diff options
author | Pietro Ferrari <pietro@riseup.net> | 2008-11-11 00:16:41 +0000 |
---|---|---|
committer | Pietro Ferrari <pietro@riseup.net> | 2008-11-11 00:16:41 +0000 |
commit | b43b2a2d5b0c424f3fce801f9158af60df20978a (patch) | |
tree | b1e48d613ee0d76a686a83c2ccdec4f769060c89 /manifests | |
parent | 0a4679409748b22f464526ec2c4aad1771c80b80 (diff) | |
download | puppet-virtual-b43b2a2d5b0c424f3fce801f9158af60df20978a.tar.gz puppet-virtual-b43b2a2d5b0c424f3fce801f9158af60df20978a.tar.bz2 |
merge some changes from immerda repository. specially xen related.
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/init.pp | 1 | ||||
-rw-r--r-- | manifests/openvpn.pp | 54 | ||||
-rw-r--r-- | manifests/vserver.pp | 108 | ||||
-rw-r--r-- | manifests/xen.pp | 118 |
4 files changed, 226 insertions, 55 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index ff2df80..1b89355 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -6,4 +6,5 @@ modules_dir{ "virtual": } import "vserver.pp" +import "openvpn.pp" import "xen.pp" diff --git a/manifests/openvpn.pp b/manifests/openvpn.pp new file mode 100644 index 0000000..ecdb8a7 --- /dev/null +++ b/manifests/openvpn.pp @@ -0,0 +1,54 @@ +# openvpn.pp -- create a "virtual" OpenVPN Server within a vserver +# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at> +# See LICENSE for the full license granted to you. + +# configures the specified vserver for openvpn hosting +# see also http://oldwiki.linux-vserver.org/some_hints_from_john +# and http://linux-vserver.org/Frequently_Asked_Questions#Can_I_run_an_OpenVPN_Server_in_a_guest.3F + +class virtual::openvpn::base { + include openvpn + modules_dir { "virtual/openvpn": } +} + +class virtual::openvpn::host_base inherits virtual::openvpn::base { + file { + "/var/lib/puppet/modules/virtual/openvpn/create_interface": + source => "puppet://$servername/virtual/create_openvpn_interface", + mode => 0755, owner => root, group => 0; + "/var/lib/puppet/modules/virtual/openvpn/destroy_interface": + source => "puppet://$servername/virtual/destroy_openvpn_interface", + mode => 0755, owner => root, group => 0; + } +} + +define virtual::openvpn::host() { + include virtual::openvpn::host_base + exec { "mktun for ${name}": + command => "./MAKEDEV tun", + cwd => "/etc/vservers/${name}/vdir/dev", + creates => "/etc/vservers/${name}/vdir/dev/net/tun"; + } +} + +# this configures a specific tun interface for the given subnet +define virtual::openvpn::interface($subnet) { + # create and setup the interface if it doesn't exist already + # this is a "bit" coarse grained but works for me + ifupdown::manual { + $name: + up => "/var/lib/puppet/modules/virtual/openvpn/create_interface ${name} ${subnet}", + down => "/var/lib/puppet/modules/virtual/openvpn/destroy_interface ${name} ${subnet}" + } +} + +# actually setup the openvpn server within a vserver +define virtual::openvpn::server($config) { + include virtual::openvpn::base + file { + "/etc/openvpn/${name}.conf": + ensure => present, content => $config, + mode => 0644, owner => root, group => 0, + notify => Service['openvpn']; + } +} diff --git a/manifests/vserver.pp b/manifests/vserver.pp index b4d864a..e05c381 100644 --- a/manifests/vserver.pp +++ b/manifests/vserver.pp @@ -1,4 +1,6 @@ -# virtual/vserver.pp -- manage vservers +# virtual/vserver.pp -- manage vserver specifics +# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at> +# See LICENSE for the full license granted to you. modules_dir{ "virtual/contexts": } @@ -31,40 +33,68 @@ class vserver::host { mode => 0755, owner => root, group => root, require => File["/etc/vservers"]; } + + file { + "/usr/local/bin/build_vserver": + source => "puppet://$server/virtual/build_vserver", + mode => 0755, owner => root, group => root, + require => [ Package['util-vserver'], Package[debootstrap], + # this comes from dbp module and is the most current puppet deb + File["/var/lib/puppet/modules/dbp/puppet_current.deb"] ]; + "/etc/vservers/local-interfaces": + ensure => directory, + mode => 0755, owner => root, group => root; + "/etc/cron.daily/vserver-hashify": + source => "puppet://$server/virtual/hashify.cron.daily", + mode => 0755, owner => root, group => root; + } } -define vs_create($in_domain, $legacy = false, $distro = 'etch', $debootstrap_mirror = 'http://ftp.debian.org/debian') { - - $vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } } +define vs_create($in_domain, $context, $legacy = false, $distro = 'etch', $debootstrap_mirror = 'http://ftp.debian.org/debian') { + $vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } } + case $vs_name { '': { fail ( "Cannot create VServer with empty name" ) } } - exec { "/usr/sbin/vserver ${vs_name} build -m debootstrap -- -d $distro -m $debootstrap_mirror": - creates => "/etc/vservers/${vs_name}", - alias => "vs_create_${vs_name}" + + case $legacy { + true: { + exec { "/bin/false # cannot create legacy vserver ${vs_name}": + creates => "/etc/vservers/${vs_name}", + alias => "vs_create_${vs_name}" + } + } + false: { + exec { "/usr/local/bin/build_vserver \"${vs_name}\" ${context} ${distro} ${debootstrap_mirror}": + creates => "/etc/vservers/${vs_name}", + require => File["/usr/local/bin/build_vserver"], + alias => "vs_create_${vs_name}" + } + } } } # ensure: present, stopped, running -define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false, $distro = '') { - - case $in_domain { '': {} - default: { err("${fqdn}: vserver ${name} uses deprecated \$in_domain" ) } - } +define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false) { + case $in_domain { '': {} + default: { err("${fqdn}: vserver ${name} uses deprecated \$in_domain" ) } + } + $vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } } + case $vs_name { '': { fail ( "Cannot create VServer with empty name" ) } } - $vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } } - case $vs_name { '': { fail ( "Cannot create VServer with empty name" ) } } - - $if_dir = "/etc/vservers/${vs_name}/interfaces/" + $if_dir = "/etc/vservers/${vs_name}/interfaces" $mark_file = "/etc/vservers/${vs_name}/apps/init/mark" + $vs_name_underscores = gsub($vs_name, '\.', '_') + $cron_job = "/etc/cron.daily/puppet-vserver-${vs_name_underscores}" + # TODO: wasn't there a syntax for using arrays as case selectors?? case $ensure { - present: { vs_create{$name: in_domain => $in_domain, legacy => $legacy, distro => $distro, } } - running: { vs_create{$name: in_domain => $in_domain, legacy => $legacy, distro => $distro, } } - stopped: { vs_create{$name: in_domain => $in_domain, legacy => $legacy, distro => $distro, } } - delete: { vs_create{$name: in_domain => $in_domain, legacy => $legacy, distro => $distro, } } + present: { vs_create{$name: in_domain => $in_domain, context => $context, legacy => $legacy, distro => $distro, } } + running: { vs_create{$name: in_domain => $in_domain, context => $context, legacy => $legacy, distro => $distro, } } + stopped: { vs_create{$name: in_domain => $in_domain, context => $context, legacy => $legacy, distro => $distro, } } + delete: { vs_create{$name: in_domain => $in_domain, context => $context, legacy => $legacy, distro => $distro, } } default: { err("${fqdn}: vserver(${vs_name}): unknown ensure '${ensure}'") } } @@ -93,8 +123,6 @@ define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false, } case $ensure { - - present: { # don't start or stop the vserver, just make sure it exists, we just run a dummy status test here exec { "test -e \$(readlink -f /etc/vservers/${vs_name}/vdir)": @@ -102,11 +130,25 @@ define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false, alias => "vs_restart_${vs_name}", } } + stopped: { + exec { "vserver ${vs_name} stop": + onlyif => "test -e \$(readlink -f /etc/vservers/${vs_name}/run || echo /doesntexist )", + require => Exec["vs_create_${vs_name}"], + # fake the restart exec in the stopped case, so the dependencies are fulfilled + alias => "vs_restart_${vs_name}", + } + file { $mark_file: ensure => absent, } + } + delete: { + exec { "/usr/bin/yes | vserver ${vs_name} delete": + alias => "vs_restart_${vs_name}", + } + } running: { exec { "vserver ${vs_name} start": unless => "test -e \$(readlink -f /etc/vservers/${vs_name}/run)", - require => Exec["vs_create_${vs_name}"], + require => [ Exec["vs_create_${vs_name}"], File["/etc/vservers/${vs_name}/context"] ] } exec { "vserver ${vs_name} restart": @@ -129,22 +171,6 @@ define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false, } } } - - stopped: { - exec { "vserver ${vs_name} stop": - onlyif => "test -e \$(readlink -f /etc/vservers/${vs_name}/run || echo /doesntexist )", - require => Exec["vs_create_${vs_name}"], - # fake the restart exec in the stopped case, so the dependencies are fulfilled - alias => "vs_restart_${vs_name}", - } - file { $mark_file: ensure => absent, } - } - - delete: { - exec { "/usr/bin/yes | vserver ${vs_name} delete": - alias => "vs_restart_${vs_name}", - } - } } } @@ -155,7 +181,7 @@ define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false, define vs_interface($prefix = 24, $dev = '') { file { - "/etc/vservers/local-interfaces/${name}/": + "/etc/vservers/local-interfaces/${name}": ensure => directory, mode => 0755, owner => root, group => root; "/etc/vservers/local-interfaces/${name}/ip": @@ -193,7 +219,7 @@ define vs_ip_binding($vserver, $ip, $ensure) { connected: { file { "/etc/vservers/${vserver}/interfaces/${name}": ensure => "/etc/vservers/local-interfaces/${ip}/", - require => [ File["/etc/vservers/local-interfaces/${ip}/"], Exec["vs_create_${vserver}"] ], + require => [ File["/etc/vservers/local-interfaces/${ip}"], Exec["vs_create_${vserver}"] ], notify => Exec["vs_restart_${vserver}"], } } diff --git a/manifests/xen.pp b/manifests/xen.pp index afaa59c..35a5c4a 100644 --- a/manifests/xen.pp +++ b/manifests/xen.pp @@ -5,34 +5,124 @@ class munin::plugins::xen { munin::remoteplugin { xen_mem: - source => "puppet://$servername/virtual/munin/xen_mem", + source => "puppet://$server/virtual/munin/xen_mem", config => "user root"; xen_vm: - source => "puppet://$servername/virtual/munin/xen_vm", + source => "puppet://$server/virtual/munin/xen_vm", config => "user root"; } } class xen::domain { - # install the special libc and parameters to enable it - $xen_ensure = $virtual ? { - 'xen0' => present, - 'xenu' => present, - default => 'absent' - } + case $operatingsystem { + debian: { include xen::domain::debian } + centos: { include xen::domain::centos } + default: { include xen::domain::base } + } +} - case $ensure { - 'absent': { err("xen::domain configured, but not detected") } - } +class xen::domain::base { + service{ 'xend': + ensure => running, + enable => true, + hasstatus => true, + } + + case $xen_domains { + '0': { info("No xen domains are running, so not configuring service xendomains") } + default: { + service{ 'xendomains': + ensure => running, + enable => true, + hasstatus => true, + } + } + } + + file{'/etc/xen/xend-config.sxp': + source => [ "puppet://$server/files/virtual/xen/${fqdn}/config/xend-config.sxp", + "puppet://$server/files/virtual/xen/config/${domain}/xend-config.sxp", + "puppet://$server/files/virtual/xen/config/${operatingsystem}/xend-config.sxp", + "puppet://$server/files/virtual/xen/config/xend-config.sxp", + "puppet://$server/virtual/xen/config/${operatingsystem}/xend-config.sxp", + "puppet://$server/virtual/xen/config/xend-config.sxp" ], + notify => Service['xend'], + owner => root, group => 0, mode => 0644; + } +} + +class xen::domain::centos inherits xen::domain::base { + package{ 'kernel-xen': + ensure => present, + } + + Service[xend]{ + require => Package['kernel-xen'], + } + + file{'/etc/sysconfig/xend': + source => "puppet://$server/virtual/xen/${operatingsystem}/sysconfig/xend", + notify => Service['xend'], + owner => root, group => 0, mode => 0644; + } + + file{'/etc/sysconfig/xendomains': + source => "puppet://$server/virtual/xen/${operatingsystem}/sysconfig/xendomains", + owner => root, group => 0, mode => 0644; + } - package { libc6-xen: - ensure => $xen_ensure, + case $xen_domains { + '0': { info("No xen domains are running, so not configuring service xendomains") } + default: { + Service[xendomains]{ + require => Package['kernel-xen'], + } + File['/etc/sysconfig/xendomains']{ + notify => Service[xendomains] + } + } + } +} + +class xen::domain::debian inherits xen::domain::base { + # This package is i386 only + # See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=379444 + case $architecture { + 'i386': { + package { libc6-xen: + ensure => 'present', + } + } } config_file { "/etc/ld.so.conf.d/nosegneg.conf": ensure => $xen_ensure, content => "hwcap 0 nosegneg\n", - } + } +} +class xen::dom0 inherits xen::domain { + case $operatingsystem { + debian: { include xen::dom0::debian } + centos: { include xen::dom0::centos } + default: { include xen::dom0::base } + } +} + +class xen::dom0::base {} +class xen::dom0::centos inherits xen::dom0::base { + package{ [ "xen", "xen-libs"]: + ensure => present, + } +} +class xen::dom0::debian inherits xen::dom0::base { + # install the packages required for managing xen + package { + [ "xen-hypervisor-3.0.3-1-$architecture", + "linux-image-xen-$architecture", + 'libsysfs2' + ]: + ensure => present + } } |