1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
# virtual/vserver.pp -- manage vserver specifics
# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>
# See LICENSE for the full license granted to you.
# ensure: present, stopped, running
define virtual::vserver(
$context,
$ensure = present,
$in_domain = '',
$mark = '',
$legacy = false,
$distro = 'etch',
$hostname = false,
$interface = false,
$memory_limit = false
) {
case $in_domain { '': {}
default: { err("${fqdn}: vserver ${name} uses deprecated \$in_domain" ) }
}
$vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } }
case $vs_name { '': { fail ( "Cannot create VServer with empty name" ) } }
$nodename = $hostname ? { false => $vs_name, default => $hostname }
$if_dir = "/etc/vservers/${vs_name}/interfaces"
$mark_file = "/etc/vservers/${vs_name}/apps/init/mark"
virtual::vserver::instance { $name:
in_domain => $in_domain,
context => $context,
legacy => $legacy,
distro => $distro,
hostname => $hostname,
interface => $interface,
memory_limit => $memory_limit,
}
file {
$if_dir:
ensure => directory, checksum => mtime,
require => Exec["vserver_instance_${vs_name}"];
}
config_file {
"/etc/vservers/${vs_name}/context":
content => "${context}\n",
notify => Exec["vs_restart_${vs_name}"],
require => Exec["vserver_instance_${vs_name}"];
# create illegal configuration, when two vservers have the same context
# number
"/var/lib/puppet/modules/virtual/contexts/${context}":
content => "\n";
"/etc/vservers/${vs_name}/uts/nodename":
content => "${nodename}\n",
notify => Exec["vs_restart_${vs_name}"],
require => Exec["vserver_instance_${vs_name}"];
"/etc/vservers/${vs_name}/name":
content => "${vs_name}\n",
require => Exec["vserver_instance_${vs_name}"];
}
# ensure a secure chroot barrier
# we have to do it for each vserver, see
# http://linux-vserver.org/Secure_chroot_Barrier#Solution:_Secure_Barrier
exec { "/usr/sbin/setattr --barrier /etc/vservers/${vs_name}/vdir/../":
unless => "/usr/sbin/showattr /etc/vservers/${vs_name}/vdir/../ | grep -- '----Bui- /etc/vservers/${vs_name}/vdir/../$'",
require => Exec["vserver_instance_${vs_name}"],
}
case $ensure {
present: {
# don't start or stop the vserver, just make sure it exists, we just run a dummy status test here
exec { "/usr/bin/test -e \$(readlink -f /etc/vservers/${vs_name}/vdir)":
require => Exec["vserver_instance_${vs_name}"],
alias => "vs_restart_${vs_name}",
}
}
stopped: {
exec { "/usr/sbin/vserver ${vs_name} stop":
onlyif => "/usr/bin/test -e \$(readlink -f /etc/vservers/${vs_name}/run || echo /doesntexist )",
require => Exec["vserver_instance_${vs_name}"],
# fake the restart exec in the stopped case, so the dependencies are fulfilled
alias => "vs_restart_${vs_name}",
}
file { $mark_file: ensure => absent, }
}
delete: {
exec { "/usr/bin/yes | /usr/sbin/vserver ${vs_name} delete":
alias => "vs_restart_${vs_name}",
}
}
running: {
exec { "/usr/sbin/vserver ${vs_name} start":
unless => "/usr/bin/test -e \$(readlink -f /etc/vservers/${vs_name}/run)",
require => [ Exec["vserver_instance_${vs_name}"], File["/etc/vservers/${vs_name}/context"] ],
}
exec { "/usr/sbin/vserver ${vs_name} restart":
refreshonly => true,
require => Exec["vserver_instance_${vs_name}"],
alias => "vs_restart_${vs_name}",
subscribe => File[$if_dir],
}
case $mark {
'': {
err("${fqdn}: vserver ${vs_name} set to running, but won't be started on reboot without mark!")
file { $mark_file: ensure => absent, }
}
default: {
config_file { "/etc/vservers/${vs_name}/apps/init/mark":
content => "${mark}\n",
require => Exec["vserver_instance_${vs_name}"],
}
}
}
}
default: {
err("${fqdn}: vserver(${vs_name}): unknown ensure '${ensure}'")
}
}
}
|