# virtual/vserver.pp -- manage vserver specifics # Copyright (C) 2007 David Schmitt # See LICENSE for the full license granted to you. # ensure: present, stopped, running define virtual::vserver( $context, $ensure = present, $in_domain = '', $mark = '', $legacy = false, $distro = 'etch', $hostname = false, $interface = false, $memory_limit = false ) { case $in_domain { '': {} default: { err("${fqdn}: vserver ${name} uses deprecated \$in_domain" ) } } $vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } } case $vs_name { '': { fail ( "Cannot create VServer with empty name" ) } } $nodename = $hostname ? { false => $vs_name, default => $hostname } $if_dir = "/etc/vservers/${vs_name}/interfaces" $mark_file = "/etc/vservers/${vs_name}/apps/init/mark" virtual::vserver::instance { $name: in_domain => $in_domain, context => $context, legacy => $legacy, distro => $distro, hostname => $hostname, interface => $interface, memory_limit => $memory_limit, } file { $if_dir: ensure => directory, checksum => mtime, require => Exec["vserver_instance_${vs_name}"]; } config_file { "/etc/vservers/${vs_name}/context": content => "${context}\n", notify => Exec["vs_restart_${vs_name}"], require => Exec["vserver_instance_${vs_name}"]; # create illegal configuration, when two vservers have the same context # number "/var/lib/puppet/modules/virtual/contexts/${context}": content => "\n"; "/etc/vservers/${vs_name}/uts/nodename": content => "${nodename}\n", notify => Exec["vs_restart_${vs_name}"], require => Exec["vserver_instance_${vs_name}"]; "/etc/vservers/${vs_name}/name": content => "${vs_name}\n", require => Exec["vserver_instance_${vs_name}"]; } # ensure a secure chroot barrier # we have to do it for each vserver, see # http://linux-vserver.org/Secure_chroot_Barrier#Solution:_Secure_Barrier exec { "/usr/sbin/setattr --barrier /etc/vservers/${vs_name}/vdir/../": unless => "/usr/sbin/showattr /etc/vservers/${vs_name}/vdir/../ | grep -- '----Bui- /etc/vservers/${vs_name}/vdir/../$'", require => Exec["vserver_instance_${vs_name}"], } case $ensure { present: { # don't start or stop the vserver, just make sure it exists, we just run a dummy status test here exec { "/usr/bin/test -e \$(readlink -f /etc/vservers/${vs_name}/vdir)": require => Exec["vserver_instance_${vs_name}"], alias => "vs_restart_${vs_name}", } } stopped: { exec { "/usr/sbin/vserver ${vs_name} stop": onlyif => "/usr/bin/test -e \$(readlink -f /etc/vservers/${vs_name}/run || echo /doesntexist )", require => Exec["vserver_instance_${vs_name}"], # fake the restart exec in the stopped case, so the dependencies are fulfilled alias => "vs_restart_${vs_name}", } file { $mark_file: ensure => absent, } } delete: { exec { "/usr/bin/yes | /usr/sbin/vserver ${vs_name} delete": alias => "vs_restart_${vs_name}", } } running: { exec { "/usr/sbin/vserver ${vs_name} start": unless => "/usr/bin/test -e \$(readlink -f /etc/vservers/${vs_name}/run)", require => [ Exec["vserver_instance_${vs_name}"], File["/etc/vservers/${vs_name}/context"] ], } exec { "/usr/sbin/vserver ${vs_name} restart": refreshonly => true, require => Exec["vserver_instance_${vs_name}"], alias => "vs_restart_${vs_name}", subscribe => File[$if_dir], } case $mark { '': { err("${fqdn}: vserver ${vs_name} set to running, but won't be started on reboot without mark!") file { $mark_file: ensure => absent, } } default: { config_file { "/etc/vservers/${vs_name}/apps/init/mark": content => "${mark}\n", require => Exec["vserver_instance_${vs_name}"], } } } } default: { err("${fqdn}: vserver(${vs_name}): unknown ensure '${ensure}'") } } }