coren has submitted this change and it was merged.
Change subject: Labs: Disable idmap on instances
......................................................................
Labs: Disable idmap on instances
Done with the module option, takes effect only the next time
the nfs module is reloaded (in practice, at next reboot). To
avoid breaking running systems, the actual daemon and its
config are left alone.
Bug: T95555
Change-Id: I158f0b88fefefb749889f06fc60f87518d3e4fa0
---
M manifests/role/labs.pp
1 file changed, 15 insertions(+), 0 deletions(-)
Approvals:
coren: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/labs.pp b/manifests/role/labs.pp
index 5db3bed..f63a2a6 100644
--- a/manifests/role/labs.pp
+++ b/manifests/role/labs.pp
@@ -120,6 +120,21 @@
notify => Service['ssh'],
}
+ # While the default on kernels >= 3.3 is to have idmap disabled,
+ # doing so explicitly does no harm and ensures it is everywhere.
+
+ file { '/etc/modprobe.d/nfs-no-idmap':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ content => "options nfs nfs4_disable_idmapping=1\n",
+ }
+
+ # Actually disabling idmapd and ensure => absent on the config
+ # files needs to wait for T95556 to ensure no running instance
+ # gets a broken idmapd.
+
if $::operatingsystem == 'Debian' {
service { 'nfs-common':
ensure => running,
--
To view, visit https://gerrit.wikimedia.org/r/203384
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I158f0b88fefefb749889f06fc60f87518d3e4fa0
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: coren <[email protected]>
Gerrit-Reviewer: coren <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
