aboutsummaryrefslogtreecommitdiff
path: root/manifests/vserver
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2015-03-24 15:36:27 -0300
committerSilvio Rhatto <rhatto@riseup.net>2015-03-24 15:36:27 -0300
commitbecba25bf7e547f3550ce05fb1aeb9c8f9283135 (patch)
tree98299ec9460d952d24df09ce1c52f72d7e153bf4 /manifests/vserver
parentc2e477d0a8667bc3a983105421d5c048faa31661 (diff)
downloadpuppet-virtual-becba25bf7e547f3550ce05fb1aeb9c8f9283135.tar.gz
puppet-virtual-becba25bf7e547f3550ce05fb1aeb9c8f9283135.tar.bz2
Autoload for vserver
Diffstat (limited to 'manifests/vserver')
-rw-r--r--manifests/vserver/binding.pp19
-rw-r--r--manifests/vserver/create.pp75
-rw-r--r--manifests/vserver/flags.pp34
-rw-r--r--manifests/vserver/host.pp121
-rw-r--r--manifests/vserver/interface.pp33
-rw-r--r--manifests/vserver/ip.pp4
-rw-r--r--manifests/vserver/limit.pp34
-rw-r--r--manifests/vserver/sched.pp190
8 files changed, 510 insertions, 0 deletions
diff --git a/manifests/vserver/binding.pp b/manifests/vserver/binding.pp
new file mode 100644
index 0000000..93988f5
--- /dev/null
+++ b/manifests/vserver/binding.pp
@@ -0,0 +1,19 @@
+define virtual::vserver::binding($vserver, $ip, $ensure) {
+ case $ensure {
+ connected: {
+ file { "/etc/vservers/${vserver}/interfaces/${name}":
+ ensure => "/etc/vservers/local-interfaces/${ip}/",
+ require => [ File["/etc/vservers/local-interfaces/${ip}"], Exec["vs_create_${vserver}"] ],
+ notify => Exec["vs_restart_${vserver}"],
+ }
+ }
+ disconnected: {
+ file { "/etc/vservers/${vserver}/interfaces/${name}":
+ ensure => absent,
+ }
+ }
+ default: {
+ err( "${fqdn}: vs_ip: ${vserver} -> ${ip}: unknown ensure: '${ensure}'" )
+ }
+ }
+}
diff --git a/manifests/vserver/create.pp b/manifests/vserver/create.pp
new file mode 100644
index 0000000..6a6924b
--- /dev/null
+++ b/manifests/vserver/create.pp
@@ -0,0 +1,75 @@
+define virtual::vserver::create($in_domain, $context, $legacy = false, $distro = 'squeeze',
+ $debootstrap_mirror = 'http://cdn.debian.net/debian',
+ $hostname = false, $interface = false,
+ $memory_limit = false) {
+ $vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } }
+ $vs_hostname = $hostname ? { false => 'none', default => $hostname }
+ $vs_interface = $interface ? { false => 'none', default => $interface }
+
+ case $vs_name { '': { fail ( "Cannot create VServer with empty name" ) } }
+
+ case $legacy {
+ true: {
+ exec { "/bin/false # cannot create legacy vserver ${vs_name}":
+ creates => "/etc/vservers/${vs_name}",
+ alias => "vs_create_${vs_name}"
+ }
+ }
+ false: {
+ exec { "/usr/local/bin/build_vserver \"${vs_name}\" ${context} ${distro} ${debootstrap_mirror} ${vs_hostname} ${vs_interface} ${memory_limit}":
+ creates => "/etc/vservers/${vs_name}",
+ require => File["/usr/local/bin/build_vserver","/etc/vservers/.defaults/vdirbase"],
+ alias => "vs_create_${vs_name}",
+ # TODO: change when this is fixed: http://projects.puppetlabs.com/issues/4769
+ timeout => $lsbdistcodename ? { "squeeze" => '31536000', # 1 year
+ default => '-1', },
+ }
+ }
+ }
+
+ file { "/etc/vservers/${vs_name}/rlimits":
+ ensure => directory,
+ mode => 0755, owner => root, group => root,
+ require => Exec["vs_create_${vs_name}"],
+ }
+
+ case $memory_limit {
+ false: {
+ file { "/etc/vservers/${vs_name}/rlimits/rss.hard":
+ mode => 0644, owner => root, group => root,
+ ensure => absent,
+ }
+
+ file { "/etc/vservers/${vs_name}/rlimits/rss.soft":
+ mode => 0644, owner => root, group => root,
+ ensure => absent,
+ }
+
+ virtual::vserver::flag { "${vs_name}-virt_mem":
+ vserver => $vs_name,
+ flag => "virt_mem",
+ ensure => absent,
+ }
+ }
+ default: {
+ file { "/etc/vservers/${vs_name}/rlimits/rss.hard":
+ mode => 0644, owner => root, group => root,
+ content => template("virtual/rss.hard.erb"),
+ require => File["/etc/vservers/${vs_name}/rlimits"],
+ }
+
+ file { "/etc/vservers/${vs_name}/rlimits/rss.soft":
+ mode => 0644, owner => root, group => root,
+ content => template("virtual/rss.soft.erb"),
+ require => File["/etc/vservers/${vs_name}/rlimits"],
+ }
+
+ virtual::vserver::flag { "${vs_name}-virt_mem":
+ vserver => $vs_name,
+ flag => "virt_mem",
+ ensure => present,
+ require => Exec["vs_create_${vs_name}"],
+ }
+ }
+ }
+}
diff --git a/manifests/vserver/flags.pp b/manifests/vserver/flags.pp
new file mode 100644
index 0000000..59c1b43
--- /dev/null
+++ b/manifests/vserver/flags.pp
@@ -0,0 +1,34 @@
+define virtual::vserver::flag($vserver, $flag, $ensure = present) {
+ if ! defined(File["/etc/vservers/${vserver}/cflags"]) {
+ file { "/etc/vservers/${vserver}/cflags":
+ ensure => present,
+ }
+ }
+
+ line {"vs_cflags-${vserver}-${flag}":
+ ensure => $ensure,
+ file => "/etc/vservers/${vserver}/cflags",
+ line => "${flag}",
+ require => Exec["vs_create_${vserver}"],
+ notify => Exec["vattribute-${vserver}-${flag}"],
+ }
+
+ case $ensure {
+ present: {
+ exec { "/usr/sbin/vattribute-${vserver}-${flag}":
+ command => "vattribute --set --xid `cat /etc/vservers/$vserver/context` --flag ${flag}",
+ refreshonly => true,
+ require => Exec["vs_create_${vserver}"],
+ alias => "vattribute-${vserver}-${flag}",
+ }
+ }
+ default: {
+ exec { "/usr/sbin/vattribute-${vserver}-${flag}":
+ command => "vattribute --set --xid `cat /etc/vservers/$vserver/context` --flag ~${flag}",
+ refreshonly => true,
+ require => Exec["vs_create_${vserver}"],
+ alias => "vattribute-${vserver}-${flag}",
+ }
+ }
+ }
+}
diff --git a/manifests/vserver/host.pp b/manifests/vserver/host.pp
new file mode 100644
index 0000000..40c26eb
--- /dev/null
+++ b/manifests/vserver/host.pp
@@ -0,0 +1,121 @@
+class vserver::host($vdirbase = "/var/lib/vservers") {
+
+ module_dir { "virtual/contexts": }
+
+ # make sure we have the ability to query for lsbdistcodename
+ include lsb
+
+ $utilvserver_version = $lsbdistcodename ? {
+ etch => "0.30.216~r2772-6~bpo40+1",
+ lenny => latest,
+ default => latest,
+ }
+
+ package {
+ "util-vserver":
+ ensure => $utilvserver_version;
+
+ debootstrap:
+ ensure => installed
+ }
+
+ file {
+ "/etc/vservers":
+ ensure => directory,
+ require => Package["util-vserver"];
+
+ "/etc/vservers/local-interfaces":
+ ensure => directory,
+ mode => 0755, owner => root, group => root,
+ require => File["/etc/vservers"];
+
+ "/usr/local/bin/build_vserver":
+ source => "puppet:///modules/virtual/vserver/build_vserver",
+ mode => 0755, owner => root, group => root,
+ require => [ Package['util-vserver'], Package[debootstrap]];
+
+ "/etc/vservers/.defaults/vdirbase":
+ ensure => $vdirbase,
+ require => File[$vdirbase];
+
+ "$vdirbase":
+ ensure => directory,
+ mode => 000, owner => root, group => root;
+
+ # perhaps we should use hashify.
+ # but i'm commenting this out until we learn how to properly use in case we want to use it.
+ #"/etc/cron.daily/vserver-hashify":
+ # source => "puppet:///virtual/hashify.cron.daily",
+ # mode => 0755, owner => root, group => root;
+ }
+
+ # remove dummy interfaces on the host
+ line { modules_dummy:
+ file => "/etc/modules",
+ line => "^dummy",
+ ensure => absent,
+ }
+
+ # Remove these dummy interfaces, they are annoying and we dont need them
+ file {
+ "/etc/modprobe.d/local-dummy":
+ ensure => absent,
+ mode => 0644, owner => root, group => root;
+ }
+
+ # Setup some plugins if munin is enabled in the system
+ case $virtual_munin {
+ false: {}
+ default: {
+ file {
+ "/usr/local/share/munin-plugins/vserver_resources":
+ source => "puppet:///modules/virtual/munin/vserver_resources",
+ mode => 0755, owner => root, group => root;
+
+ "/usr/local/share/munin-plugins/vserver_cpu_":
+ source => "puppet:///modules/virtual/munin/vserver_cpu_",
+ mode => 0755, owner => root, group => root;
+
+ "/usr/local/share/munin-plugins/vserver_loadavg":
+ source => "puppet:///modules/virtual/munin/vserver_loadavg",
+ mode => 0755, owner => root, group => root;
+ }
+ }
+ }
+
+ # Setup some plugins if munin is enabled in the system
+ case $virtual_munin {
+ false: {}
+ default: {
+ # This creates a load average graph combining the individual load averages of each vserver on the host
+ munin::plugin {
+ "vserver_loadavg":
+ config => "user root\n",
+ script_path_in => "/usr/local/share/munin-plugins";
+ }
+
+ # This creates a RSS graph for each vserver on the host (note after more than 4 vservers this can get noisy)
+ munin::plugin {
+ "vserver_resources_RSS":
+ ensure => "vserver_resources",
+ config => "user root\nenv.resource RSS",
+ script_path_in => "/usr/local/share/munin-plugins";
+ }
+
+ # This creates a VM graph for each vserver on the host (note after more than 4 vservers this can get noisy)
+ munin::plugin {
+ "vserver_resources_VM":
+ ensure => "vserver_resources",
+ config => "user root\nenv.resource VM",
+ script_path_in => "/usr/local/share/munin-plugins";
+ }
+
+ # This creates a VM graph for each vserver on the host (note after more than 4 vservers this can get noisy)
+ munin::plugin {
+ "vserver_cpu_":
+ config => "user root\n",
+ script_path_in => "/usr/local/share/munin-plugins";
+ }
+ }
+ }
+}
diff --git a/manifests/vserver/interface.pp b/manifests/vserver/interface.pp
new file mode 100644
index 0000000..3d14d46
--- /dev/null
+++ b/manifests/vserver/interface.pp
@@ -0,0 +1,33 @@
+# Changing stuff with this define won't do much good, since it relies on
+# restarting the vservers to do the work, which won't clean up orphaned
+# interfaces
+define virtual::vserver::interface($prefix = 24, $dev = '') {
+
+ file {
+ "/etc/vservers/local-interfaces/${name}":
+ ensure => directory,
+ mode => 0755, owner => root, group => root;
+ "/etc/vservers/local-interfaces/${name}/ip":
+ content => "${name}\n",
+ mode => 0644, owner => root, group => root;
+ "/etc/vservers/local-interfaces/${name}/prefix":
+ content => "${prefix}\n",
+ mode => 0644, owner => root, group => root;
+ }
+
+ case $dev {
+ '': {
+ file {
+ "/etc/vservers/local-interfaces/${name}/nodev":
+ ensure => present,
+ mode => 0644, owner => root, group => root;
+ "/etc/vservers/local-interfaces/${name}/dev":
+ ensure => absent;
+ }
+ }
+ default: {
+ config_file { "/etc/vservers/local-interfaces/${name}/dev": content => $dev, }
+ file { "/etc/vservers/local-interfaces/${name}/nodev": ensure => absent, }
+ }
+ }
+}
diff --git a/manifests/vserver/ip.pp b/manifests/vserver/ip.pp
new file mode 100644
index 0000000..8e50311
--- /dev/null
+++ b/manifests/vserver/ip.pp
@@ -0,0 +1,4 @@
+define virtual::vserver::ip($vserver, $ip, $ensure) {
+ err("$fqdn is using deprecated vs_ip instead of vs_ip_binding for $name")
+ virtual::vserver::binding { $name: vserver => $vserver, ip => $ip, ensure => $ensure }
+}
diff --git a/manifests/vserver/limit.pp b/manifests/vserver/limit.pp
new file mode 100644
index 0000000..71f3552
--- /dev/null
+++ b/manifests/vserver/limit.pp
@@ -0,0 +1,34 @@
+define virtual::vserver::limit($vserver, $limit, $soft = '', $hard = '', $min = '', $ensure = present) {
+ file { "/etc/vservers/${vserver}/rlimits/$limit.soft":
+ mode => 0644, owner => root, group => root,
+ content => "$soft\n",
+ ensure => $soft ? {
+ '' => absent,
+ default => $ensure,
+ },
+ require => File["/etc/vservers/${vserver}/rlimits"],
+ notify => Exec["vs_restart_${vserver}"],
+ }
+
+ file { "/etc/vservers/${vserver}/rlimits/$limit.hard":
+ mode => 0644, owner => root, group => root,
+ content => "$hard\n",
+ ensure => $hard ? {
+ '' => absent,
+ default => $ensure,
+ },
+ require => File["/etc/vservers/${vserver}/rlimits"],
+ notify => Exec["vs_restart_${vserver}"],
+ }
+
+ file { "/etc/vservers/${vserver}/rlimits/$limit.min":
+ mode => 0644, owner => root, group => root,
+ content => "$min\n",
+ ensure => $min? {
+ '' => absent,
+ default => $ensure,
+ },
+ require => File["/etc/vservers/${vserver}/rlimits"],
+ notify => Exec["vs_restart_${vserver}"],
+ }
+}
diff --git a/manifests/vserver/sched.pp b/manifests/vserver/sched.pp
new file mode 100644
index 0000000..637e840
--- /dev/null
+++ b/manifests/vserver/sched.pp
@@ -0,0 +1,190 @@
+define virtual::vserver::sched($ensure = present, $fill_rate = '', $fill_rate2 = '',
+ $interval = '', $interval2 = '', $tokens_min = '', $tokens_max = '',
+ $tokens = '', $idle_time = false, $priority_bias = '') {
+
+ file { "/etc/vservers/${name}/sched":
+ ensure => directory,
+ owner => root,
+ group => root,
+ mode => 0755,
+ }
+
+ case $fill_rate {
+ '': {
+ file { "/etc/vservers/${name}/sched/fill-rate":
+ ensure => absent,
+ }
+ }
+ default: {
+ $set_fill_rate = "--fill-rate $fill_rate"
+
+ file { "/etc/vservers/${name}/sched/fill-rate":
+ ensure => $ensure,
+ content => "$fill_rate\n",
+ require => File["/etc/vservers/${name}/sched"],
+ }
+ }
+ }
+
+ case $fill_rate2 {
+ '': {
+ file { "/etc/vservers/${name}/sched/fill-rate2":
+ ensure => absent,
+ }
+ }
+ default: {
+ $set_fill_rate2 = "--fill-rate2 $fill_rate2"
+
+ file { "/etc/vservers/${name}/sched/fill-rate2":
+ ensure => $ensure,
+ content => "$fill_rate2\n",
+ require => File["/etc/vservers/${name}/sched"],
+ }
+ }
+ }
+
+ case $interval {
+ '': {
+ file { "/etc/vservers/${name}/sched/interval":
+ ensure => absent,
+ }
+ }
+ default: {
+ $set_interval = "--interval $interval"
+
+ file { "/etc/vservers/${name}/sched/interval":
+ ensure => $ensure,
+ content => "$interval\n",
+ require => File["/etc/vservers/${name}/sched"],
+ }
+ }
+ }
+
+ case $interval2 {
+ '': {
+ file { "/etc/vservers/${name}/sched/interval2":
+ ensure => absent,
+ }
+ }
+ default: {
+ $set_interval2 = "--interval2 $interval2"
+
+ file { "/etc/vservers/${name}/sched/interval2":
+ ensure => $ensure,
+ content => "$interval2\n",
+ require => File["/etc/vservers/${name}/sched"],
+ }
+ }
+ }
+
+ case $tokens_min {
+ '': {
+ file { "/etc/vservers/${name}/sched/tokens-min":
+ ensure => absent,
+ }
+ }
+ default: {
+ $set_tokens_min = "--tokens-min $tokens_min"
+
+ file { "/etc/vservers/${name}/sched/tokens-min":
+ ensure => $ensure,
+ content => "$tokens_min\n",
+ require => File["/etc/vservers/${name}/sched"],
+ }
+ }
+ }
+
+ case $tokens_max {
+ '': {
+ file { "/etc/vservers/${name}/sched/tokens-max":
+ ensure => absent,
+ }
+ }
+ default: {
+ $set_tokens_max = "--tokens-max $tokens_max"
+
+ file { "/etc/vservers/${name}/sched/tokens-max":
+ ensure => $ensure,
+ content => "$tokens_max\n",
+ require => File["/etc/vservers/${name}/sched"],
+ }
+ }
+ }
+
+ case $tokens {
+ '': {
+ file { "/etc/vservers/${name}/sched/tokens":
+ ensure => absent,
+ }
+ }
+ default: {
+ $set_tokens = "--tokens $tokens"
+
+ file { "/etc/vservers/${name}/sched/tokens":
+ ensure => $ensure,
+ content => "$tokens\n",
+ require => File["/etc/vservers/${name}/sched"],
+ }
+ }
+ }
+
+ case $priority_bias {
+ '': {
+ file { "/etc/vservers/${name}/sched/priority-bias":
+ ensure => absent,
+ }
+ }
+ default: {
+ $set_priority_bias = "--prio-bias $priority_bias"
+
+ file { "/etc/vservers/${name}/sched/priority-bias":
+ ensure => $ensure,
+ content => "$priority_bias\n",
+ require => File["/etc/vservers/${name}/sched"],
+ }
+ }
+ }
+
+ case $idle_time {
+ true: {
+ $set_idle_time = "--idle-time"
+
+ file { "/etc/vservers/${name}/sched/idle-time":
+ ensure => $ensure,
+ }
+ }
+ default: {
+ file { "/etc/vservers/${name}/sched/idle-time":
+ ensure => absent,
+ }
+ }
+ }
+
+ virtual::vserver::flag { "${name}-sched_hard":
+ vserver => $name,
+ flag => "sched_hard",
+ ensure => $ensure,
+ }
+
+ virtual::vserver::flag { "${name}-sched_prio":
+ vserver => $name,
+ flag => "sched_prio",
+ ensure => $ensure,
+ }
+
+ case $ensure {
+ present: {
+
+ $vsched_params = "$set_fill_rate $set_fill_rate2 $set_interval $set_interval2 $set_tokens_min $set_tokens_max $set_tokens $set_idle_time $set_priority_bias"
+
+ exec { "/usr/sbin/vsched --xid `cat /etc/vservers/$name/context` ${vsched_params} --force":
+ subscribe => File["/etc/vservers/$name/sched/fill-rate", "/etc/vservers/$name/sched/fill-rate2",
+ "/etc/vservers/$name/sched/interval", "/etc/vservers/$name/sched/interval2",
+ "/etc/vservers/$name/sched/tokens-min", "/etc/vservers/$name/sched/tokens-max",
+ "/etc/vservers/$name/sched/tokens", "/etc/vservers/$name/sched/idle-time"],
+ refreshonly => true,
+ require => Exec["vs_create_${name}"],
+ }
+ }
+ }
+}