From e209b337264437e5762d2dd7376bbffeb1790d46 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 11 Sep 2015 21:45:31 -0300 Subject: Move nas and vm definitions into subsystems --- manifests/nas/share.pp | 109 ------------------- manifests/subsystem/nas/share.pp | 109 +++++++++++++++++++ manifests/subsystem/vm/instance.pp | 208 +++++++++++++++++++++++++++++++++++++ manifests/vserver/instance.pp | 205 ------------------------------------ 4 files changed, 317 insertions(+), 314 deletions(-) delete mode 100644 manifests/nas/share.pp create mode 100644 manifests/subsystem/nas/share.pp create mode 100644 manifests/subsystem/vm/instance.pp delete mode 100644 manifests/vserver/instance.pp (limited to 'manifests') diff --git a/manifests/nas/share.pp b/manifests/nas/share.pp deleted file mode 100644 index 1aec898..0000000 --- a/manifests/nas/share.pp +++ /dev/null @@ -1,109 +0,0 @@ -# Share a folder pubicly using FTP, Samba, NFS, DLNA, etc. -define nodo::nas::share( - $description, - $folder, - $owner = '', - $group = '', - $mode = '', - $dlna_type = '', - $nfs_export_target = '127.0.0.1', - $nfs_export_options = 'ro,sync,no_subtree_check', - $samba_guest_only = true, - $samba_guest_ok = true, - $samba_force_user = '', - $samba_force_group = '', - $samba_read_only = '', - $samba_writable = '', - $samba_create_mask = '0644', - $samba_directory_mask = '0755', - $manage_folder = true -) { - - # DLNA share - if $dlna_type != '' { - minidlna::share { $folder: - type => $dlna_type ? { - 'all' => undef, - default => $dlna_type, - }, - } - } - - # Samba share - samba::server::share { $name: - comment => $description, - path => $folder, - guest_only => $samba_guest_only, - guest_ok => $samba_guest_ok, - guest_account => $samba_guest_account, - force_user => $samba_force_user ? { - '' => undef, - default => $samba_force_user, - }, - force_group => $samba_force_group ? { - '' => undef, - default => $samba_force_group, - }, - read_only => $samba_read_only ? { - '' => undef, - default => $samba_read_only, - }, - writable => $samba_writable ? { - '' => undef, - default => $samba_writable, - }, - create_mask => $samba_create_mask ? { - '' => undef, - default => $samba_create_mask, - }, - directory_mask => $samba_directory_mask ? { - '' => undef, - default => $samba_directory_mask, - }, - browsable => true, - } - - # NFS export - nfs::export { $name: - export_directory => $folder, - export_target => $nfs_export_target, - export_options => $nfs_export_options, - } - - # HTTP and FTP symlinks to media assets - file { [ "/var/www/data/${name}", "/home/ftp/${name}" ]: - ensure => $folder, - require => File['/var/www/data', '/home/ftp'], - } - - # Avahi service - file { "/etc/avahi/services/nfs-${name}.service": - ensure => present, - owner => root, - group => root, - mode => 0644, - source => "puppet:///modules/site_avahi/services/nfs-${name}.service", - notify => Service['avahi-daemon'], - } - - # Make sure basic media exist, no matter which disk is attached - $cache = hiera('nodo::subsystem::media::folders::base', '/var/cache/media') - - if $cache != '' and $manage_folder != false { - file { [ "${cache}/${name}" ]: - ensure => directory, - owner => $owner ? { - '' => undef, - default => $owner, - }, - group => $group ? { - '' => undef, - default => $group, - }, - mode => $mode ? { - '' => undef, - default => $mode, - }, - } - } -} diff --git a/manifests/subsystem/nas/share.pp b/manifests/subsystem/nas/share.pp new file mode 100644 index 0000000..43922b7 --- /dev/null +++ b/manifests/subsystem/nas/share.pp @@ -0,0 +1,109 @@ +# Share a folder pubicly using FTP, Samba, NFS, DLNA, etc. +define nodo::subsystem::nas::share( + $description, + $folder, + $owner = '', + $group = '', + $mode = '', + $dlna_type = '', + $nfs_export_target = '127.0.0.1', + $nfs_export_options = 'ro,sync,no_subtree_check', + $samba_guest_only = true, + $samba_guest_ok = true, + $samba_force_user = '', + $samba_force_group = '', + $samba_read_only = '', + $samba_writable = '', + $samba_create_mask = '0644', + $samba_directory_mask = '0755', + $manage_folder = true +) { + + # DLNA share + if $dlna_type != '' { + minidlna::share { $folder: + type => $dlna_type ? { + 'all' => undef, + default => $dlna_type, + }, + } + } + + # Samba share + samba::server::share { $name: + comment => $description, + path => $folder, + guest_only => $samba_guest_only, + guest_ok => $samba_guest_ok, + guest_account => $samba_guest_account, + force_user => $samba_force_user ? { + '' => undef, + default => $samba_force_user, + }, + force_group => $samba_force_group ? { + '' => undef, + default => $samba_force_group, + }, + read_only => $samba_read_only ? { + '' => undef, + default => $samba_read_only, + }, + writable => $samba_writable ? { + '' => undef, + default => $samba_writable, + }, + create_mask => $samba_create_mask ? { + '' => undef, + default => $samba_create_mask, + }, + directory_mask => $samba_directory_mask ? { + '' => undef, + default => $samba_directory_mask, + }, + browsable => true, + } + + # NFS export + nfs::export { $name: + export_directory => $folder, + export_target => $nfs_export_target, + export_options => $nfs_export_options, + } + + # HTTP and FTP symlinks to media assets + file { [ "/var/www/data/${name}", "/home/ftp/${name}" ]: + ensure => $folder, + require => File['/var/www/data', '/home/ftp'], + } + + # Avahi service + file { "/etc/avahi/services/nfs-${name}.service": + ensure => present, + owner => root, + group => root, + mode => 0644, + source => "puppet:///modules/site_avahi/services/nfs-${name}.service", + notify => Service['avahi-daemon'], + } + + # Make sure basic media exist, no matter which disk is attached + $cache = hiera('nodo::subsystem::media::folders::base', '/var/cache/media') + + if $cache != '' and $manage_folder != false { + file { [ "${cache}/${name}" ]: + ensure => directory, + owner => $owner ? { + '' => undef, + default => $owner, + }, + group => $group ? { + '' => undef, + default => $group, + }, + mode => $mode ? { + '' => undef, + default => $mode, + }, + } + } +} diff --git a/manifests/subsystem/vm/instance.pp b/manifests/subsystem/vm/instance.pp new file mode 100644 index 0000000..4a2bfeb --- /dev/null +++ b/manifests/subsystem/vm/instance.pp @@ -0,0 +1,208 @@ +# Define a vserver instance +define nodo::subsystem::vm::instance( + $context, + $distro = 'squeeze', + $ensure = 'running', + $proxy = false, + $puppetmaster = false, + $gitd = false, + $mail = false, + $icecast = false, + $sound = false, + $tor = false, + $ticket = false, + $memory_limit = false, + $dns = false, + $jabber = false, + $mumble = false, + $gobby = false, + $yacy = false, + $rsync = false, + $avahi = false, + $munin_port = false, + $monkeysphere_ssh_port = false, + $implementation = false +) { + + # Instance id + if $context <= 9 { + $id = "0$context" + } else { + $id = $context + } + + # Puppetmaster ssl port + case $puppetmaster_port { + '': { $puppetmaster_port = "8140" } + } + + # Set puppetmaster non-ssl port + case $puppetmaster_nonssl_port { + '': { $puppetmaster_nonssl_port = "8141" } + } + + # Tor port + case $tor_port { + '': { $tor_port = "9001" } + } + + $dev = hiera('nodo::subsystem::vm::interface', 'eth0') + + if $implementation == 'vserver' { + virtual::vserver { $name: + ensure => $ensure, + context => "$context", + mark => 'default', + distro => $distro, + interface => "${dev}:192.168.0.${context}/24", + hostname => "$name.$domain", + memory_limit => $memory_limit, + } + + # Some nodes need a lot of space at /tmp otherwise some admin + # tasks like backups might not run. + file { "/etc/vservers/${name}/fstab": + source => [ "puppet:///modules/site_nodo/etc/fstab/vserver/$name", + "puppet:///modules/nodo/etc/fstab/vserver" ], + owner => "root", + group => "root", + mode => 0644, + ensure => present, + notify => Exec["vs_restart_${name}"], + require => Exec["vs_create_${name}"], + } + + # Sound support + if $sound { + if !defined(File["/usr/local/sbin/create-sound-devices"]) { + file { "/usr/local/sbin/create-sound-devices": + ensure => present, + source => "puppet:///modules/nodo/sound/devices.sh", + owner => root, + group => root, + mode => 755, + } + } + exec { "/usr/local/sbin/create-sound-devices ${name}": + unless => "/usr/local/sbin/create-sound-devices ${name} --check", + user => root, + require => [ Exec["vs_create_${name}"], File["/usr/local/sbin/create-sound-devices"] ], + } + } + } + + # Create a munin virtual resource to be realized in the node + @@nodo::subsystem::monitor::munin { "${name}": + port => $munin_port ? { + false => "49$id", + default => $munin_port, + } + } + + # Create a monkeysphere virtual resource to be realized in the node + @@nodo::subsystem::monkeysphere { "$name": + port => $monkeysphere_ssh_port ? { + false => "22$id", + default => $monkeysphere_ssh_port, + } + } + + # Apply firewall rules just for running vservers + case $ensure { + 'running': { + firewall::vm::ssh { "$name": + destination => "192.168.0.$context", + port_orig => "22$id", + port_dest => "22", + } + + firewall::vm::munin { "$name": + destination => "192.168.0.$context", + port_orig => "49$id", + port_dest => "49$id", + } + + if $proxy { + class { + "firewall::vm::http": destination => "192.168.0.$context"; + "firewall::vm::https": destination => "192.168.0.$context"; + } + } + + if $puppetmaster { + class { + "firewall::vm::puppetmaster": + destination => "192.168.0.$context", + puppetmaster_port => $puppetmaster_port, + puppetmaster_nonssl_port => $puppetmaster_nonssl_port, + } + } + + if $gitd { + class { + "firewall::vm::gitd": destination => "192.168.0.$context"; + } + } + + if $icecast { + class { + "firewall::vm::icecast": destination => "192.168.0.$context"; + } + } + + if $mail { + class { + "firewall::vm::mail": destination => "192.168.0.$context"; + } + } + + if $dns { + class { + "firewall::vm::dns": destination => "192.168.0.$context"; + } + } + + if $tor { + class { + "firewall::vm::tor": destination => "192.168.0.$context"; + } + } + + if $jabber { + class { + "firewall::vm::jabber": destination => "192.168.0.$context"; + } + } + + if $mumble { + class { + "firewall::vm::mumble": destination => "192.168.0.$context"; + } + } + + if $gobby { + class { + "firewall::vm::gobby": destination => "192.168.0.$context"; + } + } + + if $yacy { + class { + "firewall::vm::yacy": destination => "192.168.0.$context"; + } + } + + if $rsync { + class { + "firewall::vm::rsync": destination => "192.168.0.$context"; + } + } + + if $avahi { + class { + "firewall::vm::mdns": destination => "192.168.0.$context"; + } + } + } + } +} diff --git a/manifests/vserver/instance.pp b/manifests/vserver/instance.pp deleted file mode 100644 index 23cebb1..0000000 --- a/manifests/vserver/instance.pp +++ /dev/null @@ -1,205 +0,0 @@ -# Define a vserver instance -define nodo::vserver::instance( - $context, - $distro = 'squeeze', - $ensure = 'running', - $proxy = false, - $puppetmaster = false, - $gitd = false, - $mail = false, - $icecast = false, - $sound = false, - $tor = false, - $ticket = false, - $memory_limit = false, - $dns = false, - $jabber = false, - $mumble = false, - $gobby = false, - $yacy = false, - $rsync = false, - $avahi = false, - $munin_port = false, - $monkeysphere_ssh_port = false -) { - - # Instance id - if $context <= 9 { - $id = "0$context" - } else { - $id = $context - } - - # Puppetmaster ssl port - case $puppetmaster_port { - '': { $puppetmaster_port = "8140" } - } - - # Set puppetmaster non-ssl port - case $puppetmaster_nonssl_port { - '': { $puppetmaster_nonssl_port = "8141" } - } - - # Tor port - case $tor_port { - '': { $tor_port = "9001" } - } - - $dev = hiera('nodo::vserver::interface', 'eth0') - - virtual::vserver { $name: - ensure => $ensure, - context => "$context", - mark => 'default', - distro => $distro, - interface => "${dev}:192.168.0.${context}/24", - hostname => "$name.$domain", - memory_limit => $memory_limit, - } - - # Some nodes need a lot of space at /tmp otherwise some admin - # tasks like backups might not run. - file { "/etc/vservers/${name}/fstab": - source => [ "puppet:///modules/site_nodo/etc/fstab/vserver/$name", - "puppet:///modules/nodo/etc/fstab/vserver" ], - owner => "root", - group => "root", - mode => 0644, - ensure => present, - notify => Exec["vs_restart_${name}"], - require => Exec["vs_create_${name}"], - } - - # Create a munin virtual resource to be realized in the node - @@nodo::subsystem::monitor::munin { "${name}": - port => $munin_port ? { - false => "49$id", - default => $munin_port, - } - } - - # Create a monkeysphere virtual resource to be realized in the node - @@nodo::subsystem::monkeysphere { "$name": - port => $monkeysphere_ssh_port ? { - false => "22$id", - default => $monkeysphere_ssh_port, - } - } - - # Sound support - if $sound { - if !defined(File["/usr/local/sbin/create-sound-devices"]) { - file { "/usr/local/sbin/create-sound-devices": - ensure => present, - source => "puppet:///modules/nodo/sound/devices.sh", - owner => root, - group => root, - mode => 755, - } - } - exec { "/usr/local/sbin/create-sound-devices ${name}": - unless => "/usr/local/sbin/create-sound-devices ${name} --check", - user => root, - require => [ Exec["vs_create_${name}"], File["/usr/local/sbin/create-sound-devices"] ], - } - } - - # Apply firewall rules just for running vservers - case $ensure { - 'running': { - firewall::vserver::ssh { "$name": - destination => "192.168.0.$context", - port_orig => "22$id", - port_dest => "22", - } - - firewall::vserver::munin { "$name": - destination => "192.168.0.$context", - port_orig => "49$id", - port_dest => "49$id", - } - - if $proxy { - class { - "firewall::vserver::http": destination => "192.168.0.$context"; - "firewall::vserver::https": destination => "192.168.0.$context"; - } - } - - if $puppetmaster { - class { - "firewall::vserver::puppetmaster": - destination => "192.168.0.$context", - puppetmaster_port => $puppetmaster_port, - puppetmaster_nonssl_port => $puppetmaster_nonssl_port, - } - } - - if $gitd { - class { - "firewall::vserver::gitd": destination => "192.168.0.$context"; - } - } - - if $icecast { - class { - "firewall::vserver::icecast": destination => "192.168.0.$context"; - } - } - - if $mail { - class { - "firewall::vserver::mail": destination => "192.168.0.$context"; - } - } - - if $dns { - class { - "firewall::vserver::dns": destination => "192.168.0.$context"; - } - } - - if $tor { - class { - "firewall::vserver::tor": destination => "192.168.0.$context"; - } - } - - if $jabber { - class { - "firewall::vserver::jabber": destination => "192.168.0.$context"; - } - } - - if $mumble { - class { - "firewall::vserver::mumble": destination => "192.168.0.$context"; - } - } - - if $gobby { - class { - "firewall::vserver::gobby": destination => "192.168.0.$context"; - } - } - - if $yacy { - class { - "firewall::vserver::yacy": destination => "192.168.0.$context"; - } - } - - if $rsync { - class { - "firewall::vserver::rsync": destination => "192.168.0.$context"; - } - } - - if $avahi { - class { - "firewall::vserver::mdns": destination => "192.168.0.$context"; - } - } - } - } -} -- cgit v1.2.3