#!/bin/bash
NAME=$1
-DOMAIN=$2
-
+CONTEXT=$2
+RELEASE = $3
+DEBOOTSTRAP_MIRROR = $4
# create basic vserver
-vserver $NAME build -m debootstrap -- -d etch -m http://ftp.at.debian.org/debian
+vserver $NAME build -m debootstrap -- -d $RELEASE -m $DEBOOTSTRAP_MIRROR
# default settings
echo $NAME >/etc/vservers/$NAME/uts/nodename
+echo $CONTEXT >/etc/vservers/$NAME/context
# copy in some some defaults
TARGET=/etc/vservers/$NAME/vdir/
# this is needed so puppet can find the puppetmaster and creates the right
# certificate
grep -v $NAME /etc/hosts > $TARGET/etc/hosts
-echo "127.0.0.1 $NAME.$DOMAIN $NAME" >> $TARGET/etc/hosts
+echo "127.0.0.1 $NAME" >> $TARGET/etc/hosts
mkdir -p $TARGET/var/lib/puppet/modules/dbp
cp /var/lib/puppet/modules/dbp/puppet_current.deb $TARGET/var/lib/puppet/modules/dbp/
vserver $NAME exec dpkg --install var/lib/puppet/modules/dbp/puppet_current.deb
vserver $NAME exec apt-get -fy install
-echo "Please sign now: puppetca --sign $NAME.$DOMAIN" >&2
+echo "Please sign now: puppetca --sign $NAME" >&2
--- /dev/null
+#!/bin/bash
+
+DEV="$1"
+SUBNET="$2"
+
+openvpn --mktun --dev "$DEV"
+ip link set dev "$DEV" txqueuelen 100
+ifconfig "$DEV" "$SUBNET".1 pointopoint "$SUBNET".2 mtu 1500
+route add -net "$SUBNET".0 netmask 255.255.255.0 gw "$SUBNET".2
+
--- /dev/null
+#!/bin/bash
+
+DEV="$1"
+SUBNET="$2"
+
+route del -net "$SUBNET".0 netmask 255.255.255.0 gw "$SUBNET".2
+ifconfig "$DEV" down
+openvpn --rmtun --dev "$DEV"
+
--- /dev/null
+# NB. changing these requires a reboot.
+# A simple 'xend restart' will not take effect
+
+# Log all hypervisor messages (cf xm dmesg)
+#XENCONSOLED_LOG_HYPERVISOR=no
+
+# Log all guest console output (cf xm console)
+#XENCONSOLED_LOG_GUESTS=no
+
+# Location to store guest & hypervisor logs
+#XENCONSOLED_LOG_DIR=/var/log/xen/console
--- /dev/null
+## Path: System/xen
+## Description: xen domain start/stop on boot
+## Type: string
+## Default:
+#
+# The xendomains script can send SysRq requests to domains on shutdown.
+# If you don't want to MIGRATE, SAVE, or SHUTDOWN, this may be a possibility
+# to do a quick and dirty shutdown ("s e i u o") or at least sync the disks
+# of the domains ("s").
+#
+XENDOMAINS_SYSRQ=""
+
+## Type: integer
+## Default: 100000
+#
+# If XENDOMAINS_SYSRQ is set, this variable determines how long to wait
+# (in microseconds) after each SysRq, so the domain has a chance to react.
+# If you want to a quick'n'dirty shutdown via SysRq, you may want to set
+# it to a relatively high value (1200000).
+#
+XENDOMAINS_USLEEP=100000
+
+## Type: integer
+## Default: 5000000
+#
+# When creating a guest domain, it is sensible to allow a little time for it
+# to get started before creating another domain or proceeding through the
+# boot process. Without this, the booting guests will thrash the disk as they
+# start up. This timeout (in microseconds) specifies the delay after guest
+# domain creation.
+#
+XENDOMAINS_CREATE_USLEEP=5000000
+
+## Type: string
+## Default: ""
+#
+# Set this to a non-empty string if you want to migrate virtual machines
+# on shutdown. The string will be passed to the xm migrate DOMID command
+# as is: It should contain the target IP address of the physical machine
+# to migrate to and optionally parameters like --live. Leave empty if
+# you don't want to try virtual machine relocation on shutdown.
+# If migration succeeds, neither SAVE nor SHUTDOWN will be executed for
+# that domain.
+#
+XENDOMAINS_MIGRATE=""
+
+## Type: string
+## Default: /var/lib/xen/save
+#
+# Directory to save running domains to when the system (dom0) is
+# shut down. Will also be used to restore domains from if # XENDOMAINS_RESTORE
+# is set (see below). Leave empty to disable domain saving on shutdown
+# (e.g. because you rather shut domains down).
+# If domain saving does succeed, SHUTDOWN will not be executed.
+#
+XENDOMAINS_SAVE=
+
+## Type: string
+## Default: "--halt --wait"
+#
+# If neither MIGRATE nor SAVE were enabled or if they failed, you can
+# try to shut down a domain by sending it a shutdown request. To do this,
+# set this to "--halt --wait". Omit the "--wait" flag to avoid waiting
+# for the domain to be really down. Leave empty to skip domain shutdown.
+#
+XENDOMAINS_SHUTDOWN="--halt --wait"
+
+## Type: string
+## Default: "--all --halt --wait"
+#
+# After we have gone over all virtual machines (resp. all automatically
+# started ones, see XENDOMAINS_AUTO_ONLY below) in a loop and sent SysRq,
+# migrated, saved and/or shutdown according to the settings above, we
+# might want to shutdown the virtual machines that are still running
+# for some reason or another. To do this, set this variable to
+# "--all --halt --wait", it will be passed to xm shutdown.
+# Leave it empty not to do anything special here.
+# (Note: This will hit all virtual machines, even if XENDOMAINS_AUTO_ONLY
+# is set.)
+#
+XENDOMAINS_SHUTDOWN_ALL="--all --halt --wait"
+
+## Type: boolean
+## Default: true
+#
+# This variable determines whether saved domains from XENDOMAINS_SAVE
+# will be restored on system startup.
+#
+XENDOMAINS_RESTORE=false
+
+## Type: string
+## Default: /etc/xen/auto
+#
+# This variable sets the directory where domains configurations
+# are stored that should be started on system startup automatically.
+# Leave empty if you don't want to start domains automatically
+# (or just don't place any xen domain config files in that dir).
+# Note that the script tries to be clever if both RESTORE and AUTO are
+# set: It will first restore saved domains and then only start domains
+# in AUTO which are not running yet.
+# Note that the name matching is somewhat fuzzy.
+#
+XENDOMAINS_AUTO=/etc/xen/auto
+
+## Type: boolean
+## Default: false
+#
+# If this variable is set to "true", only the domains started via config
+# files in XENDOMAINS_AUTO will be treated according to XENDOMAINS_SYSRQ,
+# XENDOMAINS_MIGRATE, XENDOMAINS_SAVE, XENDMAINS_SHUTDOWN; otherwise
+# all running domains will be.
+# Note that the name matching is somewhat fuzzy.
+#
+XENDOMAINS_AUTO_ONLY=false
+
+## Type: integer
+## Default: 300
+#
+# On xendomains stop, a number of xm commands (xm migrate, save, shutdown,
+# shutdown --all) may be executed. In the worst case, these commands may
+# stall forever, which will prevent a successful shutdown of the machine.
+# If this variable is non-zero, the script will set up a watchdog timer
+# for every of these xm commands and time it out after the number of seconds
+# specified by this variable.
+# Note that SHUTDOWN_ALL will not be called if no virtual machines or only
+# zombies are still running, so you don't need to enable this timeout just
+# for the zombie case.
+# The setting should be large enough to make sure that migrate/save/shutdown
+# can succeed. If you do live migrations, keep in mind that live migration
+# of a 1GB machine over Gigabit ethernet may actually take something like
+# 100s (assuming that live migration uses 10% of the network # bandwidth).
+# Depending on the virtual machine, a shutdown may also require a significant
+# amount of time. So better setup this variable to a huge number and hope the
+# watchdog never fires.
+#
+XENDOMAINS_STOP_MAXWAIT=300
+
modules_dir{ "virtual": }
import "vserver.pp"
+import "openvpn.pp"
import "xen.pp"
--- /dev/null
+# openvpn.pp -- create a "virtual" OpenVPN Server within a vserver
+# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>
+# See LICENSE for the full license granted to you.
+
+# configures the specified vserver for openvpn hosting
+# see also http://oldwiki.linux-vserver.org/some_hints_from_john
+# and http://linux-vserver.org/Frequently_Asked_Questions#Can_I_run_an_OpenVPN_Server_in_a_guest.3F
+
+class virtual::openvpn::base {
+ include openvpn
+ modules_dir { "virtual/openvpn": }
+}
+
+class virtual::openvpn::host_base inherits virtual::openvpn::base {
+ file {
+ "/var/lib/puppet/modules/virtual/openvpn/create_interface":
+ source => "puppet://$servername/virtual/create_openvpn_interface",
+ mode => 0755, owner => root, group => 0;
+ "/var/lib/puppet/modules/virtual/openvpn/destroy_interface":
+ source => "puppet://$servername/virtual/destroy_openvpn_interface",
+ mode => 0755, owner => root, group => 0;
+ }
+}
+
+define virtual::openvpn::host() {
+ include virtual::openvpn::host_base
+ exec { "mktun for ${name}":
+ command => "./MAKEDEV tun",
+ cwd => "/etc/vservers/${name}/vdir/dev",
+ creates => "/etc/vservers/${name}/vdir/dev/net/tun";
+ }
+}
+
+# this configures a specific tun interface for the given subnet
+define virtual::openvpn::interface($subnet) {
+ # create and setup the interface if it doesn't exist already
+ # this is a "bit" coarse grained but works for me
+ ifupdown::manual {
+ $name:
+ up => "/var/lib/puppet/modules/virtual/openvpn/create_interface ${name} ${subnet}",
+ down => "/var/lib/puppet/modules/virtual/openvpn/destroy_interface ${name} ${subnet}"
+ }
+}
+
+# actually setup the openvpn server within a vserver
+define virtual::openvpn::server($config) {
+ include virtual::openvpn::base
+ file {
+ "/etc/openvpn/${name}.conf":
+ ensure => present, content => $config,
+ mode => 0644, owner => root, group => 0,
+ notify => Service['openvpn'];
+ }
+}
-# virtual/vserver.pp -- manage vservers
+# virtual/vserver.pp -- manage vserver specifics
+# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>
+# See LICENSE for the full license granted to you.
modules_dir{ "virtual/contexts": }
mode => 0755, owner => root, group => root,
require => File["/etc/vservers"];
}
+
+ file {
+ "/usr/local/bin/build_vserver":
+ source => "puppet://$server/virtual/build_vserver",
+ mode => 0755, owner => root, group => root,
+ require => [ Package['util-vserver'], Package[debootstrap],
+ # this comes from dbp module and is the most current puppet deb
+ File["/var/lib/puppet/modules/dbp/puppet_current.deb"] ];
+ "/etc/vservers/local-interfaces":
+ ensure => directory,
+ mode => 0755, owner => root, group => root;
+ "/etc/cron.daily/vserver-hashify":
+ source => "puppet://$server/virtual/hashify.cron.daily",
+ mode => 0755, owner => root, group => root;
+ }
}
-define vs_create($in_domain, $legacy = false, $distro = 'etch', $debootstrap_mirror = 'http://ftp.debian.org/debian') {
-
- $vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } }
+define vs_create($in_domain, $context, $legacy = false, $distro = 'etch', $debootstrap_mirror = 'http://ftp.debian.org/debian') {
+ $vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } }
+
case $vs_name { '': { fail ( "Cannot create VServer with empty name" ) } }
- exec { "/usr/sbin/vserver ${vs_name} build -m debootstrap -- -d $distro -m $debootstrap_mirror":
- creates => "/etc/vservers/${vs_name}",
- alias => "vs_create_${vs_name}"
+
+ case $legacy {
+ true: {
+ exec { "/bin/false # cannot create legacy vserver ${vs_name}":
+ creates => "/etc/vservers/${vs_name}",
+ alias => "vs_create_${vs_name}"
+ }
+ }
+ false: {
+ exec { "/usr/local/bin/build_vserver \"${vs_name}\" ${context} ${distro} ${debootstrap_mirror}":
+ creates => "/etc/vservers/${vs_name}",
+ require => File["/usr/local/bin/build_vserver"],
+ alias => "vs_create_${vs_name}"
+ }
+ }
}
}
# ensure: present, stopped, running
-define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false, $distro = '') {
-
- case $in_domain { '': {}
- default: { err("${fqdn}: vserver ${name} uses deprecated \$in_domain" ) }
- }
+define vserver($ensure, $context, $in_domain = '', $mark = '', $legacy = false) {
+ case $in_domain { '': {}
+ default: { err("${fqdn}: vserver ${name} uses deprecated \$in_domain" ) }
+ }
+ $vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } }
+ case $vs_name { '': { fail ( "Cannot create VServer with empty name" ) } }
- $vs_name = $legacy ? { true => $name, false => $in_domain ? { '' => $name, default => "${name}.${in_domain}" } }
- case $vs_name { '': { fail ( "Cannot create VServer with empty name" ) } }
-
- $if_dir = "/etc/vservers/${vs_name}/interfaces/"
+ $if_dir = "/etc/vservers/${vs_name}/interfaces"
$mark_file = "/etc/vservers/${vs_name}/apps/init/mark"
+ $vs_name_underscores = gsub($vs_name, '\.', '_')
+ $cron_job = "/etc/cron.daily/puppet-vserver-${vs_name_underscores}"
+
# TODO: wasn't there a syntax for using arrays as case selectors??
case $ensure {
- present: { vs_create{$name: in_domain => $in_domain, legacy => $legacy, distro => $distro, } }
- running: { vs_create{$name: in_domain => $in_domain, legacy => $legacy, distro => $distro, } }
- stopped: { vs_create{$name: in_domain => $in_domain, legacy => $legacy, distro => $distro, } }
- delete: { vs_create{$name: in_domain => $in_domain, legacy => $legacy, distro => $distro, } }
+ present: { vs_create{$name: in_domain => $in_domain, context => $context, legacy => $legacy, distro => $distro, } }
+ running: { vs_create{$name: in_domain => $in_domain, context => $context, legacy => $legacy, distro => $distro, } }
+ stopped: { vs_create{$name: in_domain => $in_domain, context => $context, legacy => $legacy, distro => $distro, } }
+ delete: { vs_create{$name: in_domain => $in_domain, context => $context, legacy => $legacy, distro => $distro, } }
default: { err("${fqdn}: vserver(${vs_name}): unknown ensure '${ensure}'") }
}
}
case $ensure {
-
-
present: {
# don't start or stop the vserver, just make sure it exists, we just run a dummy status test here
exec { "test -e \$(readlink -f /etc/vservers/${vs_name}/vdir)":
alias => "vs_restart_${vs_name}",
}
}
+ stopped: {
+ exec { "vserver ${vs_name} stop":
+ onlyif => "test -e \$(readlink -f /etc/vservers/${vs_name}/run || echo /doesntexist )",
+ require => Exec["vs_create_${vs_name}"],
+ # fake the restart exec in the stopped case, so the dependencies are fulfilled
+ alias => "vs_restart_${vs_name}",
+ }
+ file { $mark_file: ensure => absent, }
+ }
+ delete: {
+ exec { "/usr/bin/yes | vserver ${vs_name} delete":
+ alias => "vs_restart_${vs_name}",
+ }
+ }
running: {
exec { "vserver ${vs_name} start":
unless => "test -e \$(readlink -f /etc/vservers/${vs_name}/run)",
- require => Exec["vs_create_${vs_name}"],
+ require => [ Exec["vs_create_${vs_name}"], File["/etc/vservers/${vs_name}/context"] ]
}
exec { "vserver ${vs_name} restart":
}
}
}
-
- stopped: {
- exec { "vserver ${vs_name} stop":
- onlyif => "test -e \$(readlink -f /etc/vservers/${vs_name}/run || echo /doesntexist )",
- require => Exec["vs_create_${vs_name}"],
- # fake the restart exec in the stopped case, so the dependencies are fulfilled
- alias => "vs_restart_${vs_name}",
- }
- file { $mark_file: ensure => absent, }
- }
-
- delete: {
- exec { "/usr/bin/yes | vserver ${vs_name} delete":
- alias => "vs_restart_${vs_name}",
- }
- }
}
}
define vs_interface($prefix = 24, $dev = '') {
file {
- "/etc/vservers/local-interfaces/${name}/":
+ "/etc/vservers/local-interfaces/${name}":
ensure => directory,
mode => 0755, owner => root, group => root;
"/etc/vservers/local-interfaces/${name}/ip":
connected: {
file { "/etc/vservers/${vserver}/interfaces/${name}":
ensure => "/etc/vservers/local-interfaces/${ip}/",
- require => [ File["/etc/vservers/local-interfaces/${ip}/"], Exec["vs_create_${vserver}"] ],
+ require => [ File["/etc/vservers/local-interfaces/${ip}"], Exec["vs_create_${vserver}"] ],
notify => Exec["vs_restart_${vserver}"],
}
}
class munin::plugins::xen {
munin::remoteplugin {
xen_mem:
- source => "puppet://$servername/virtual/munin/xen_mem",
+ source => "puppet://$server/virtual/munin/xen_mem",
config => "user root";
xen_vm:
- source => "puppet://$servername/virtual/munin/xen_vm",
+ source => "puppet://$server/virtual/munin/xen_vm",
config => "user root";
}
}
class xen::domain {
- # install the special libc and parameters to enable it
- $xen_ensure = $virtual ? {
- 'xen0' => present,
- 'xenu' => present,
- default => 'absent'
- }
+ case $operatingsystem {
+ debian: { include xen::domain::debian }
+ centos: { include xen::domain::centos }
+ default: { include xen::domain::base }
+ }
+}
- case $ensure {
- 'absent': { err("xen::domain configured, but not detected") }
- }
+class xen::domain::base {
+ service{ 'xend':
+ ensure => running,
+ enable => true,
+ hasstatus => true,
+ }
+
+ case $xen_domains {
+ '0': { info("No xen domains are running, so not configuring service xendomains") }
+ default: {
+ service{ 'xendomains':
+ ensure => running,
+ enable => true,
+ hasstatus => true,
+ }
+ }
+ }
+
+ file{'/etc/xen/xend-config.sxp':
+ source => [ "puppet://$server/files/virtual/xen/${fqdn}/config/xend-config.sxp",
+ "puppet://$server/files/virtual/xen/config/${domain}/xend-config.sxp",
+ "puppet://$server/files/virtual/xen/config/${operatingsystem}/xend-config.sxp",
+ "puppet://$server/files/virtual/xen/config/xend-config.sxp",
+ "puppet://$server/virtual/xen/config/${operatingsystem}/xend-config.sxp",
+ "puppet://$server/virtual/xen/config/xend-config.sxp" ],
+ notify => Service['xend'],
+ owner => root, group => 0, mode => 0644;
+ }
+}
+
+class xen::domain::centos inherits xen::domain::base {
+ package{ 'kernel-xen':
+ ensure => present,
+ }
+
+ Service[xend]{
+ require => Package['kernel-xen'],
+ }
+
+ file{'/etc/sysconfig/xend':
+ source => "puppet://$server/virtual/xen/${operatingsystem}/sysconfig/xend",
+ notify => Service['xend'],
+ owner => root, group => 0, mode => 0644;
+ }
+
+ file{'/etc/sysconfig/xendomains':
+ source => "puppet://$server/virtual/xen/${operatingsystem}/sysconfig/xendomains",
+ owner => root, group => 0, mode => 0644;
+ }
- package { libc6-xen:
- ensure => $xen_ensure,
+ case $xen_domains {
+ '0': { info("No xen domains are running, so not configuring service xendomains") }
+ default: {
+ Service[xendomains]{
+ require => Package['kernel-xen'],
+ }
+ File['/etc/sysconfig/xendomains']{
+ notify => Service[xendomains]
+ }
+ }
+ }
+}
+
+class xen::domain::debian inherits xen::domain::base {
+ # This package is i386 only
+ # See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=379444
+ case $architecture {
+ 'i386': {
+ package { libc6-xen:
+ ensure => 'present',
+ }
+ }
}
config_file {
"/etc/ld.so.conf.d/nosegneg.conf":
ensure => $xen_ensure,
content => "hwcap 0 nosegneg\n",
- }
+ }
+}
+class xen::dom0 inherits xen::domain {
+ case $operatingsystem {
+ debian: { include xen::dom0::debian }
+ centos: { include xen::dom0::centos }
+ default: { include xen::dom0::base }
+ }
+}
+
+class xen::dom0::base {}
+class xen::dom0::centos inherits xen::dom0::base {
+ package{ [ "xen", "xen-libs"]:
+ ensure => present,
+ }
+}
+class xen::dom0::debian inherits xen::dom0::base {
+ # install the packages required for managing xen
+ package {
+ [ "xen-hypervisor-3.0.3-1-$architecture",
+ "linux-image-xen-$architecture",
+ 'libsysfs2'
+ ]:
+ ensure => present
+ }
}
setcode do
- lspciexists = system "which lspci >&/dev/null"
+ lspciexists = system "which lspci > /dev/null 2>&1"
if $?.exitstatus == 0
output = %x{lspci}
output.each {|p|
--- /dev/null
+# xen.rb -- linux-vserver.org related facts
+# Copyright (C) 2008 Puzzle ITC
+# See LICENSE for the full license granted to you.
+
+Facter.add("xen_domains") do
+ confine :virtual => :xen0
+ ENV["PATH"]="/bin:/sbin:/usr/bin:/usr/sbin"
+ setcode do
+ %x{xm list | egrep -v '(^Name|^Domain-0)' | wc -l}.chomp
+ end
+end
+
projects / puppet-virtual.git / commitdiff