall::vserver::mumble": destination => "192.168.0.$context"; + } + } + + if $gobby { + class { + "firewall::vserver::gobby": destination => "192.168.0.$context"; + } + } + + if $yacy { + class { + "firewall::vserver::yacy": destination => "192.168.0.$context"; + } + } + + if $rsync { + class { + "firewall::vserver::rsync": destination => "192.168.0.$context"; + } + } + } + } +} |