aboutsummaryrefslogtreecommitdiff
path: root/manifests/subsystem/virtual/instance.pp
blob: 6c8335f4ef93c0b1bce8dbca1c0191467ca97c41 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# Define a virtual server instance
define nodo::subsystem::virtual::instance(
  $vg,
  $context,
  $iface,
  $ram                   = '1024',
  $size                  = '10G',
  $ensure                = 'running',
  $implementation        = 'kvmx',
  $shell                 = undef,
  $supervise             = '1',
  $proxy                 = false,
  $web                   = false,
  $gitd                  = false,
  $mail                  = false,
  $icecast               = false,
  $tor                   = false,
  $ticket                = false,
  $dns                   = false,
  $jabber                = false,
  $mumble                = false,
  $gobby                 = false,
  $yacy                  = false,
  $rsync                 = false,
  $avahi                 = false,
  $udev                  = false,
  $subnet                = '10.1.1',
  $sshkey                = '',
  $sshkey_type           = 'ssh-rsa',
  $sshkey_options        = [],
  $initial_user          = 'user',
  $guest_domain          = $::domain,
) {
  # Instance id
  if $context <= 9 {
    $id = "0$context"
  } else {
    $id = $context
  }

  if $implementation == 'kvmx' {
    virtual::kvm::kvmx::instance { $name:
      vg                => $vg,
      size              => $size,
      ram               => $ram,
      udev              => $udev,
      iface             => $iface,
      shell             => $shell,
      supervise         => $supervise,
      initial_user      => $initial_user,
      ip                => "${subnet}.${context}",
      gateway           => "${subnet}.1",
      guest_domain      => $guest_domain,
      ssh_custom_pubkey => "/home/${name}/.ssh/authorized_keys",
      #require          => Ssh_authorized_key["virtual-instance-${name}"],
    }
  }

  if $implementation == 'kvm-manager' {
    virtual::kvm::manager::instance { $name:
      vg    => $vg,
      size  => $size,
      ram   => $ram,
      udev  => $udev,
      iface => $iface,
    }
  }

  ssh_authorized_key { "virtual-instance-${name}":
    ensure  => $sshkey ? {
      ''      => absent,
      default => present,
    },
    key     => $sshkey,
    type    => $sshkey_type,
    options => $sshkey_options,
    user    => $name,
    require => File["/home/${name}"],
  }

  # Apply firewall rules just for running virtual machines
  case $ensure {
    'running': {
      firewall::virtual::ssh { "$name":
        destination => "${subnet}.$context",
        port_orig => "22$id",
        port_dest => "22",
      }

      if $proxy {
        class {
          "firewall::virtual::http":  destination => "${subnet}.$context";
          "firewall::virtual::https": destination => "${subnet}.$context";
        }
      }

      if $web {
        firewall::virtual::web { $name:
          destination => "${subnet}.$context",
        }
      }

      if $gitd {
        class {
          "firewall::virtual::gitd": destination => "${subnet}.$context";
        }
      }

      if $icecast {
        class {
          "firewall::virtual::icecast": destination => "${subnet}.$context";
        }
      }

      if $mail {
        class {
          "firewall::virtual::mail": destination => "${subnet}.$context";
        }
      }

      if $dns {
        class {
          "firewall::virtual::dns": destination => "${subnet}.$context";
        }
      }

      if $tor {
        class {
          "firewall::virtual::tor": destination => "${subnet}.$context";
        }
      }

      if $jabber {
        class {
          "firewall::virtual::jabber": destination => "${subnet}.$context";
        }
      }

      if $mumble {
        class {
          "firewall::virtual::mumble": destination => "${subnet}.$context";
        }
      }

      if $gobby {
        class {
          "firewall::virtual::gobby": destination => "${subnet}.$context";
        }
      }

      if $yacy {
        class {
          "firewall::virtual::yacy": destination => "${subnet}.$context";
        }
      }

      if $rsync {
        class {
          "firewall::virtual::rsync": destination => "${subnet}.$context";
        }
      }

      if $avahi {
        class {
          "firewall::virtual::mdns": destination => "${subnet}.$context";
        }
      }
    }
  }
}