From e209b337264437e5762d2dd7376bbffeb1790d46 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Fri, 11 Sep 2015 21:45:31 -0300
Subject: Move nas and vm definitions into subsystems

---
 manifests/subsystem/vm/instance.pp | 208 +++++++++++++++++++++++++++++++++++++
 1 file changed, 208 insertions(+)
 create mode 100644 manifests/subsystem/vm/instance.pp

(limited to 'manifests/subsystem/vm/instance.pp')

diff --git a/manifests/subsystem/vm/instance.pp b/manifests/subsystem/vm/instance.pp
new file mode 100644
index 0000000..4a2bfeb
--- /dev/null
+++ b/manifests/subsystem/vm/instance.pp
@@ -0,0 +1,208 @@
+# Define a vserver instance
+define nodo::subsystem::vm::instance(
+ $context,
+ $distro                = 'squeeze',
+ $ensure                = 'running',
+ $proxy                 = false,
+ $puppetmaster          = false,
+ $gitd                  = false,
+ $mail                  = false,
+ $icecast               = false,
+ $sound                 = false,
+ $tor                   = false,
+ $ticket                = false,
+ $memory_limit          = false,
+ $dns                   = false,
+ $jabber                = false,
+ $mumble                = false,
+ $gobby                 = false,
+ $yacy                  = false,
+ $rsync                 = false,
+ $avahi                 = false,
+ $munin_port            = false,
+ $monkeysphere_ssh_port = false,
+ $implementation        = false
+) {
+
+  # Instance id
+  if $context <= 9 {
+    $id = "0$context"
+  } else {
+    $id = $context
+  }
+
+  # Puppetmaster ssl port
+  case $puppetmaster_port {
+    '': { $puppetmaster_port = "8140" }
+  }
+
+  # Set puppetmaster non-ssl port
+  case $puppetmaster_nonssl_port {
+    '': { $puppetmaster_nonssl_port = "8141" }
+  }
+
+  # Tor port
+  case $tor_port {
+    '': { $tor_port = "9001" }
+  }
+
+  $dev = hiera('nodo::subsystem::vm::interface', 'eth0')
+
+  if $implementation == 'vserver' {
+    virtual::vserver { $name:
+      ensure       => $ensure,
+      context      => "$context",
+      mark         => 'default',
+      distro       => $distro,
+      interface    => "${dev}:192.168.0.${context}/24",
+      hostname     => "$name.$domain",
+      memory_limit => $memory_limit,
+    }
+
+    # Some nodes need a lot of space at /tmp otherwise some admin
+    # tasks like backups might not run.
+    file { "/etc/vservers/${name}/fstab":
+      source  => [ "puppet:///modules/site_nodo/etc/fstab/vserver/$name",
+                   "puppet:///modules/nodo/etc/fstab/vserver" ],
+      owner   => "root",
+      group   => "root",
+      mode    => 0644,
+      ensure  => present,
+      notify  => Exec["vs_restart_${name}"],
+      require => Exec["vs_create_${name}"],
+    }
+
+    # Sound support
+    if $sound {
+      if !defined(File["/usr/local/sbin/create-sound-devices"]) {
+        file { "/usr/local/sbin/create-sound-devices":
+          ensure => present,
+          source => "puppet:///modules/nodo/sound/devices.sh",
+          owner  => root,
+          group  => root,
+          mode   => 755,
+        }
+      }
+      exec { "/usr/local/sbin/create-sound-devices ${name}":
+        unless  => "/usr/local/sbin/create-sound-devices ${name} --check",
+        user    => root,
+        require => [ Exec["vs_create_${name}"], File["/usr/local/sbin/create-sound-devices"] ],
+      }
+    }
+  }
+
+  # Create a munin virtual resource to be realized in the node
+  @@nodo::subsystem::monitor::munin { "${name}":
+    port => $munin_port ? {
+      false   => "49$id",
+      default => $munin_port,
+    }
+  }
+
+  # Create a monkeysphere virtual resource to be realized in the node
+  @@nodo::subsystem::monkeysphere { "$name":
+    port => $monkeysphere_ssh_port ? {
+      false   => "22$id",
+      default => $monkeysphere_ssh_port,
+    }
+  }
+
+  # Apply firewall rules just for running vservers
+  case $ensure {
+    'running': {
+      firewall::vm::ssh { "$name":
+        destination => "192.168.0.$context",
+        port_orig => "22$id",
+        port_dest => "22",
+      }
+
+      firewall::vm::munin { "$name":
+        destination => "192.168.0.$context",
+        port_orig   => "49$id",
+        port_dest   => "49$id",
+      }
+
+      if $proxy {
+        class {
+          "firewall::vm::http":  destination => "192.168.0.$context";
+          "firewall::vm::https": destination => "192.168.0.$context";
+        }
+      }
+
+      if $puppetmaster {
+        class {
+          "firewall::vm::puppetmaster":
+            destination              => "192.168.0.$context",
+            puppetmaster_port        => $puppetmaster_port,
+            puppetmaster_nonssl_port => $puppetmaster_nonssl_port,
+        }
+      }
+
+      if $gitd {
+        class {
+          "firewall::vm::gitd": destination => "192.168.0.$context";
+        }
+      }
+
+      if $icecast {
+        class {
+          "firewall::vm::icecast": destination => "192.168.0.$context";
+        }
+      }
+
+      if $mail {
+        class {
+          "firewall::vm::mail": destination => "192.168.0.$context";
+        }
+      }
+
+      if $dns {
+        class {
+          "firewall::vm::dns": destination => "192.168.0.$context";
+        }
+      }
+
+      if $tor {
+        class {
+          "firewall::vm::tor": destination => "192.168.0.$context";
+        }
+      }
+
+      if $jabber {
+        class {
+          "firewall::vm::jabber": destination => "192.168.0.$context";
+        }
+      }
+
+      if $mumble {
+        class {
+          "firewall::vm::mumble": destination => "192.168.0.$context";
+        }
+      }
+
+      if $gobby {
+        class {
+          "firewall::vm::gobby": destination => "192.168.0.$context";
+        }
+      }
+
+      if $yacy {
+        class {
+          "firewall::vm::yacy": destination => "192.168.0.$context";
+        }
+      }
+
+      if $rsync {
+        class {
+          "firewall::vm::rsync": destination => "192.168.0.$context";
+        }
+      }
+
+      if $avahi {
+        class {
+          "firewall::vm::mdns": destination => "192.168.0.$context";
+        }
+      }
+    }
+  }
+}
-- 
cgit v1.2.3