From 0f35e2058fddc5aee3c41057ddec1844d2a80c4c Mon Sep 17 00:00:00 2001 From: Pietro Ferrari Date: Tue, 11 Nov 2008 18:26:57 +0000 Subject: move vserver related files to a vserver directory. dont't install puppet on a newly created vserver. fix identation of vserver.pp --- files/build_vserver | 34 ---- files/create_openvpn_interface | 10 - files/destroy_openvpn_interface | 9 - files/vserver/build_vserver | 36 ++++ files/vserver/create_openvpn_interface | 10 + files/vserver/destroy_openvpn_interface | 9 + manifests/vserver.pp | 347 ++++++++++++++++---------------- 7 files changed, 227 insertions(+), 228 deletions(-) delete mode 100755 files/build_vserver delete mode 100755 files/create_openvpn_interface delete mode 100755 files/destroy_openvpn_interface create mode 100644 files/vserver/build_vserver create mode 100755 files/vserver/create_openvpn_interface create mode 100755 files/vserver/destroy_openvpn_interface diff --git a/files/build_vserver b/files/build_vserver deleted file mode 100755 index 16f6528..0000000 --- a/files/build_vserver +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash - -NAME=$1 -CONTEXT=$2 -RELEASE = $3 -DEBOOTSTRAP_MIRROR = $4 -# create basic vserver -vserver $NAME build -m debootstrap -- -d $RELEASE -m $DEBOOTSTRAP_MIRROR - -# default settings -echo $NAME >/etc/vservers/$NAME/uts/nodename -echo $CONTEXT >/etc/vservers/$NAME/context - -# copy in some some defaults -TARGET=/etc/vservers/$NAME/vdir/ - -cp /etc/apt/{preferences,sources.list} $TARGET/etc/apt/ - -# this is needed so puppet can find the puppetmaster and creates the right -# certificate -grep -v $NAME /etc/hosts > $TARGET/etc/hosts -echo "127.0.0.1 $NAME" >> $TARGET/etc/hosts -mkdir -p $TARGET/var/lib/puppet/modules/dbp -cp /var/lib/puppet/modules/dbp/puppet_current.deb $TARGET/var/lib/puppet/modules/dbp/ - -# Setup is complete, now do the post-install stuff -vserver $NAME start -vserver $NAME exec dselect update -# install a few packages needed for facter -vserver $NAME exec apt-get -y install lsb-release iproute -vserver $NAME exec dpkg --install var/lib/puppet/modules/dbp/puppet_current.deb -vserver $NAME exec apt-get -fy install - -echo "Please sign now: puppetca --sign $NAME" >&2 diff --git a/files/create_openvpn_interface b/files/create_openvpn_interface deleted file mode 100755 index 87d9144..0000000 --- a/files/create_openvpn_interface +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -DEV="$1" -SUBNET="$2" - -openvpn --mktun --dev "$DEV" -ip link set dev "$DEV" txqueuelen 100 -ifconfig "$DEV" "$SUBNET".1 pointopoint "$SUBNET".2 mtu 1500 -route add -net "$SUBNET".0 netmask 255.255.255.0 gw "$SUBNET".2 - diff --git a/files/destroy_openvpn_interface b/files/destroy_openvpn_interface deleted file mode 100755 index aa89ed4..0000000 --- a/files/destroy_openvpn_interface +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -DEV="$1" -SUBNET="$2" - -route del -net "$SUBNET".0 netmask 255.255.255.0 gw "$SUBNET".2 -ifconfig "$DEV" down -openvpn --rmtun --dev "$DEV" - diff --git a/files/vserver/build_vserver b/files/vserver/build_vserver new file mode 100644 index 0000000..0f0cea7 --- /dev/null +++ b/files/vserver/build_vserver @@ -0,0 +1,36 @@ +#!/bin/bash + +NAME=$1 +CONTEXT=$2 +RELEASE = $3 +DEBOOTSTRAP_MIRROR = $4 +# create basic vserver +vserver $NAME build -m debootstrap -- -d $RELEASE -m $DEBOOTSTRAP_MIRROR + +# default settings +echo $NAME >/etc/vservers/$NAME/uts/nodename +echo $CONTEXT >/etc/vservers/$NAME/context + +# copy in some some defaults +TARGET=/etc/vservers/$NAME/vdir/ + +cp /etc/apt/{preferences,sources.list} $TARGET/etc/apt/ + +# this is needed so puppet can find the puppetmaster and creates the right +# certificate +grep -v $NAME /etc/hosts > $TARGET/etc/hosts +echo "127.0.0.1 $NAME" >> $TARGET/etc/hosts +#mkdir -p $TARGET/var/lib/puppet/modules/dbp +#cp /var/lib/puppet/modules/dbp/puppet_current.deb $TARGET/var/lib/puppet/modules/dbp/ + +# Setup is complete, now do the post-install stuff +vserver $NAME start +vserver $NAME exec dselect update +# install a few packages needed for facter +vserver $NAME exec apt-get -y install lsb-release iproute +#vserver $NAME exec dpkg --install var/lib/puppet/modules/dbp/puppet_current.deb +#vserver $NAME exec apt-get -fy install + +#echo "Please sign now: puppetca --sign $NAME" >&2 + +echo "VServer $NAME created" diff --git a/files/vserver/create_openvpn_interface b/files/vserver/create_openvpn_interface new file mode 100755 index 0000000..87d9144 --- /dev/null +++ b/files/vserver/create_openvpn_interface @@ -0,0 +1,10 @@ +#!/bin/bash + +DEV="$1" +SUBNET="$2" + +openvpn --mktun --dev "$DEV" +ip link set dev "$DEV" txqueuelen 100 +ifconfig "$DEV" "$SUBNET".1 pointopoint "$SUBNET".2 mtu 1500 +route add -net "$SUBNET".0 netmask 255.255.255.0 gw "$SUBNET".2 + diff --git a/files/vserver/destroy_openvpn_interface b/files/vserver/destroy_openvpn_interface new file mode 100755 index 0000000..aa89ed4 --- /dev/null +++ b/files/vserver/destroy_openvpn_interface @@ -0,0 +1,9 @@ +#!/bin/bash + +DEV="$1" +SUBNET="$2" + +route del -net "$SUBNET".0 netmask 255.255.255.0 gw "$SUBNET".2 +ifconfig "$DEV" down +openvpn --rmtun --dev "$DEV" + diff --git a/manifests/vserver.pp b/manifests/vserver.pp index 18f5804..5ab85f4 100644 --- a/manifests/vserver.pp +++ b/manifests/vserver.pp @@ -18,157 +18,154 @@ class vserver::host { package { "util-vserver": ensure => $utilvserver_version; - + debootstrap: ensure => installed } - + file { "/etc/vservers": ensure => directory, require => Package["util-vserver"]; - + "/etc/vservers/local-interfaces/": ensure => directory, mode => 0755, owner => root, group => root, require => File["/etc/vservers"]; } - file { - "/usr/local/bin/build_vserver": - source => "puppet://$server/virtual/build_vserver", - mode => 0755, owner => root, group => root, - require => [ Package['util-vserver'], Package[debootstrap], - # this comes from dbp module and is the most current puppet deb - File["/var/lib/puppet/modules/dbp/puppet_current.deb"] ]; - "/etc/vservers/local-interfaces": - ensure => directory, - mode => 0755, owner => root, group => root; - "/etc/cron.daily/vserver-hashify": - source => "puppet://$server/virtual/hashify.cron.daily", - mode => 0755, owner => root, group => root; - } - + file { + "/usr/local/bin/build_vserver": + source => "puppet://$server/virtual/build_vserver", + mode => 0755, owner => root, group => root, + require => [ Package['util-vserver'], Package[debootstrap]]; + + "/etc/vservers/local-interfaces": + ensure => directory, + mode => 0755, owner => root, group => root; + + "/etc/cron.daily/vserver-hashify": + source => "puppet://$server/virtual/hashify.cron.daily", + mode => 0755, owner => root, group => root; + } } define vs_create($in_domain, $context, $legacy = false, $distro = 'etch', $debootstrap_mirror = 'http://ftp.debian.org/debian') { - $vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } } - - case $vs_name { '': { fail ( "Cannot create VServer with empty name" ) } } - - case $legacy { - true: { - exec { "/bin/false # cannot create legacy vserver ${vs_name}": - creates => "/etc/vservers/${vs_name}", - alias => "vs_create_${vs_name}" - } - } - false: { - exec { "/usr/local/bin/build_vserver \"${vs_name}\" ${context} ${distro} ${debootstrap_mirror}": - creates => "/etc/vservers/${vs_name}", - require => File["/usr/local/bin/build_vserver"], - alias => "vs_create_${vs_name}" - } - } - } + $vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } } + + case $vs_name { '': { fail ( "Cannot create VServer with empty name" ) } } + + case $legacy { + true: { + exec { "/bin/false # cannot create legacy vserver ${vs_name}": + creates => "/etc/vservers/${vs_name}", + alias => "vs_create_${vs_name}" + } + } + false: { + exec { "/usr/local/bin/build_vserver \"${vs_name}\" ${context} ${distro} ${debootstrap_mirror}": + creates => "/etc/vservers/${vs_name}", + require => File["/usr/local/bin/build_vserver"], + alias => "vs_create_${vs_name}" + } + } + } } - # ensure: present, stopped, running define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false, $distro = 'etch') { - case $in_domain { '': {} - default: { err("${fqdn}: vserver ${name} uses deprecated \$in_domain" ) } - } - $vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } } - case $vs_name { '': { fail ( "Cannot create VServer with empty name" ) } } - - $if_dir = "/etc/vservers/${vs_name}/interfaces" - $mark_file = "/etc/vservers/${vs_name}/apps/init/mark" - - # TODO: wasn't there a syntax for using arrays as case selectors?? - case $ensure { - present: { vs_create{$name: in_domain => $in_domain, context => $context, legacy => $legacy, distro => $distro, } } - running: { vs_create{$name: in_domain => $in_domain, context => $context, legacy => $legacy, distro => $distro, } } - stopped: { vs_create{$name: in_domain => $in_domain, context => $context, legacy => $legacy, distro => $distro, } } + case $in_domain { '': {} + default: { err("${fqdn}: vserver ${name} uses deprecated \$in_domain" ) } + } + + $vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } } + + case $vs_name { '': { fail ( "Cannot create VServer with empty name" ) } } + + $if_dir = "/etc/vservers/${vs_name}/interfaces" + $mark_file = "/etc/vservers/${vs_name}/apps/init/mark" + + # TODO: wasn't there a syntax for using arrays as case selectors?? + case $ensure { + present: { vs_create{$name: in_domain => $in_domain, context => $context, legacy => $legacy, distro => $distro, } } + running: { vs_create{$name: in_domain => $in_domain, context => $context, legacy => $legacy, distro => $distro, } } + stopped: { vs_create{$name: in_domain => $in_domain, context => $context, legacy => $legacy, distro => $distro, } } delete: { vs_create{$name: in_domain => $in_domain, context => $context, legacy => $legacy, distro => $distro, } } - default: { err("${fqdn}: vserver(${vs_name}): unknown ensure '${ensure}'") } - } - - file { - $if_dir: - ensure => directory, checksum => mtime, - require => Exec["vs_create_${vs_name}"]; - } - - config_file { - "/etc/vservers/${vs_name}/context": - content => "${context}\n", - notify => Exec["vs_restart_${vs_name}"], - require => Exec["vs_create_${vs_name}"]; - # create illegal configuration, when two vservers have the same context - # number - "/var/lib/puppet/modules/virtual/contexts/${context}": - content => "\n"; - "/etc/vservers/${vs_name}/uts/nodename": - content => "${vs_name}\n", - notify => Exec["vs_restart_${vs_name}"], - require => Exec["vs_create_${vs_name}"]; - "/etc/vservers/${vs_name}/name": - content => "${vs_name}\n", - require => Exec["vs_create_${vs_name}"]; - } - - case $ensure { - present: { - # don't start or stop the vserver, just make sure it exists, we just run a dummy status test here - exec { "test -e \$(readlink -f /etc/vservers/${vs_name}/vdir)": - require => Exec["vs_create_${vs_name}"], - alias => "vs_restart_${vs_name}", - } - } - stopped: { - exec { "vserver ${vs_name} stop": - onlyif => "test -e \$(readlink -f /etc/vservers/${vs_name}/run || echo /doesntexist )", - require => Exec["vs_create_${vs_name}"], - # fake the restart exec in the stopped case, so the dependencies are fulfilled - alias => "vs_restart_${vs_name}", - } - file { $mark_file: ensure => absent, } - } - - delete: { - exec { "/usr/bin/yes | vserver ${vs_name} delete": - alias => "vs_restart_${vs_name}", - } - } - running: { - exec { "vserver ${vs_name} start": - unless => "test -e \$(readlink -f /etc/vservers/${vs_name}/run)", - require => [ Exec["vs_create_${vs_name}"], File["/etc/vservers/${vs_name}/context"] ] - } - - exec { "vserver ${vs_name} restart": - refreshonly => true, - require => Exec["vs_create_${vs_name}"], - alias => "vs_restart_${vs_name}", - subscribe => File[$if_dir], - } - - case $mark { - '': { - err("${fqdn}: vserver ${vs_name} set to running, but won't be started on reboot without mark!") - file { $mark_file: ensure => absent, } - } - default: { - config_file { "/etc/vservers/${vs_name}/apps/init/mark": - content => "${mark}\n", - require => Exec["vs_create_${vs_name}"], - } - } - } - } - } + default: { err("${fqdn}: vserver(${vs_name}): unknown ensure '${ensure}'") } + } + + file { + $if_dir: + ensure => directory, checksum => mtime, + require => Exec["vs_create_${vs_name}"]; + } + + config_file { + "/etc/vservers/${vs_name}/context": + content => "${context}\n", + notify => Exec["vs_restart_${vs_name}"], + require => Exec["vs_create_${vs_name}"]; + # create illegal configuration, when two vservers have the same context + # number + "/var/lib/puppet/modules/virtual/contexts/${context}": + content => "\n"; + "/etc/vservers/${vs_name}/uts/nodename": + content => "${vs_name}\n", + notify => Exec["vs_restart_${vs_name}"], + require => Exec["vs_create_${vs_name}"]; + "/etc/vservers/${vs_name}/name": + content => "${vs_name}\n", + require => Exec["vs_create_${vs_name}"]; + } + case $ensure { + present: { + # don't start or stop the vserver, just make sure it exists, we just run a dummy status test here + exec { "test -e \$(readlink -f /etc/vservers/${vs_name}/vdir)": + require => Exec["vs_create_${vs_name}"], + alias => "vs_restart_${vs_name}", + } + } + stopped: { + exec { "vserver ${vs_name} stop": + onlyif => "test -e \$(readlink -f /etc/vservers/${vs_name}/run || echo /doesntexist )", + require => Exec["vs_create_${vs_name}"], + # fake the restart exec in the stopped case, so the dependencies are fulfilled + alias => "vs_restart_${vs_name}", + } + file { $mark_file: ensure => absent, } + } + delete: { + exec { "/usr/bin/yes | vserver ${vs_name} delete": + alias => "vs_restart_${vs_name}", + } + } + running: { + exec { "vserver ${vs_name} start": + unless => "test -e \$(readlink -f /etc/vservers/${vs_name}/run)", + require => [ Exec["vs_create_${vs_name}"], File["/etc/vservers/${vs_name}/context"] ] + } + exec { "vserver ${vs_name} restart": + refreshonly => true, + require => Exec["vs_create_${vs_name}"], + alias => "vs_restart_${vs_name}", + subscribe => File[$if_dir], + } + + case $mark { + '': { + err("${fqdn}: vserver ${vs_name} set to running, but won't be started on reboot without mark!") + file { $mark_file: ensure => absent, } + } + default: { + config_file { "/etc/vservers/${vs_name}/apps/init/mark": + content => "${mark}\n", + require => Exec["vs_create_${vs_name}"], + } + } + } + } + } } # Changing stuff with this define won't do much good, since it relies on @@ -176,56 +173,56 @@ define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false, # interfaces define vs_interface($prefix = 24, $dev = '') { - file { - "/etc/vservers/local-interfaces/${name}": - ensure => directory, - mode => 0755, owner => root, group => root; - "/etc/vservers/local-interfaces/${name}/ip": - content => "${name}\n", - mode => 0644, owner => root, group => root; - "/etc/vservers/local-interfaces/${name}/prefix": - content => "${prefix}\n", - mode => 0644, owner => root, group => root; - } - - case $dev { - '': { - file { - "/etc/vservers/local-interfaces/${name}/nodev": - ensure => present, - mode => 0644, owner => root, group => root; - "/etc/vservers/local-interfaces/${name}/dev": - ensure => absent; - } - } - default: { - config_file { "/etc/vservers/local-interfaces/${name}/dev": content => $dev, } - file { "/etc/vservers/local-interfaces/${name}/nodev": ensure => absent, } - } - } + file { + "/etc/vservers/local-interfaces/${name}": + ensure => directory, + mode => 0755, owner => root, group => root; + "/etc/vservers/local-interfaces/${name}/ip": + content => "${name}\n", + mode => 0644, owner => root, group => root; + "/etc/vservers/local-interfaces/${name}/prefix": + content => "${prefix}\n", + mode => 0644, owner => root, group => root; + } + + case $dev { + '': { + file { + "/etc/vservers/local-interfaces/${name}/nodev": + ensure => present, + mode => 0644, owner => root, group => root; + "/etc/vservers/local-interfaces/${name}/dev": + ensure => absent; + } + } + default: { + config_file { "/etc/vservers/local-interfaces/${name}/dev": content => $dev, } + file { "/etc/vservers/local-interfaces/${name}/nodev": ensure => absent, } + } + } } define vs_ip($vserver, $ip, $ensure) { - err("$fqdn is using deprecated vs_ip instead of vs_ip_binding for $name") - vs_ip_binding { $name: vserver => $vserver, ip => $ip, ensure => $ensure } + err("$fqdn is using deprecated vs_ip instead of vs_ip_binding for $name") + vs_ip_binding { $name: vserver => $vserver, ip => $ip, ensure => $ensure } } define vs_ip_binding($vserver, $ip, $ensure) { - case $ensure { - connected: { - file { "/etc/vservers/${vserver}/interfaces/${name}": - ensure => "/etc/vservers/local-interfaces/${ip}/", - require => [ File["/etc/vservers/local-interfaces/${ip}"], Exec["vs_create_${vserver}"] ], - notify => Exec["vs_restart_${vserver}"], - } - } - disconnected: { - file { "/etc/vservers/${vserver}/interfaces/${name}": - ensure => absent, - } - } - default: { - err( "${fqdn}: vs_ip: ${vserver} -> ${ip}: unknown ensure: '${ensure}'" ) - } - } + case $ensure { + connected: { + file { "/etc/vservers/${vserver}/interfaces/${name}": + ensure => "/etc/vservers/local-interfaces/${ip}/", + require => [ File["/etc/vservers/local-interfaces/${ip}"], Exec["vs_create_${vserver}"] ], + notify => Exec["vs_restart_${vserver}"], + } + } + disconnected: { + file { "/etc/vservers/${vserver}/interfaces/${name}": + ensure => absent, + } + } + default: { + err( "${fqdn}: vs_ip: ${vserver} -> ${ip}: unknown ensure: '${ensure}'" ) + } + } } -- cgit v1.2.3