Puppet users - Feb 2009 - Defining more than one solaris zone in nodes.pp

Hi,

I''m struggling to know the best method of definining multiple solaris
zones
in nodes.pp. I can get it working with one zone but scaling is a problem.
Below is a summary of my problem if you don''t mind reading on but in
short
it''s a request to see how anyone else has defined zones (or virtualised
machines) in nodes.pp

So far I have a nodes definition like this which is basically the host
definition with some key value pairs defining the network portion of a zone
:-

*  node ''ptc37551'' {
   $zonename = "zone37551-01"
   $dns_server1 = "10.20.136.11"
   $netmask = "255.255.255.0"
   $ip_address = "10.20.89.99"
   $default_route = "10.20.89.1"
   include node_default
   include physical
   include LDAP, Automount
   include zones*

The class zones at the bottom of the above entry is a module containing an
erb template.This picks up the values defined in the node def and looks like
this:-

*system_locale=en_GB
timezone=GB
terminal=vt100
security_policy=NONE
root_password=Ru3eT4PHOTtzo
timeserver=localhost
name_service=DNS {
       domain_name=test.com
       name_server=<%= dns_server1 %>
}
network_interface=primary {
       hostname=<%= hostname %>
       ip_address=<%= ip_address %>
       netmask=<%= netmask %>
       protocol_ipv6=no
       default_route=<%= default_route %>
}*

The init.pp file in the zones module looks like this:-

class zones {
zone { zone37551-01:
  # This class refers to the file in templates/zones.erb. variable defs held
in nodes.pp

    ip => "bnx0:10.20.89.89",
    sysidcfg => template("zones.erb"),
    path => "/zfs/zone37551-01",
    realhostname => "zone37551-01.test.com",
    inherit => ["/usr", "/sbin", "/platform",
"/lib"],
    ensure => running,
}
}
which as you can see is rubbish as it still contains hard coded definitions
rather than values passed from nodes.pp. I''m guessing the answer lies
with
define statements along the lines
class zone {
zone::zone1 {
   zone1 details
}

but bringing it all together is causing some brain problems. If anyone has
done something similar already I''d be pleased to hear from them

Thanks
Paul

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

paul matthews wrote:
> but bringing it all together is causing some brain problems. If anyone has
> done something similar already I''d be pleased to hear from them
 
The approach I''ve taken is to have a wrapper around the zone type
that looks like this:

define myzone($zoneif, $zoneip, $znetmask = ''255.255.255.0'') {
        zfs{"rpool/ROOT/$bename/zoneds/$name":
               ensure=>present
	}
        file{"/zoneds/$name": mode=>700, ensure=>directory,
                require=>Zfs["rpool/ROOT/$bename/zoneds/$name"]
        }
        exec{"/usr/sbin/zfs set canmount=noauto
rpool/ROOT/$bename/zoneds/$name":
                refreshonly=>true,
                subscribe=>Zfs["rpool/ROOT/$bename/zoneds/$name"],
                before=>Zone[$name]
        }
        $zname = "$name.$domain"
        zone{$name:
                require=>[Zfs["rpool/ROOT/$bename/zoneds/$name"]],
                autoboot=>true,
                create_args=>"-b",
                ip=>"$zoneif:$zoneip",
                path=>"/zoneds/%s",
                realhostname=>$zname,
                sysidcfg=>template(sysidcfg)
        }
        exec{"/usr/bin/cp -pr /opt/sysadmin /zoneds/$name/root/opt":
                refreshonly=>true,
                subscribe=>Zone[$name]
        }
        file{"/zoneds/$name/root/root":
                ensure=>directory,
                mode=>700,
                require=>Zone[$name]
        }
        exec{"/usr/sbin/zlogin $name usermod -d /root root":
                require=>Zone[$name],
                subscribe=>File["/zoneds/$name/root/root"],
                refreshonly=>true
        }
}

I have a custom fact which returns the default route for the host
and a template pretty similar to yours for sysidcfg.  I also have
a custom fact which returns the LU BE name for the global zone.

Defining an actual zone in a node definition then looks like this:

        itgzone{zone1:
                zoneip=>"a.b.c.d",
                zoneif=>"nge0"
        }

You need to make sure that rpool/ROOT/$bename/zoneds exists as
a ZFS dataset.  I actually had that as part of the ''myzone''
stuff
and then realised when testing for multiple-zone support (prompted
by your email) that it couldn''t go in there, it has to be in my
base code for Solaris 10.

This produces "full" zones, if you want sparse ones then just
add the necessary bits.  The results are LiveUpgrade-safe on
update 6.  

Some of the stuff at the end is just site-local
customisation, enough to bootstrap Puppet in the zone.  We
then define the zone as a node in Puppet and let that finish
configuring the zone as though it were any other host.

Matt

-- 
* Matt McLeod | mail: matt@boggle.org | blog: http://abortrephrase.com/ *
     --- People can do the work, so machines have time to think ---

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Superb, Matt. Thanks very much. I''ll have a go at implementing this
today

I also had another look at Pulling Strings with Puppet last night and came
across a recipe on P117 which uses an apache virtual host scenario involving
definition statements, an erb template and the variables being set in the
nodes.pp file. I think with a fairly small amount of effort I could re-use
most of that example as well for defining solaris zones

As a side note, for any people starting out I would thoroughly recommend
reading that book, carrying out your own implementations and then re-reading
a few more times in order to build on your knowlegde

Rgds
Paul


2009/2/4 Matt McLeod <matt@boggle.org>
>
> paul matthews wrote:
> > but bringing it all together is causing some brain problems. If anyone
> has
> > done something similar already I''d be pleased to hear from
them
>
> The approach I''ve taken is to have a wrapper around the zone type
> that looks like this:
>
> define myzone($zoneif, $zoneip, $znetmask =
''255.255.255.0'') {
>        zfs{"rpool/ROOT/$bename/zoneds/$name":
>               ensure=>present
>        }
>        file{"/zoneds/$name": mode=>700, ensure=>directory,
>                require=>Zfs["rpool/ROOT/$bename/zoneds/$name"]
>        }
>        exec{"/usr/sbin/zfs set canmount=noauto
> rpool/ROOT/$bename/zoneds/$name":
>                refreshonly=>true,
>               
subscribe=>Zfs["rpool/ROOT/$bename/zoneds/$name"],
>                before=>Zone[$name]
>        }
>        $zname = "$name.$domain"
>        zone{$name:
>               
require=>[Zfs["rpool/ROOT/$bename/zoneds/$name"]],
>                autoboot=>true,
>                create_args=>"-b",
>                ip=>"$zoneif:$zoneip",
>                path=>"/zoneds/%s",
>                realhostname=>$zname,
>                sysidcfg=>template(sysidcfg)
>        }
>        exec{"/usr/bin/cp -pr /opt/sysadmin
/zoneds/$name/root/opt":
>                refreshonly=>true,
>                subscribe=>Zone[$name]
>        }
>        file{"/zoneds/$name/root/root":
>                ensure=>directory,
>                mode=>700,
>                require=>Zone[$name]
>        }
>        exec{"/usr/sbin/zlogin $name usermod -d /root root":
>                require=>Zone[$name],
>                subscribe=>File["/zoneds/$name/root/root"],
>                refreshonly=>true
>        }
> }
>
> I have a custom fact which returns the default route for the host
> and a template pretty similar to yours for sysidcfg.  I also have
> a custom fact which returns the LU BE name for the global zone.
>
> Defining an actual zone in a node definition then looks like this:
>
>        itgzone{zone1:
>                zoneip=>"a.b.c.d",
>                zoneif=>"nge0"
>        }
>
> You need to make sure that rpool/ROOT/$bename/zoneds exists as
> a ZFS dataset.  I actually had that as part of the
''myzone'' stuff
> and then realised when testing for multiple-zone support (prompted
> by your email) that it couldn''t go in there, it has to be in my
> base code for Solaris 10.
>
> This produces "full" zones, if you want sparse ones then just
> add the necessary bits.  The results are LiveUpgrade-safe on
> update 6.
>
> Some of the stuff at the end is just site-local
> customisation, enough to bootstrap Puppet in the zone.  We
> then define the zone as a node in Puppet and let that finish
> configuring the zone as though it were any other host.
>
> Matt
>
> --
> * Matt McLeod | mail: matt@boggle.org | blog: http://abortrephrase.com/ *
>     --- People can do the work, so machines have time to think ---
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---