1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
# virtual/vserver.pp -- manage vserver specifics
# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>
# See LICENSE for the full license granted to you.
# ensure: present, stopped, running
define virtual::vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false, $distro = 'etch',
$hostname = false, $interface = false, $memory_limit = false) {
case $in_domain { '': {}
default: { err("${fqdn}: vserver ${name} uses deprecated \$in_domain" ) }
}
$vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } }
case $vs_name { '': { fail ( "Cannot create VServer with empty name" ) } }
$nodename = $hostname ? { false => $vs_name, default => $hostname }
$if_dir = "/etc/vservers/${vs_name}/interfaces"
$mark_file = "/etc/vservers/${vs_name}/apps/init/mark"
# TODO: wasn't there a syntax for using arrays as case selectors??
case $ensure {
present: {
virtual::vserver::create { $name:
in_domain => $in_domain,
context => $context,
legacy => $legacy,
distro => $distro,
hostname => $hostname,
interface => $interface,
memory_limit => $memory_limit,
}
}
running: {
virtual::vserver::create { $name:
in_domain => $in_domain,
context => $context,
legacy => $legacy,
distro => $distro,
hostname => $hostname,
interface => $interface,
memory_limit => $memory_limit,
}
}
stopped: {
virtual::vserver::create { $name:
in_domain => $in_domain,
context => $context,
legacy => $legacy,
distro => $distro,
hostname => $hostname,
interface => $interface,
memory_limit => $memory_limit,
}
}
delete: {
virtual::vserver::create { $name:
in_domain => $in_domain,
context => $context,
legacy => $legacy,
distro => $distro,
hostname => $hostname,
interface => $interface,
memory_limit => $memory_limit,
}
}
default: {
err("${fqdn}: vserver(${vs_name}): unknown ensure '${ensure}'")
}
}
file {
$if_dir:
ensure => directory, checksum => mtime,
require => Exec["vs_create_${vs_name}"];
}
config_file {
"/etc/vservers/${vs_name}/context":
content => "${context}\n",
notify => Exec["vs_restart_${vs_name}"],
require => Exec["vs_create_${vs_name}"];
# create illegal configuration, when two vservers have the same context
# number
"/var/lib/puppet/modules/virtual/contexts/${context}":
content => "\n";
"/etc/vservers/${vs_name}/uts/nodename":
content => "${nodename}\n",
notify => Exec["vs_restart_${vs_name}"],
require => Exec["vs_create_${vs_name}"];
"/etc/vservers/${vs_name}/name":
content => "${vs_name}\n",
require => Exec["vs_create_${vs_name}"];
}
# ensure a secure chroot barrier
# we have to do it for each vserver, see
# http://linux-vserver.org/Secure_chroot_Barrier#Solution:_Secure_Barrier
exec { "/usr/sbin/setattr --barrier /etc/vservers/${vs_name}/vdir/../":
unless => "/usr/sbin/showattr /etc/vservers/${vs_name}/vdir/../ | grep -- '----Bui- /etc/vservers/${vs_name}/vdir/../$'",
require => Exec["vs_create_${vs_name}"],
}
case $ensure {
present: {
# don't start or stop the vserver, just make sure it exists, we just run a dummy status test here
exec { "/usr/bin/test -e \$(readlink -f /etc/vservers/${vs_name}/vdir)":
require => Exec["vs_create_${vs_name}"],
alias => "vs_restart_${vs_name}",
}
}
stopped: {
exec { "/usr/sbin/vserver ${vs_name} stop":
onlyif => "/usr/bin/test -e \$(readlink -f /etc/vservers/${vs_name}/run || echo /doesntexist )",
require => Exec["vs_create_${vs_name}"],
# fake the restart exec in the stopped case, so the dependencies are fulfilled
alias => "vs_restart_${vs_name}",
}
file { $mark_file: ensure => absent, }
}
delete: {
exec { "/usr/bin/yes | /usr/sbin/vserver ${vs_name} delete":
alias => "vs_restart_${vs_name}",
}
}
running: {
exec { "/usr/sbin/vserver ${vs_name} start":
unless => "/usr/bin/test -e \$(readlink -f /etc/vservers/${vs_name}/run)",
require => [ Exec["vs_create_${vs_name}"], File["/etc/vservers/${vs_name}/context"] ],
}
exec { "/usr/sbin/vserver ${vs_name} restart":
refreshonly => true,
require => Exec["vs_create_${vs_name}"],
alias => "vs_restart_${vs_name}",
subscribe => File[$if_dir],
}
case $mark {
'': {
err("${fqdn}: vserver ${vs_name} set to running, but won't be started on reboot without mark!")
file { $mark_file: ensure => absent, }
}
default: {
config_file { "/etc/vservers/${vs_name}/apps/init/mark":
content => "${mark}\n",
require => Exec["vs_create_${vs_name}"],
}
}
}
}
}
}
|
