aboutsummaryrefslogtreecommitdiff
path: root/manifests
diff options
context:
space:
mode:
authorPietro Ferrari <pietro@riseup.net>2008-11-11 00:16:41 +0000
committerPietro Ferrari <pietro@riseup.net>2008-11-11 00:16:41 +0000
commitb43b2a2d5b0c424f3fce801f9158af60df20978a (patch)
treeb1e48d613ee0d76a686a83c2ccdec4f769060c89 /manifests
parent0a4679409748b22f464526ec2c4aad1771c80b80 (diff)
downloadpuppet-virtual-b43b2a2d5b0c424f3fce801f9158af60df20978a.tar.gz
puppet-virtual-b43b2a2d5b0c424f3fce801f9158af60df20978a.tar.bz2
merge some changes from immerda repository. specially xen related.
Diffstat (limited to 'manifests')
-rw-r--r--manifests/init.pp1
-rw-r--r--manifests/openvpn.pp54
-rw-r--r--manifests/vserver.pp108
-rw-r--r--manifests/xen.pp118
4 files changed, 226 insertions, 55 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index ff2df80..1b89355 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -6,4 +6,5 @@
modules_dir{ "virtual": }
import "vserver.pp"
+import "openvpn.pp"
import "xen.pp"
diff --git a/manifests/openvpn.pp b/manifests/openvpn.pp
new file mode 100644
index 0000000..ecdb8a7
--- /dev/null
+++ b/manifests/openvpn.pp
@@ -0,0 +1,54 @@
+# openvpn.pp -- create a "virtual" OpenVPN Server within a vserver
+# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>
+# See LICENSE for the full license granted to you.
+
+# configures the specified vserver for openvpn hosting
+# see also http://oldwiki.linux-vserver.org/some_hints_from_john
+# and http://linux-vserver.org/Frequently_Asked_Questions#Can_I_run_an_OpenVPN_Server_in_a_guest.3F
+
+class virtual::openvpn::base {
+ include openvpn
+ modules_dir { "virtual/openvpn": }
+}
+
+class virtual::openvpn::host_base inherits virtual::openvpn::base {
+ file {
+ "/var/lib/puppet/modules/virtual/openvpn/create_interface":
+ source => "puppet://$servername/virtual/create_openvpn_interface",
+ mode => 0755, owner => root, group => 0;
+ "/var/lib/puppet/modules/virtual/openvpn/destroy_interface":
+ source => "puppet://$servername/virtual/destroy_openvpn_interface",
+ mode => 0755, owner => root, group => 0;
+ }
+}
+
+define virtual::openvpn::host() {
+ include virtual::openvpn::host_base
+ exec { "mktun for ${name}":
+ command => "./MAKEDEV tun",
+ cwd => "/etc/vservers/${name}/vdir/dev",
+ creates => "/etc/vservers/${name}/vdir/dev/net/tun";
+ }
+}
+
+# this configures a specific tun interface for the given subnet
+define virtual::openvpn::interface($subnet) {
+ # create and setup the interface if it doesn't exist already
+ # this is a "bit" coarse grained but works for me
+ ifupdown::manual {
+ $name:
+ up => "/var/lib/puppet/modules/virtual/openvpn/create_interface ${name} ${subnet}",
+ down => "/var/lib/puppet/modules/virtual/openvpn/destroy_interface ${name} ${subnet}"
+ }
+}
+
+# actually setup the openvpn server within a vserver
+define virtual::openvpn::server($config) {
+ include virtual::openvpn::base
+ file {
+ "/etc/openvpn/${name}.conf":
+ ensure => present, content => $config,
+ mode => 0644, owner => root, group => 0,
+ notify => Service['openvpn'];
+ }
+}
diff --git a/manifests/vserver.pp b/manifests/vserver.pp
index b4d864a..e05c381 100644
--- a/manifests/vserver.pp
+++ b/manifests/vserver.pp
@@ -1,4 +1,6 @@
-# virtual/vserver.pp -- manage vservers
+# virtual/vserver.pp -- manage vserver specifics
+# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>
+# See LICENSE for the full license granted to you.
modules_dir{ "virtual/contexts": }
@@ -31,40 +33,68 @@ class vserver::host {
mode => 0755, owner => root, group => root,
require => File["/etc/vservers"];
}
+
+ file {
+ "/usr/local/bin/build_vserver":
+ source => "puppet://$server/virtual/build_vserver",
+ mode => 0755, owner => root, group => root,
+ require => [ Package['util-vserver'], Package[debootstrap],
+ # this comes from dbp module and is the most current puppet deb
+ File["/var/lib/puppet/modules/dbp/puppet_current.deb"] ];
+ "/etc/vservers/local-interfaces":
+ ensure => directory,
+ mode => 0755, owner => root, group => root;
+ "/etc/cron.daily/vserver-hashify":
+ source => "puppet://$server/virtual/hashify.cron.daily",
+ mode => 0755, owner => root, group => root;
+ }
}
-define vs_create($in_domain, $legacy = false, $distro = 'etch', $debootstrap_mirror = 'http://ftp.debian.org/debian') {
-
- $vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } }
+define vs_create($in_domain, $context, $legacy = false, $distro = 'etch', $debootstrap_mirror = 'http://ftp.debian.org/debian') {
+ $vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } }
+
case $vs_name { '': { fail ( "Cannot create VServer with empty name" ) } }
- exec { "/usr/sbin/vserver ${vs_name} build -m debootstrap -- -d $distro -m $debootstrap_mirror":
- creates => "/etc/vservers/${vs_name}",
- alias => "vs_create_${vs_name}"
+
+ case $legacy {
+ true: {
+ exec { "/bin/false # cannot create legacy vserver ${vs_name}":
+ creates => "/etc/vservers/${vs_name}",
+ alias => "vs_create_${vs_name}"
+ }
+ }
+ false: {
+ exec { "/usr/local/bin/build_vserver \"${vs_name}\" ${context} ${distro} ${debootstrap_mirror}":
+ creates => "/etc/vservers/${vs_name}",
+ require => File["/usr/local/bin/build_vserver"],
+ alias => "vs_create_${vs_name}"
+ }
+ }
}
}
# ensure: present, stopped, running
-define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false, $distro = '') {
-
- case $in_domain { '': {}
- default: { err("${fqdn}: vserver ${name} uses deprecated \$in_domain" ) }
- }
+define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false) {
+ case $in_domain { '': {}
+ default: { err("${fqdn}: vserver ${name} uses deprecated \$in_domain" ) }
+ }
+ $vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } }
+ case $vs_name { '': { fail ( "Cannot create VServer with empty name" ) } }
- $vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } }
- case $vs_name { '': { fail ( "Cannot create VServer with empty name" ) } }
-
- $if_dir = "/etc/vservers/${vs_name}/interfaces/"
+ $if_dir = "/etc/vservers/${vs_name}/interfaces"
$mark_file = "/etc/vservers/${vs_name}/apps/init/mark"
+ $vs_name_underscores = gsub($vs_name, '\.', '_')
+ $cron_job = "/etc/cron.daily/puppet-vserver-${vs_name_underscores}"
+
# TODO: wasn't there a syntax for using arrays as case selectors??
case $ensure {
- present: { vs_create{$name: in_domain => $in_domain, legacy => $legacy, distro => $distro, } }
- running: { vs_create{$name: in_domain => $in_domain, legacy => $legacy, distro => $distro, } }
- stopped: { vs_create{$name: in_domain => $in_domain, legacy => $legacy, distro => $distro, } }
- delete: { vs_create{$name: in_domain => $in_domain, legacy => $legacy, distro => $distro, } }
+ present: { vs_create{$name: in_domain => $in_domain, context => $context, legacy => $legacy, distro => $distro, } }
+ running: { vs_create{$name: in_domain => $in_domain, context => $context, legacy => $legacy, distro => $distro, } }
+ stopped: { vs_create{$name: in_domain => $in_domain, context => $context, legacy => $legacy, distro => $distro, } }
+ delete: { vs_create{$name: in_domain => $in_domain, context => $context, legacy => $legacy, distro => $distro, } }
default: { err("${fqdn}: vserver(${vs_name}): unknown ensure '${ensure}'") }
}
@@ -93,8 +123,6 @@ define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false,
}
case $ensure {
-
-
present: {
# don't start or stop the vserver, just make sure it exists, we just run a dummy status test here
exec { "test -e \$(readlink -f /etc/vservers/${vs_name}/vdir)":
@@ -102,11 +130,25 @@ define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false,
alias => "vs_restart_${vs_name}",
}
}
+ stopped: {
+ exec { "vserver ${vs_name} stop":
+ onlyif => "test -e \$(readlink -f /etc/vservers/${vs_name}/run || echo /doesntexist )",
+ require => Exec["vs_create_${vs_name}"],
+ # fake the restart exec in the stopped case, so the dependencies are fulfilled
+ alias => "vs_restart_${vs_name}",
+ }
+ file { $mark_file: ensure => absent, }
+ }
+ delete: {
+ exec { "/usr/bin/yes | vserver ${vs_name} delete":
+ alias => "vs_restart_${vs_name}",
+ }
+ }
running: {
exec { "vserver ${vs_name} start":
unless => "test -e \$(readlink -f /etc/vservers/${vs_name}/run)",
- require => Exec["vs_create_${vs_name}"],
+ require => [ Exec["vs_create_${vs_name}"], File["/etc/vservers/${vs_name}/context"] ]
}
exec { "vserver ${vs_name} restart":
@@ -129,22 +171,6 @@ define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false,
}
}
}
-
- stopped: {
- exec { "vserver ${vs_name} stop":
- onlyif => "test -e \$(readlink -f /etc/vservers/${vs_name}/run || echo /doesntexist )",
- require => Exec["vs_create_${vs_name}"],
- # fake the restart exec in the stopped case, so the dependencies are fulfilled
- alias => "vs_restart_${vs_name}",
- }
- file { $mark_file: ensure => absent, }
- }
-
- delete: {
- exec { "/usr/bin/yes | vserver ${vs_name} delete":
- alias => "vs_restart_${vs_name}",
- }
- }
}
}
@@ -155,7 +181,7 @@ define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false,
define vs_interface($prefix = 24, $dev = '') {
file {
- "/etc/vservers/local-interfaces/${name}/":
+ "/etc/vservers/local-interfaces/${name}":
ensure => directory,
mode => 0755, owner => root, group => root;
"/etc/vservers/local-interfaces/${name}/ip":
@@ -193,7 +219,7 @@ define vs_ip_binding($vserver, $ip, $ensure) {
connected: {
file { "/etc/vservers/${vserver}/interfaces/${name}":
ensure => "/etc/vservers/local-interfaces/${ip}/",
- require => [ File["/etc/vservers/local-interfaces/${ip}/"], Exec["vs_create_${vserver}"] ],
+ require => [ File["/etc/vservers/local-interfaces/${ip}"], Exec["vs_create_${vserver}"] ],
notify => Exec["vs_restart_${vserver}"],
}
}
diff --git a/manifests/xen.pp b/manifests/xen.pp
index afaa59c..35a5c4a 100644
--- a/manifests/xen.pp
+++ b/manifests/xen.pp
@@ -5,34 +5,124 @@
class munin::plugins::xen {
munin::remoteplugin {
xen_mem:
- source => "puppet://$servername/virtual/munin/xen_mem",
+ source => "puppet://$server/virtual/munin/xen_mem",
config => "user root";
xen_vm:
- source => "puppet://$servername/virtual/munin/xen_vm",
+ source => "puppet://$server/virtual/munin/xen_vm",
config => "user root";
}
}
class xen::domain {
- # install the special libc and parameters to enable it
- $xen_ensure = $virtual ? {
- 'xen0' => present,
- 'xenu' => present,
- default => 'absent'
- }
+ case $operatingsystem {
+ debian: { include xen::domain::debian }
+ centos: { include xen::domain::centos }
+ default: { include xen::domain::base }
+ }
+}
- case $ensure {
- 'absent': { err("xen::domain configured, but not detected") }
- }
+class xen::domain::base {
+ service{ 'xend':
+ ensure => running,
+ enable => true,
+ hasstatus => true,
+ }
+
+ case $xen_domains {
+ '0': { info("No xen domains are running, so not configuring service xendomains") }
+ default: {
+ service{ 'xendomains':
+ ensure => running,
+ enable => true,
+ hasstatus => true,
+ }
+ }
+ }
+
+ file{'/etc/xen/xend-config.sxp':
+ source => [ "puppet://$server/files/virtual/xen/${fqdn}/config/xend-config.sxp",
+ "puppet://$server/files/virtual/xen/config/${domain}/xend-config.sxp",
+ "puppet://$server/files/virtual/xen/config/${operatingsystem}/xend-config.sxp",
+ "puppet://$server/files/virtual/xen/config/xend-config.sxp",
+ "puppet://$server/virtual/xen/config/${operatingsystem}/xend-config.sxp",
+ "puppet://$server/virtual/xen/config/xend-config.sxp" ],
+ notify => Service['xend'],
+ owner => root, group => 0, mode => 0644;
+ }
+}
+
+class xen::domain::centos inherits xen::domain::base {
+ package{ 'kernel-xen':
+ ensure => present,
+ }
+
+ Service[xend]{
+ require => Package['kernel-xen'],
+ }
+
+ file{'/etc/sysconfig/xend':
+ source => "puppet://$server/virtual/xen/${operatingsystem}/sysconfig/xend",
+ notify => Service['xend'],
+ owner => root, group => 0, mode => 0644;
+ }
+
+ file{'/etc/sysconfig/xendomains':
+ source => "puppet://$server/virtual/xen/${operatingsystem}/sysconfig/xendomains",
+ owner => root, group => 0, mode => 0644;
+ }
- package { libc6-xen:
- ensure => $xen_ensure,
+ case $xen_domains {
+ '0': { info("No xen domains are running, so not configuring service xendomains") }
+ default: {
+ Service[xendomains]{
+ require => Package['kernel-xen'],
+ }
+ File['/etc/sysconfig/xendomains']{
+ notify => Service[xendomains]
+ }
+ }
+ }
+}
+
+class xen::domain::debian inherits xen::domain::base {
+ # This package is i386 only
+ # See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=379444
+ case $architecture {
+ 'i386': {
+ package { libc6-xen:
+ ensure => 'present',
+ }
+ }
}
config_file {
"/etc/ld.so.conf.d/nosegneg.conf":
ensure => $xen_ensure,
content => "hwcap 0 nosegneg\n",
- }
+ }
+}
+class xen::dom0 inherits xen::domain {
+ case $operatingsystem {
+ debian: { include xen::dom0::debian }
+ centos: { include xen::dom0::centos }
+ default: { include xen::dom0::base }
+ }
+}
+
+class xen::dom0::base {}
+class xen::dom0::centos inherits xen::dom0::base {
+ package{ [ "xen", "xen-libs"]:
+ ensure => present,
+ }
+}
+class xen::dom0::debian inherits xen::dom0::base {
+ # install the packages required for managing xen
+ package {
+ [ "xen-hypervisor-3.0.3-1-$architecture",
+ "linux-image-xen-$architecture",
+ 'libsysfs2'
+ ]:
+ ensure => present
+ }
}