diff options
26 files changed, 823 insertions, 804 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 6853fd0..42f6d4b 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -3,8 +3,6 @@ # See LICENSE for the full license granted to you. # Based on the work of abnormaliti on http://reductivelabs.com/trac/puppet/wiki/VirtualRecipe -module_dir{ "virtual": } - -import "vserver.pp" -import "openvpn.pp" -import "xen.pp" +class virtual { + module_dir{ "virtual": } +} diff --git a/manifests/openvpn.pp b/manifests/openvpn.pp deleted file mode 100644 index 5aa8d92..0000000 --- a/manifests/openvpn.pp +++ /dev/null @@ -1,54 +0,0 @@ -# openvpn.pp -- create a "virtual" OpenVPN Server within a vserver -# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at> -# See LICENSE for the full license granted to you. - -# configures the specified vserver for openvpn hosting -# see also http://oldwiki.linux-vserver.org/some_hints_from_john -# and http://linux-vserver.org/Frequently_Asked_Questions#Can_I_run_an_OpenVPN_Server_in_a_guest.3F - -class virtual::openvpn::base { - include openvpn - module_dir { "virtual/openvpn": } -} - -class virtual::openvpn::host_base inherits virtual::openvpn::base { - file { - "/var/lib/puppet/modules/virtual/openvpn/create_interface": - source => "puppet:///modules/virtual/create_openvpn_interface", - mode => 0755, owner => root, group => 0; - "/var/lib/puppet/modules/virtual/openvpn/destroy_interface": - source => "puppet:///modules/virtual/destroy_openvpn_interface", - mode => 0755, owner => root, group => 0; - } -} - -define virtual::openvpn::host() { - include virtual::openvpn::host_base - exec { "mktun for ${name}": - command => "./MAKEDEV tun", - cwd => "/etc/vservers/${name}/vdir/dev", - creates => "/etc/vservers/${name}/vdir/dev/net/tun"; - } -} - -# this configures a specific tun interface for the given subnet -define virtual::openvpn::interface($subnet) { - # create and setup the interface if it doesn't exist already - # this is a "bit" coarse grained but works for me - ifupdown::manual { - $name: - up => "/var/lib/puppet/modules/virtual/openvpn/create_interface ${name} ${subnet}", - down => "/var/lib/puppet/modules/virtual/openvpn/destroy_interface ${name} ${subnet}" - } -} - -# actually setup the openvpn server within a vserver -define virtual::openvpn::server($config) { - include virtual::openvpn::base - file { - "/etc/openvpn/${name}.conf": - ensure => present, content => $config, - mode => 0644, owner => root, group => 0, - notify => Service['openvpn']; - } -} diff --git a/manifests/openvpn/base.pp b/manifests/openvpn/base.pp new file mode 100644 index 0000000..0342ca3 --- /dev/null +++ b/manifests/openvpn/base.pp @@ -0,0 +1,5 @@ +class virtual::openvpn::base { + include openvpn + include virtual + module_dir { "virtual/openvpn": } +} diff --git a/manifests/openvpn/host.pp b/manifests/openvpn/host.pp new file mode 100644 index 0000000..3d126db --- /dev/null +++ b/manifests/openvpn/host.pp @@ -0,0 +1,16 @@ +# openvpn.pp -- create a "virtual" OpenVPN Server within a vserver +# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at> +# See LICENSE for the full license granted to you. + +# configures the specified vserver for openvpn hosting +# see also http://oldwiki.linux-vserver.org/some_hints_from_john +# and http://linux-vserver.org/Frequently_Asked_Questions#Can_I_run_an_OpenVPN_Server_in_a_guest.3F + +define virtual::openvpn::host() { + include virtual::openvpn::host_base + exec { "mktun for ${name}": + command => "./MAKEDEV tun", + cwd => "/etc/vservers/${name}/vdir/dev", + creates => "/etc/vservers/${name}/vdir/dev/net/tun"; + } +} diff --git a/manifests/openvpn/host_base.pp b/manifests/openvpn/host_base.pp new file mode 100644 index 0000000..072a8a7 --- /dev/null +++ b/manifests/openvpn/host_base.pp @@ -0,0 +1,10 @@ +class virtual::openvpn::host_base inherits virtual::openvpn::base { + file { + "/var/lib/puppet/modules/virtual/openvpn/create_interface": + source => "puppet:///modules/virtual/create_openvpn_interface", + mode => 0755, owner => root, group => 0; + "/var/lib/puppet/modules/virtual/openvpn/destroy_interface": + source => "puppet:///modules/virtual/destroy_openvpn_interface", + mode => 0755, owner => root, group => 0; + } +} diff --git a/manifests/openvpn/interface.pp b/manifests/openvpn/interface.pp new file mode 100644 index 0000000..60c61e2 --- /dev/null +++ b/manifests/openvpn/interface.pp @@ -0,0 +1,10 @@ +# this configures a specific tun interface for the given subnet +define virtual::openvpn::interface($subnet) { + # create and setup the interface if it doesn't exist already + # this is a "bit" coarse grained but works for me + ifupdown::manual { + $name: + up => "/var/lib/puppet/modules/virtual/openvpn/create_interface ${name} ${subnet}", + down => "/var/lib/puppet/modules/virtual/openvpn/destroy_interface ${name} ${subnet}" + } +} diff --git a/manifests/openvpn/server.pp b/manifests/openvpn/server.pp new file mode 100644 index 0000000..b31f80b --- /dev/null +++ b/manifests/openvpn/server.pp @@ -0,0 +1,10 @@ +# actually setup the openvpn server within a vserver +define virtual::openvpn::server($config) { + include virtual::openvpn::base + file { + "/etc/openvpn/${name}.conf": + ensure => present, content => $config, + mode => 0644, owner => root, group => 0, + notify => Service['openvpn']; + } +} diff --git a/manifests/vserver.pp b/manifests/vserver.pp index 36a934a..991bebd 100644 --- a/manifests/vserver.pp +++ b/manifests/vserver.pp @@ -2,207 +2,18 @@ # Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at> # See LICENSE for the full license granted to you. -module_dir{ "virtual/contexts": } - -class vserver::host($vdirbase = "/var/lib/vservers") { - - # make sure we have the ability to query for lsbdistcodename - include lsb - - $utilvserver_version = $lsbdistcodename ? { - etch => "0.30.216~r2772-6~bpo40+1", - lenny => latest, - default => latest, - } - - package { - "util-vserver": - ensure => $utilvserver_version; - - debootstrap: - ensure => installed - } - - file { - "/etc/vservers": - ensure => directory, - require => Package["util-vserver"]; - - "/etc/vservers/local-interfaces": - ensure => directory, - mode => 0755, owner => root, group => root, - require => File["/etc/vservers"]; - - "/usr/local/bin/build_vserver": - source => "puppet:///modules/virtual/vserver/build_vserver", - mode => 0755, owner => root, group => root, - require => [ Package['util-vserver'], Package[debootstrap]]; - - "/etc/vservers/.defaults/vdirbase": - ensure => $vdirbase, - require => File[$vdirbase]; - - "$vdirbase": - ensure => directory, - mode => 000, owner => root, group => root; - - # perhaps we should use hashify. - # but i'm commenting this out until we learn how to properly use in case we want to use it. - #"/etc/cron.daily/vserver-hashify": - # source => "puppet:///virtual/hashify.cron.daily", - # mode => 0755, owner => root, group => root; - } - - # remove dummy interfaces on the host - line { modules_dummy: - file => "/etc/modules", - line => "^dummy", - ensure => absent, - } - - # Remove these dummy interfaces, they are annoying and we dont need them - file { - "/etc/modprobe.d/local-dummy": - ensure => absent, - mode => 0644, owner => root, group => root; - } - - # Setup some plugins if munin is enabled in the system - case $virtual_munin { - false: {} - default: { - file { - "/usr/local/share/munin-plugins/vserver_resources": - source => "puppet:///modules/virtual/munin/vserver_resources", - mode => 0755, owner => root, group => root; - - "/usr/local/share/munin-plugins/vserver_cpu_": - source => "puppet:///modules/virtual/munin/vserver_cpu_", - mode => 0755, owner => root, group => root; - - "/usr/local/share/munin-plugins/vserver_loadavg": - source => "puppet:///modules/virtual/munin/vserver_loadavg", - mode => 0755, owner => root, group => root; - } - } - } - - # Setup some plugins if munin is enabled in the system - case $virtual_munin { - false: {} - default: { - # This creates a load average graph combining the individual load averages of each vserver on the host - munin::plugin { - "vserver_loadavg": - config => "user root\n", - script_path_in => "/usr/local/share/munin-plugins"; - } - - # This creates a RSS graph for each vserver on the host (note after more than 4 vservers this can get noisy) - munin::plugin { - "vserver_resources_RSS": - ensure => "vserver_resources", - config => "user root\nenv.resource RSS", - script_path_in => "/usr/local/share/munin-plugins"; - } - - # This creates a VM graph for each vserver on the host (note after more than 4 vservers this can get noisy) - munin::plugin { - "vserver_resources_VM": - ensure => "vserver_resources", - config => "user root\nenv.resource VM", - script_path_in => "/usr/local/share/munin-plugins"; - } - - # This creates a VM graph for each vserver on the host (note after more than 4 vservers this can get noisy) - munin::plugin { - "vserver_cpu_": - config => "user root\n", - script_path_in => "/usr/local/share/munin-plugins"; - } - } - } -} - -define vs_create($in_domain, $context, $legacy = false, $distro = 'squeeze', - $debootstrap_mirror = 'http://cdn.debian.net/debian', - $hostname = false, $interface = false, - $memory_limit = false) { - $vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } } - $vs_hostname = $hostname ? { false => 'none', default => $hostname } - $vs_interface = $interface ? { false => 'none', default => $interface } - - case $vs_name { '': { fail ( "Cannot create VServer with empty name" ) } } - - case $legacy { - true: { - exec { "/bin/false # cannot create legacy vserver ${vs_name}": - creates => "/etc/vservers/${vs_name}", - alias => "vs_create_${vs_name}" - } - } - false: { - exec { "/usr/local/bin/build_vserver \"${vs_name}\" ${context} ${distro} ${debootstrap_mirror} ${vs_hostname} ${vs_interface} ${memory_limit}": - creates => "/etc/vservers/${vs_name}", - require => File["/usr/local/bin/build_vserver","/etc/vservers/.defaults/vdirbase"], - alias => "vs_create_${vs_name}", - # TODO: change when this is fixed: http://projects.puppetlabs.com/issues/4769 - timeout => $lsbdistcodename ? { "squeeze" => '31536000', # 1 year - default => '-1', }, - } - } - } - - file { "/etc/vservers/${vs_name}/rlimits": - ensure => directory, - mode => 0755, owner => root, group => root, - require => Exec["vs_create_${vs_name}"], - } - - case $memory_limit { - false: { - file { "/etc/vservers/${vs_name}/rlimits/rss.hard": - mode => 0644, owner => root, group => root, - ensure => absent, - } - - file { "/etc/vservers/${vs_name}/rlimits/rss.soft": - mode => 0644, owner => root, group => root, - ensure => absent, - } - - vs_cflags { "${vs_name}-virt_mem": - vserver => $vs_name, - flag => "virt_mem", - ensure => absent, - } - } - default: { - file { "/etc/vservers/${vs_name}/rlimits/rss.hard": - mode => 0644, owner => root, group => root, - content => template("virtual/rss.hard.erb"), - require => File["/etc/vservers/${vs_name}/rlimits"], - } - - file { "/etc/vservers/${vs_name}/rlimits/rss.soft": - mode => 0644, owner => root, group => root, - content => template("virtual/rss.soft.erb"), - require => File["/etc/vservers/${vs_name}/rlimits"], - } - - vs_cflags { "${vs_name}-virt_mem": - vserver => $vs_name, - flag => "virt_mem", - ensure => present, - require => Exec["vs_create_${vs_name}"], - } - } - } -} - # ensure: present, stopped, running -define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false, $distro = 'etch', - $hostname = false, $interface = false, $memory_limit = false) { +define virtual::vserver( + $context, + $ensure = present, + $in_domain = '', + $mark = '', + $legacy = false, + $distro = 'etch', + $hostname = false, + $interface = false, + $memory_limit = false +) { case $in_domain { '': {} default: { err("${fqdn}: vserver ${name} uses deprecated \$in_domain" ) } } @@ -215,79 +26,38 @@ define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false, $if_dir = "/etc/vservers/${vs_name}/interfaces" $mark_file = "/etc/vservers/${vs_name}/apps/init/mark" - # TODO: wasn't there a syntax for using arrays as case selectors?? - case $ensure { - present: { - vs_create{ $name: - in_domain => $in_domain, - context => $context, - legacy => $legacy, - distro => $distro, - hostname => $hostname, - interface => $interface, - memory_limit => $memory_limit, - } - } - running: { - vs_create{ $name: - in_domain => $in_domain, - context => $context, - legacy => $legacy, - distro => $distro, - hostname => $hostname, - interface => $interface, - memory_limit => $memory_limit, - } - } - stopped: { - vs_create{ $name: - in_domain => $in_domain, - context => $context, - legacy => $legacy, - distro => $distro, - hostname => $hostname, - interface => $interface, - memory_limit => $memory_limit, - } - } - delete: { - vs_create{ $name: - in_domain => $in_domain, - context => $context, - legacy => $legacy, - distro => $distro, - hostname => $hostname, - interface => $interface, - memory_limit => $memory_limit, - } - } - default: { - err("${fqdn}: vserver(${vs_name}): unknown ensure '${ensure}'") - } + virtual::vserver::instance { $name: + in_domain => $in_domain, + context => $context, + legacy => $legacy, + distro => $distro, + hostname => $hostname, + interface => $interface, + memory_limit => $memory_limit, } file { $if_dir: ensure => directory, checksum => mtime, - require => Exec["vs_create_${vs_name}"]; + require => Exec["vserver_instance_${vs_name}"]; } config_file { "/etc/vservers/${vs_name}/context": content => "${context}\n", - notify => Exec["vs_restart_${vs_name}"], - require => Exec["vs_create_${vs_name}"]; + notify => Exec["vs_restart_${vs_name}"], + require => Exec["vserver_instance_${vs_name}"]; # create illegal configuration, when two vservers have the same context # number "/var/lib/puppet/modules/virtual/contexts/${context}": content => "\n"; "/etc/vservers/${vs_name}/uts/nodename": content => "${nodename}\n", - notify => Exec["vs_restart_${vs_name}"], - require => Exec["vs_create_${vs_name}"]; + notify => Exec["vs_restart_${vs_name}"], + require => Exec["vserver_instance_${vs_name}"]; "/etc/vservers/${vs_name}/name": content => "${vs_name}\n", - require => Exec["vs_create_${vs_name}"]; + require => Exec["vserver_instance_${vs_name}"]; } # ensure a secure chroot barrier @@ -295,23 +65,23 @@ define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false, # http://linux-vserver.org/Secure_chroot_Barrier#Solution:_Secure_Barrier exec { "/usr/sbin/setattr --barrier /etc/vservers/${vs_name}/vdir/../": unless => "/usr/sbin/showattr /etc/vservers/${vs_name}/vdir/../ | grep -- '----Bui- /etc/vservers/${vs_name}/vdir/../$'", - require => Exec["vs_create_${vs_name}"], + require => Exec["vserver_instance_${vs_name}"], } case $ensure { present: { # don't start or stop the vserver, just make sure it exists, we just run a dummy status test here exec { "/usr/bin/test -e \$(readlink -f /etc/vservers/${vs_name}/vdir)": - require => Exec["vs_create_${vs_name}"], - alias => "vs_restart_${vs_name}", + require => Exec["vserver_instance_${vs_name}"], + alias => "vs_restart_${vs_name}", } } stopped: { exec { "/usr/sbin/vserver ${vs_name} stop": - onlyif => "/usr/bin/test -e \$(readlink -f /etc/vservers/${vs_name}/run || echo /doesntexist )", - require => Exec["vs_create_${vs_name}"], + onlyif => "/usr/bin/test -e \$(readlink -f /etc/vservers/${vs_name}/run || echo /doesntexist )", + require => Exec["vserver_instance_${vs_name}"], # fake the restart exec in the stopped case, so the dependencies are fulfilled - alias => "vs_restart_${vs_name}", + alias => "vs_restart_${vs_name}", } file { $mark_file: ensure => absent, } } @@ -322,14 +92,14 @@ define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false, } running: { exec { "/usr/sbin/vserver ${vs_name} start": - unless => "/usr/bin/test -e \$(readlink -f /etc/vservers/${vs_name}/run)", - require => [ Exec["vs_create_${vs_name}"], File["/etc/vservers/${vs_name}/context"] ], + unless => "/usr/bin/test -e \$(readlink -f /etc/vservers/${vs_name}/run)", + require => [ Exec["vserver_instance_${vs_name}"], File["/etc/vservers/${vs_name}/context"] ], } exec { "/usr/sbin/vserver ${vs_name} restart": refreshonly => true, - require => Exec["vs_create_${vs_name}"], - alias => "vs_restart_${vs_name}", - subscribe => File[$if_dir], + require => Exec["vserver_instance_${vs_name}"], + alias => "vs_restart_${vs_name}", + subscribe => File[$if_dir], } case $mark { @@ -340,330 +110,13 @@ define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false, default: { config_file { "/etc/vservers/${vs_name}/apps/init/mark": content => "${mark}\n", - require => Exec["vs_create_${vs_name}"], + require => Exec["vserver_instance_${vs_name}"], } } } } - } -} - -# Changing stuff with this define won't do much good, since it relies on -# restarting the vservers to do the work, which won't clean up orphaned -# interfaces -define vs_interface($prefix = 24, $dev = '') { - - file { - "/etc/vservers/local-interfaces/${name}": - ensure => directory, - mode => 0755, owner => root, group => root; - "/etc/vservers/local-interfaces/${name}/ip": - content => "${name}\n", - mode => 0644, owner => root, group => root; - "/etc/vservers/local-interfaces/${name}/prefix": - content => "${prefix}\n", - mode => 0644, owner => root, group => root; - } - - case $dev { - '': { - file { - "/etc/vservers/local-interfaces/${name}/nodev": - ensure => present, - mode => 0644, owner => root, group => root; - "/etc/vservers/local-interfaces/${name}/dev": - ensure => absent; - } - } - default: { - config_file { "/etc/vservers/local-interfaces/${name}/dev": content => $dev, } - file { "/etc/vservers/local-interfaces/${name}/nodev": ensure => absent, } - } - } -} - -define vs_ip($vserver, $ip, $ensure) { - err("$fqdn is using deprecated vs_ip instead of vs_ip_binding for $name") - vs_ip_binding { $name: vserver => $vserver, ip => $ip, ensure => $ensure } -} - -define vs_ip_binding($vserver, $ip, $ensure) { - case $ensure { - connected: { - file { "/etc/vservers/${vserver}/interfaces/${name}": - ensure => "/etc/vservers/local-interfaces/${ip}/", - require => [ File["/etc/vservers/local-interfaces/${ip}"], Exec["vs_create_${vserver}"] ], - notify => Exec["vs_restart_${vserver}"], - } - } - disconnected: { - file { "/etc/vservers/${vserver}/interfaces/${name}": - ensure => absent, - } - } - default: { - err( "${fqdn}: vs_ip: ${vserver} -> ${ip}: unknown ensure: '${ensure}'" ) - } - } -} - -define vs_sched($ensure = present, $fill_rate = '', $fill_rate2 = '', - $interval = '', $interval2 = '', $tokens_min = '', $tokens_max = '', - $tokens = '', $idle_time = false, $priority_bias = '') { - - file { "/etc/vservers/${name}/sched": - ensure => directory, - owner => root, - group => root, - mode => 0755, - } - - case $fill_rate { - '': { - file { "/etc/vservers/${name}/sched/fill-rate": - ensure => absent, - } - } - default: { - $set_fill_rate = "--fill-rate $fill_rate" - - file { "/etc/vservers/${name}/sched/fill-rate": - ensure => $ensure, - content => "$fill_rate\n", - require => File["/etc/vservers/${name}/sched"], - } - } - } - - case $fill_rate2 { - '': { - file { "/etc/vservers/${name}/sched/fill-rate2": - ensure => absent, - } - } - default: { - $set_fill_rate2 = "--fill-rate2 $fill_rate2" - - file { "/etc/vservers/${name}/sched/fill-rate2": - ensure => $ensure, - content => "$fill_rate2\n", - require => File["/etc/vservers/${name}/sched"], - } - } - } - - case $interval { - '': { - file { "/etc/vservers/${name}/sched/interval": - ensure => absent, - } - } - default: { - $set_interval = "--interval $interval" - - file { "/etc/vservers/${name}/sched/interval": - ensure => $ensure, - content => "$interval\n", - require => File["/etc/vservers/${name}/sched"], - } - } - } - - case $interval2 { - '': { - file { "/etc/vservers/${name}/sched/interval2": - ensure => absent, - } - } - default: { - $set_interval2 = "--interval2 $interval2" - - file { "/etc/vservers/${name}/sched/interval2": - ensure => $ensure, - content => "$interval2\n", - require => File["/etc/vservers/${name}/sched"], - } - } - } - - case $tokens_min { - '': { - file { "/etc/vservers/${name}/sched/tokens-min": - ensure => absent, - } - } - default: { - $set_tokens_min = "--tokens-min $tokens_min" - - file { "/etc/vservers/${name}/sched/tokens-min": - ensure => $ensure, - content => "$tokens_min\n", - require => File["/etc/vservers/${name}/sched"], - } - } - } - - case $tokens_max { - '': { - file { "/etc/vservers/${name}/sched/tokens-max": - ensure => absent, - } - } - default: { - $set_tokens_max = "--tokens-max $tokens_max" - - file { "/etc/vservers/${name}/sched/tokens-max": - ensure => $ensure, - content => "$tokens_max\n", - require => File["/etc/vservers/${name}/sched"], - } - } - } - - case $tokens { - '': { - file { "/etc/vservers/${name}/sched/tokens": - ensure => absent, - } - } - default: { - $set_tokens = "--tokens $tokens" - - file { "/etc/vservers/${name}/sched/tokens": - ensure => $ensure, - content => "$tokens\n", - require => File["/etc/vservers/${name}/sched"], - } - } - } - - case $priority_bias { - '': { - file { "/etc/vservers/${name}/sched/priority-bias": - ensure => absent, - } - } - default: { - $set_priority_bias = "--prio-bias $priority_bias" - - file { "/etc/vservers/${name}/sched/priority-bias": - ensure => $ensure, - content => "$priority_bias\n", - require => File["/etc/vservers/${name}/sched"], - } - } - } - - case $idle_time { - true: { - $set_idle_time = "--idle-time" - - file { "/etc/vservers/${name}/sched/idle-time": - ensure => $ensure, - } - } default: { - file { "/etc/vservers/${name}/sched/idle-time": - ensure => absent, - } + err("${fqdn}: vserver(${vs_name}): unknown ensure '${ensure}'") } } - - vs_cflags { "${name}-sched_hard": - vserver => $name, - flag => "sched_hard", - ensure => $ensure, - } - - vs_cflags { "${name}-sched_prio": - vserver => $name, - flag => "sched_prio", - ensure => $ensure, - } - - case $ensure { - present: { - - $vsched_params = "$set_fill_rate $set_fill_rate2 $set_interval $set_interval2 $set_tokens_min $set_tokens_max $set_tokens $set_idle_time $set_priority_bias" - - exec { "/usr/sbin/vsched --xid `cat /etc/vservers/$name/context` ${vsched_params} --force": - subscribe => File["/etc/vservers/$name/sched/fill-rate", "/etc/vservers/$name/sched/fill-rate2", - "/etc/vservers/$name/sched/interval", "/etc/vservers/$name/sched/interval2", - "/etc/vservers/$name/sched/tokens-min", "/etc/vservers/$name/sched/tokens-max", - "/etc/vservers/$name/sched/tokens", "/etc/vservers/$name/sched/idle-time"], - refreshonly => true, - require => Exec["vs_create_${name}"], - } - } - } -} - -define vs_cflags($vserver, $flag, $ensure = present) { - if ! defined(File["/etc/vservers/${vserver}/cflags"]) { - file { "/etc/vservers/${vserver}/cflags": - ensure => present, - } - } - - line {"vs_cflags-${vserver}-${flag}": - ensure => $ensure, - file => "/etc/vservers/${vserver}/cflags", - line => "${flag}", - require => Exec["vs_create_${vserver}"], - notify => Exec["vattribute-${vserver}-${flag}"], - } - - case $ensure { - present: { - exec { "/usr/sbin/vattribute-${vserver}-${flag}": - command => "vattribute --set --xid `cat /etc/vservers/$vserver/context` --flag ${flag}", - refreshonly => true, - require => Exec["vs_create_${vserver}"], - alias => "vattribute-${vserver}-${flag}", - } - } - default: { - exec { "/usr/sbin/vattribute-${vserver}-${flag}": - command => "vattribute --set --xid `cat /etc/vservers/$vserver/context` --flag ~${flag}", - refreshonly => true, - require => Exec["vs_create_${vserver}"], - alias => "vattribute-${vserver}-${flag}", - } - } - } -} - -define vs_rlimit($vserver, $limit, $soft = '', $hard = '', $min = '', $ensure = present) { - file { "/etc/vservers/${vserver}/rlimits/$limit.soft": - mode => 0644, owner => root, group => root, - content => "$soft\n", - ensure => $soft ? { - '' => absent, - default => $ensure, - }, - require => File["/etc/vservers/${vserver}/rlimits"], - notify => Exec["vs_restart_${vserver}"], - } - - file { "/etc/vservers/${vserver}/rlimits/$limit.hard": - mode => 0644, owner => root, group => root, - content => "$hard\n", - ensure => $hard ? { - '' => absent, - default => $ensure, - }, - require => File["/etc/vservers/${vserver}/rlimits"], - notify => Exec["vs_restart_${vserver}"], - } - - file { "/etc/vservers/${vserver}/rlimits/$limit.min": - mode => 0644, owner => root, group => root, - content => "$min\n", - ensure => $min? { - '' => absent, - default => $ensure, - }, - require => File["/etc/vservers/${vserver}/rlimits"], - notify => Exec["vs_restart_${vserver}"], - } } diff --git a/manifests/vserver/cflags.pp b/manifests/vserver/cflags.pp new file mode 100644 index 0000000..c6df50f --- /dev/null +++ b/manifests/vserver/cflags.pp @@ -0,0 +1,35 @@ +define virtual::vserver::cflags($vserver, $flag, $ensure = present) { + if ! defined(File["/etc/vservers/${vserver}/cflags"]) { + file { "/etc/vservers/${vserver}/cflags": + ensure => present, + } + } + + line {"vs_cflags-${vserver}-${flag}": + ensure => $ensure, + file => "/etc/vservers/${vserver}/cflags", + line => "${flag}", + require => Exec["vserver_instance_${vserver}"], + notify => Exec["vattribute-${vserver}-${flag}"], + } + + case $ensure { + present: { + exec { "/usr/sbin/vattribute-${vserver}-${flag}": + command => "vattribute --set --xid `cat /etc/vservers/$vserver/context` --flag ${flag}", + refreshonly => true, + require => Exec["vserver_instance_${vserver}"], + alias => "vattribute-${vserver}-${flag}", + } + } + default: { + exec { "/usr/sbin/vattribute-${vserver}-${flag}": + command => "vattribute --set --xid `cat /etc/vservers/$vserver/context` --flag ~${flag}", + refreshonly => true, + require => Exec["vserver_instance_${vserver}"], + alias => "vattribute-${vserver}-${flag}", + } + } + } +} + diff --git a/manifests/vserver/host.pp b/manifests/vserver/host.pp new file mode 100644 index 0000000..69718dd --- /dev/null +++ b/manifests/vserver/host.pp @@ -0,0 +1,134 @@ +class virtual::vserver::host($vdirbase = "/var/lib/vservers") { + include virtual + + module_dir{ "virtual/contexts": } + + # make sure we have the ability to query for lsbdistcodename + include lsb + + $utilvserver_version = $lsbdistcodename ? { + etch => "0.30.216~r2772-6~bpo40+1", + lenny => latest, + default => latest, + } + + package { + "util-vserver": + ensure => $utilvserver_version; + + debootstrap: + ensure => installed + } + + file { + "/etc/vservers": + ensure => directory, + require => Package["util-vserver"]; + + "/etc/vservers/local-interfaces": + ensure => directory, + mode => 0755, + owner => root, + group => root, + require => File["/etc/vservers"]; + + "/usr/local/bin/build_vserver": + source => "puppet:///modules/virtual/vserver/build_vserver", + mode => 0755, + owner => root, + group => root, + require => [ Package['util-vserver'], Package[debootstrap]]; + + "/etc/vservers/.defaults/vdirbase": + ensure => $vdirbase, + require => File[$vdirbase]; + + "$vdirbase": + ensure => directory, + mode => 000, + owner => root, + group => root; + + # perhaps we should use hashify. + # but i'm commenting this out until we learn how to properly use in case we want to use it. + #"/etc/cron.daily/vserver-hashify": + # source => "puppet:///virtual/hashify.cron.daily", + # mode => 0755, owner => root, group => root; + } + + # remove dummy interfaces on the host + line { modules_dummy: + file => "/etc/modules", + line => "^dummy", + ensure => absent, + } + + # Remove these dummy interfaces, they are annoying and we dont need them + file { + "/etc/modprobe.d/local-dummy": + ensure => absent, + mode => 0644, owner => root, group => root; + } + + # Setup some plugins if munin is enabled in the system + case $virtual_munin { + false: {} + default: { + file { + "/usr/local/share/munin-plugins/vserver_resources": + source => "puppet:///modules/virtual/munin/vserver_resources", + mode => 0755, + owner => root, + group => root; + + "/usr/local/share/munin-plugins/vserver_cpu_": + source => "puppet:///modules/virtual/munin/vserver_cpu_", + mode => 0755, + owner => root, + group => root; + + "/usr/local/share/munin-plugins/vserver_loadavg": + source => "puppet:///modules/virtual/munin/vserver_loadavg", + mode => 0755, + owner => root, + group => root; + } + } + } + + # Setup some plugins if munin is enabled in the system + case $virtual_munin { + false: {} + default: { + # This creates a load average graph combining the individual load averages of each vserver on the host + munin::plugin { + "vserver_loadavg": + config => "user root\n", + script_path_in => "/usr/local/share/munin-plugins"; + } + + # This creates a RSS graph for each vserver on the host (note after more than 4 vservers this can get noisy) + munin::plugin { + "vserver_resources_RSS": + ensure => "vserver_resources", + config => "user root\nenv.resource RSS", + script_path_in => "/usr/local/share/munin-plugins"; + } + + # This creates a VM graph for each vserver on the host (note after more than 4 vservers this can get noisy) + munin::plugin { + "vserver_resources_VM": + ensure => "vserver_resources", + config => "user root\nenv.resource VM", + script_path_in => "/usr/local/share/munin-plugins"; + } + + # This creates a VM graph for each vserver on the host (note after more than 4 vservers this can get noisy) + munin::plugin { + "vserver_cpu_": + config => "user root\n", + script_path_in => "/usr/local/share/munin-plugins"; + } + } + } +} diff --git a/manifests/vserver/instance.pp b/manifests/vserver/instance.pp new file mode 100644 index 0000000..3ec9130 --- /dev/null +++ b/manifests/vserver/instance.pp @@ -0,0 +1,89 @@ +define virtual::vserver::instance( + $in_domain, + $context, + $legacy = false, + $distro = 'jessie', + $debootstrap_mirror = 'http://cdn.debian.net/debian', + $hostname = false, + $interface = false, + $memory_limit = false +) { + $vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } } + $vs_hostname = $hostname ? { false => 'none', default => $hostname } + $vs_interface = $interface ? { false => 'none', default => $interface } + + case $vs_name { '': { fail ( "Cannot create VServer with empty name" ) } } + + case $legacy { + true: { + exec { "/bin/false # cannot create legacy vserver ${vs_name}": + creates => "/etc/vservers/${vs_name}", + alias => "vserver_instance_${vs_name}" + } + } + false: { + exec { "/usr/local/bin/build_vserver \"${vs_name}\" ${context} ${distro} ${debootstrap_mirror} ${vs_hostname} ${vs_interface} ${memory_limit}": + creates => "/etc/vservers/${vs_name}", + require => File["/usr/local/bin/build_vserver","/etc/vservers/.defaults/vdirbase"], + alias => "vserver_instance_${vs_name}", + # TODO: change when this is fixed: http://projects.puppetlabs.com/issues/4769 + timeout => $lsbdistcodename ? { + "squeeze" => '31536000', # 1 year + default => '-1', }, + } + } + } + + file { "/etc/vservers/${vs_name}/rlimits": + ensure => directory, + mode => 0755, + owner => root, + group => root, + require => Exec["vserver_instance_${vs_name}"], + } + + case $memory_limit { + false: { + file { "/etc/vservers/${vs_name}/rlimits/rss.hard": + mode => 0644, owner => root, group => root, + ensure => absent, + } + + file { "/etc/vservers/${vs_name}/rlimits/rss.soft": + mode => 0644, owner => root, group => root, + ensure => absent, + } + + virtual::vserver::cflags { "${vs_name}-virt_mem": + vserver => $vs_name, + flag => "virt_mem", + ensure => absent, + } + } + default: { + file { "/etc/vservers/${vs_name}/rlimits/rss.hard": + mode => 0644, + owner => root, + group => root, + content => template("virtual/rss.hard.erb"), + require => File["/etc/vservers/${vs_name}/rlimits"], + } + + file { "/etc/vservers/${vs_name}/rlimits/rss.soft": + mode => 0644, + owner => root, + group => root, + content => template("virtual/rss.soft.erb"), + require => File["/etc/vservers/${vs_name}/rlimits"], + } + + vs_cflags { "${vs_name}-virt_mem": + vserver => $vs_name, + flag => "virt_mem", + ensure => present, + require => Exec["vserver_instance_${vs_name}"], + } + } + } +} + diff --git a/manifests/vserver/interface.pp b/manifests/vserver/interface.pp new file mode 100644 index 0000000..82a2c9c --- /dev/null +++ b/manifests/vserver/interface.pp @@ -0,0 +1,46 @@ +# Changing stuff with this define won't do much good, since it relies on +# restarting the vservers to do the work, which won't clean up orphaned +# interfaces +define virtual::vserver::interface($prefix = 24, $dev = '') { + + file { + "/etc/vservers/local-interfaces/${name}": + ensure => directory, + mode => 0755, + owner => root, + group => root; + "/etc/vservers/local-interfaces/${name}/ip": + content => "${name}\n", + mode => 0644, + owner => root, + group => root; + "/etc/vservers/local-interfaces/${name}/prefix": + content => "${prefix}\n", + mode => 0644, + owner => root, + group => root; + } + + case $dev { + '': { + file { + "/etc/vservers/local-interfaces/${name}/nodev": + ensure => present, + mode => 0644, + owner => root, + group => root; + "/etc/vservers/local-interfaces/${name}/dev": + ensure => absent; + } + } + default: { + config_file { "/etc/vservers/local-interfaces/${name}/dev": + content => $dev, + } + + file { "/etc/vservers/local-interfaces/${name}/nodev": + ensure => absent, + } + } + } +} diff --git a/manifests/vserver/ip.pp b/manifests/vserver/ip.pp new file mode 100644 index 0000000..5a0d206 --- /dev/null +++ b/manifests/vserver/ip.pp @@ -0,0 +1,9 @@ +define virtual::vserver::ip($vserver, $ip, $ensure) { + err("$fqdn is using deprecated vs_ip instead of vs_ip_binding for $name") + + virtual::vserver::ip::binding { $name: + vserver => $vserver, + ip => $ip, + ensure => $ensure + } +} diff --git a/manifests/vserver/ip/binding.pp b/manifests/vserver/ip/binding.pp new file mode 100644 index 0000000..2489b69 --- /dev/null +++ b/manifests/vserver/ip/binding.pp @@ -0,0 +1,19 @@ +define virtual::vserver::ip::binding($vserver, $ip, $ensure) { + case $ensure { + connected: { + file { "/etc/vservers/${vserver}/interfaces/${name}": + ensure => "/etc/vservers/local-interfaces/${ip}/", + require => [ File["/etc/vservers/local-interfaces/${ip}"], Exec["vserver_instance_${vserver}"] ], + notify => Exec["vs_restart_${vserver}"], + } + } + disconnected: { + file { "/etc/vservers/${vserver}/interfaces/${name}": + ensure => absent, + } + } + default: { + err( "${fqdn}: vs_ip: ${vserver} -> ${ip}: unknown ensure: '${ensure}'" ) + } + } +} diff --git a/manifests/vserver/rlimit.pp b/manifests/vserver/rlimit.pp new file mode 100644 index 0000000..0218359 --- /dev/null +++ b/manifests/vserver/rlimit.pp @@ -0,0 +1,48 @@ +define virtual::vserver::rlimit( + $vserver, + $limit, + $soft = '', + $hard = '', + $min = '', + $ensure = present +) { + file { "/etc/vservers/${vserver}/rlimits/$limit.soft": + mode => 0644, + owner => root, + group => root, + content => "$soft\n", + ensure => $soft ? { + '' => absent, + default => $ensure, + }, + require => File["/etc/vservers/${vserver}/rlimits"], + notify => Exec["vs_restart_${vserver}"], + } + + file { "/etc/vservers/${vserver}/rlimits/$limit.hard": + mode => 0644, + owner => root, + group => root, + content => "$hard\n", + ensure => $hard ? { + '' => absent, + default => $ensure, + }, + require => File["/etc/vservers/${vserver}/rlimits"], + notify => Exec["vs_restart_${vserver}"], + } + + file { "/etc/vservers/${vserver}/rlimits/$limit.min": + mode => 0644, + owner => root, + group => root, + content => "$min\n", + ensure => $min? { + '' => absent, + default => $ensure, + }, + require => File["/etc/vservers/${vserver}/rlimits"], + notify => Exec["vs_restart_${vserver}"], + } +} + diff --git a/manifests/vserver/sched.pp b/manifests/vserver/sched.pp new file mode 100644 index 0000000..b0d12bd --- /dev/null +++ b/manifests/vserver/sched.pp @@ -0,0 +1,199 @@ +define virtual::vserver::sched( + $ensure = present, + $fill_rate = '', + $fill_rate2 = '', + $interval = '', + $interval2 = '', + $tokens_min = '', + $tokens_max = '', + $tokens = '', + $idle_time = false, + $priority_bias = '' +) { + + file { "/etc/vservers/${name}/sched": + ensure => directory, + owner => root, + group => root, + mode => 0755, + } + + case $fill_rate { + '': { + file { "/etc/vservers/${name}/sched/fill-rate": + ensure => absent, + } + } + default: { + $set_fill_rate = "--fill-rate $fill_rate" + + file { "/etc/vservers/${name}/sched/fill-rate": + ensure => $ensure, + content => "$fill_rate\n", + require => File["/etc/vservers/${name}/sched"], + } + } + } + + case $fill_rate2 { + '': { + file { "/etc/vservers/${name}/sched/fill-rate2": + ensure => absent, + } + } + default: { + $set_fill_rate2 = "--fill-rate2 $fill_rate2" + + file { "/etc/vservers/${name}/sched/fill-rate2": + ensure => $ensure, + content => "$fill_rate2\n", + require => File["/etc/vservers/${name}/sched"], + } + } + } + + case $interval { + '': { + file { "/etc/vservers/${name}/sched/interval": + ensure => absent, + } + } + default: { + $set_interval = "--interval $interval" + + file { "/etc/vservers/${name}/sched/interval": + ensure => $ensure, + content => "$interval\n", + require => File["/etc/vservers/${name}/sched"], + } + } + } + + case $interval2 { + '': { + file { "/etc/vservers/${name}/sched/interval2": + ensure => absent, + } + } + default: { + $set_interval2 = "--interval2 $interval2" + + file { "/etc/vservers/${name}/sched/interval2": + ensure => $ensure, + content => "$interval2\n", + require => File["/etc/vservers/${name}/sched"], + } + } + } + + case $tokens_min { + '': { + file { "/etc/vservers/${name}/sched/tokens-min": + ensure => absent, + } + } + default: { + $set_tokens_min = "--tokens-min $tokens_min" + + file { "/etc/vservers/${name}/sched/tokens-min": + ensure => $ensure, + content => "$tokens_min\n", + require => File["/etc/vservers/${name}/sched"], + } + } + } + + case $tokens_max { + '': { + file { "/etc/vservers/${name}/sched/tokens-max": + ensure => absent, + } + } + default: { + $set_tokens_max = "--tokens-max $tokens_max" + + file { "/etc/vservers/${name}/sched/tokens-max": + ensure => $ensure, + content => "$tokens_max\n", + require => File["/etc/vservers/${name}/sched"], + } + } + } + + case $tokens { + '': { + file { "/etc/vservers/${name}/sched/tokens": + ensure => absent, + } + } + default: { + $set_tokens = "--tokens $tokens" + + file { "/etc/vservers/${name}/sched/tokens": + ensure => $ensure, + content => "$tokens\n", + require => File["/etc/vservers/${name}/sched"], + } + } + } + + case $priority_bias { + '': { + file { "/etc/vservers/${name}/sched/priority-bias": + ensure => absent, + } + } + default: { + $set_priority_bias = "--prio-bias $priority_bias" + + file { "/etc/vservers/${name}/sched/priority-bias": + ensure => $ensure, + content => "$priority_bias\n", + require => File["/etc/vservers/${name}/sched"], + } + } + } + + case $idle_time { + true: { + $set_idle_time = "--idle-time" + + file { "/etc/vservers/${name}/sched/idle-time": + ensure => $ensure, + } + } + default: { + file { "/etc/vservers/${name}/sched/idle-time": + ensure => absent, + } + } + } + + virtual::vserver::cflags { "${name}-sched_hard": + vserver => $name, + flag => "sched_hard", + ensure => $ensure, + } + + virtual::vserver::cflags { "${name}-sched_prio": + vserver => $name, + flag => "sched_prio", + ensure => $ensure, + } + + case $ensure { + present: { + + $vsched_params = "$set_fill_rate $set_fill_rate2 $set_interval $set_interval2 $set_tokens_min $set_tokens_max $set_tokens $set_idle_time $set_priority_bias" + + exec { "/usr/sbin/vsched --xid `cat /etc/vservers/$name/context` ${vsched_params} --force": + subscribe => File["/etc/vservers/$name/sched/fill-rate", "/etc/vservers/$name/sched/fill-rate2", + "/etc/vservers/$name/sched/interval", "/etc/vservers/$name/sched/interval2", + "/etc/vservers/$name/sched/tokens-min", "/etc/vservers/$name/sched/tokens-max", + "/etc/vservers/$name/sched/tokens", "/etc/vservers/$name/sched/idle-time"], + refreshonly => true, + require => Exec["vserver_instance_${name}"], + } + } + } +} diff --git a/manifests/xen.pp b/manifests/xen.pp deleted file mode 100644 index 516a59c..0000000 --- a/manifests/xen.pp +++ /dev/null @@ -1,160 +0,0 @@ -# virtual/xen.pp -- XEN specifica -# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at> -# See LICENSE for the full license granted to you. - -class munin::plugins::xen { - munin::remoteplugin { - xen-multi: - source => "puppet:///modules/virtual/munin/xen_mem", - config => "user root", - ensure => absent; - xen_vm: - source => "puppet:///modules/virtual/munin/xen_vm", - config => "user root", - ensure => absent; - 'xen-multi': - source => 'puppet:///modules/virtual/munin/xen-multi', - config => 'user root'; - } -} - -class xen::domain { - case $operatingsystem { - debian: { include xen::domain::debian } - centos: { include xen::domain::centos } - default: { include xen::domain::base } - } -} - -class xen::domain::base { - service{ 'xend': - ensure => running, - enable => true, - hasstatus => false, - hasrestart => true, - } - - case $xen_domains { - '0': { info("No xen domains are running, so not configuring service xendomains") } - default: { - service{ 'xendomains': - ensure => running, - enable => true, - hasstatus => true, - } - } - } - - file{'/etc/xen/xend-config.sxp': - source => [ "puppet:///modules/site_virtual/xen/config/${fqdn}/config/xend-config.sxp", - "puppet:///modules/site_virtual/xen/config/${domain}/xend-config.sxp", - "puppet:///modules/site_virtual/xen/config/${operatingsystem}/xend-config.sxp", - "puppet:///modules/site_virtual/xen/config/${operatingsystem}/${lsbdistcodeename}/xend-config.sxp", - "puppet:///modules/site_virtual/xen/config/xend-config.sxp", - "puppet:///modules/virtual/xen/config/${operatingsystem}/xend-config.sxp", - "puppet:///modules/virtual/xen/config/xend-config.sxp" ], - notify => Service['xend'], - owner => root, group => 0, mode => 0644; - } -} - -class xen::domain::centos inherits xen::domain::base { - package{ 'kernel-xen': - ensure => present, - } - - Service[xend]{ - require => Package['kernel-xen'], - } - - file{'/etc/sysconfig/xend': - source => "puppet:///modules/virtual/xen/${operatingsystem}/sysconfig/xend", - notify => Service['xend'], - owner => root, group => 0, mode => 0644; - } - - file{'/etc/sysconfig/xendomains': - source => "puppet:///modules/virtual/xen/${operatingsystem}/sysconfig/xendomains", - owner => root, group => 0, mode => 0644; - } - - case $xen_domains { - '0': { info("No xen domains are running, so not configuring service xendomains") } - default: { - Service[xendomains]{ - require => Package['kernel-xen'], - } - File['/etc/sysconfig/xendomains']{ - notify => Service[xendomains] - } - } - } -} - -class xen::domain::debian inherits xen::domain::base { - case $lsbdistcodename { - "lenny": { - $xen_linux_system = $architecture ? { - amd64 => "xen-linux-system-2.6.26-2-xen-amd64", - i386 => "xen-linux-system-2.6.26-2-xen-686" - } - } - "squeeze": { - $xen_linux_system = $architecture ? { - /(amd64|x86_64)/ => "xen-linux-system-2.6.32-5-xen-amd64", - i386 => "xen-linux-system-2.6.32-5-xen-686" - } - } - } - - package { - "$xen_linux_system": - ensure => present, - alias => "xen-linux-system"; - } -} - - -class xen::dom0 inherits xen::domain { - case $operatingsystem { - debian: { include xen::dom0::debian } - centos: { include xen::dom0::centos } - default: { include xen::dom0::base } - } -} - -class xen::dom0::base {} - -class xen::dom0::centos inherits xen::dom0::base { - package{ [ "xen", "xen-libs"]: - ensure => present, - } -} - -class xen::dom0::debian inherits xen::dom0::base { - $real_xen_lvm = $xen_lvm ? { - '' => "vg_${hostname}0", - default => $xen_lvm, - } - case $lsbdistcodename { - lenny: { - package { - "xen-tools": - ensure => "4.1-1~bpo50+1", - } - } - squeeze: { - package { - "xen-tools": - ensure => installed; - } - } - } - - file { - "/etc/xen-tools/xen-tools.conf": - owner => root, group => 0, mode => 0644, - content => template("site_virtual/xen/${operatingsystem}/${lsbdistcodename}/xen-tools.conf.erb"), - require => Package['xen-tools']; - } -} diff --git a/manifests/xen/dom0.pp b/manifests/xen/dom0.pp new file mode 100644 index 0000000..2c51b56 --- /dev/null +++ b/manifests/xen/dom0.pp @@ -0,0 +1,7 @@ +class virtual::xen::dom0 inherits xen::domain { + case $operatingsystem { + debian: { include xen::dom0::debian } + centos: { include xen::dom0::centos } + default: { include xen::dom0::base } + } +} diff --git a/manifests/xen/dom0/base.pp b/manifests/xen/dom0/base.pp new file mode 100644 index 0000000..85411cf --- /dev/null +++ b/manifests/xen/dom0/base.pp @@ -0,0 +1 @@ +class virtual::xen::dom0::base {} diff --git a/manifests/xen/dom0/centos.pp b/manifests/xen/dom0/centos.pp new file mode 100644 index 0000000..f0fd14d --- /dev/null +++ b/manifests/xen/dom0/centos.pp @@ -0,0 +1,5 @@ +class virtual::xen::dom0::centos inherits xen::dom0::base { + package{ [ "xen", "xen-libs"]: + ensure => present, + } +} diff --git a/manifests/xen/dom0/debian.pp b/manifests/xen/dom0/debian.pp new file mode 100644 index 0000000..56ec52c --- /dev/null +++ b/manifests/xen/dom0/debian.pp @@ -0,0 +1,27 @@ +class virtual::xen::dom0::debian inherits xen::dom0::base { + $real_xen_lvm = $xen_lvm ? { + '' => "vg_${hostname}0", + default => $xen_lvm, + } + case $lsbdistcodename { + lenny: { + package { + "xen-tools": + ensure => "4.1-1~bpo50+1", + } + } + squeeze: { + package { + "xen-tools": + ensure => installed; + } + } + } + + file { + "/etc/xen-tools/xen-tools.conf": + owner => root, group => 0, mode => 0644, + content => template("site_virtual/xen/${operatingsystem}/${lsbdistcodename}/xen-tools.conf.erb"), + require => Package['xen-tools']; + } +} diff --git a/manifests/xen/domain.pp b/manifests/xen/domain.pp new file mode 100644 index 0000000..30a0fdf --- /dev/null +++ b/manifests/xen/domain.pp @@ -0,0 +1,12 @@ +# XEN specifica +# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at> +# See LICENSE for the full license granted to you. +class virtual::xen::domain { + include virtual + + case $operatingsystem { + debian: { include xen::domain::debian } + centos: { include xen::domain::centos } + default: { include xen::domain::base } + } +} diff --git a/manifests/xen/domain/base.pp b/manifests/xen/domain/base.pp new file mode 100644 index 0000000..c77becb --- /dev/null +++ b/manifests/xen/domain/base.pp @@ -0,0 +1,31 @@ +class virtual::xen::domain::base { + service{ 'xend': + ensure => running, + enable => true, + hasstatus => false, + hasrestart => true, + } + + case $xen_domains { + '0': { info("No xen domains are running, so not configuring service xendomains") } + default: { + service{ 'xendomains': + ensure => running, + enable => true, + hasstatus => true, + } + } + } + + file{'/etc/xen/xend-config.sxp': + source => [ "puppet:///modules/site_virtual/xen/config/${fqdn}/config/xend-config.sxp", + "puppet:///modules/site_virtual/xen/config/${domain}/xend-config.sxp", + "puppet:///modules/site_virtual/xen/config/${operatingsystem}/xend-config.sxp", + "puppet:///modules/site_virtual/xen/config/${operatingsystem}/${lsbdistcodeename}/xend-config.sxp", + "puppet:///modules/site_virtual/xen/config/xend-config.sxp", + "puppet:///modules/virtual/xen/config/${operatingsystem}/xend-config.sxp", + "puppet:///modules/virtual/xen/config/xend-config.sxp" ], + notify => Service['xend'], + owner => root, group => 0, mode => 0644; + } +} diff --git a/manifests/xen/domain/centos.pp b/manifests/xen/domain/centos.pp new file mode 100644 index 0000000..bd01338 --- /dev/null +++ b/manifests/xen/domain/centos.pp @@ -0,0 +1,32 @@ +class virtual::xen::domain::centos inherits xen::domain::base { + package{ 'kernel-xen': + ensure => present, + } + + Service[xend]{ + require => Package['kernel-xen'], + } + + file{'/etc/sysconfig/xend': + source => "puppet:///modules/virtual/xen/${operatingsystem}/sysconfig/xend", + notify => Service['xend'], + owner => root, group => 0, mode => 0644; + } + + file{'/etc/sysconfig/xendomains': + source => "puppet:///modules/virtual/xen/${operatingsystem}/sysconfig/xendomains", + owner => root, group => 0, mode => 0644; + } + + case $xen_domains { + '0': { info("No xen domains are running, so not configuring service xendomains") } + default: { + Service[xendomains]{ + require => Package['kernel-xen'], + } + File['/etc/sysconfig/xendomains']{ + notify => Service[xendomains] + } + } + } +} diff --git a/manifests/xen/domain/debian.pp b/manifests/xen/domain/debian.pp new file mode 100644 index 0000000..8c916c8 --- /dev/null +++ b/manifests/xen/domain/debian.pp @@ -0,0 +1,22 @@ +class virtual::xen::domain::debian inherits xen::domain::base { + case $lsbdistcodename { + "lenny": { + $xen_linux_system = $architecture ? { + amd64 => "xen-linux-system-2.6.26-2-xen-amd64", + i386 => "xen-linux-system-2.6.26-2-xen-686" + } + } + "squeeze": { + $xen_linux_system = $architecture ? { + /(amd64|x86_64)/ => "xen-linux-system-2.6.32-5-xen-amd64", + i386 => "xen-linux-system-2.6.32-5-xen-686" + } + } + } + + package { + "$xen_linux_system": + ensure => present, + alias => "xen-linux-system"; + } +} diff --git a/manifests/xen/munin/plugins.pp b/manifests/xen/munin/plugins.pp new file mode 100644 index 0000000..00982ce --- /dev/null +++ b/manifests/xen/munin/plugins.pp @@ -0,0 +1,15 @@ +class virtual::xen::munin::plugins { + munin::remoteplugin { + xen-multi: + source => "puppet:///modules/virtual/munin/xen_mem", + config => "user root", + ensure => absent; + xen_vm: + source => "puppet:///modules/virtual/munin/xen_vm", + config => "user root", + ensure => absent; + 'xen-multi': + source => 'puppet:///modules/virtual/munin/xen-multi', + config => 'user root'; + } +} |