Yuvipanda has submitted this change and it was merged.
Change subject: labs: Disable mounting /public/keys on non-precise hosts
......................................................................
labs: Disable mounting /public/keys on non-precise hosts
They use LDAP for authentication anyway, so no need to have this
mounted at all.
Bug: T101660
Change-Id: Ibf6b3bc35508ab19713a858dfb25d26227a220fa
---
M manifests/role/labs.pp
1 file changed, 26 insertions(+), 20 deletions(-)
Approvals:
Yuvipanda: Verified; Looks good to me, approved
diff --git a/manifests/role/labs.pp b/manifests/role/labs.pp
index 3659266..0fd787a 100644
--- a/manifests/role/labs.pp
+++ b/manifests/role/labs.pp
@@ -30,14 +30,6 @@
mode => '0444',
}
- # Directory for public (readonly) mounts
- file { '/public':
- ensure => directory,
- owner => 'root',
- group => 'root',
- mode => '0755',
- }
-
package { 'puppet-lint':
ensure => present,
}
@@ -101,6 +93,17 @@
}
}
+ # Only create if we need /public/dumps or /public/keys
+ if $nfs_mounts['dumps'] or os_version('ubuntu <= precise') {
+ # Directory for public (readonly) mounts
+ file { '/public':
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ }
+ }
+
if $nfs_mounts['dumps'] {
file { '/public/dumps':
ensure => directory,
@@ -116,18 +119,21 @@
}
}
- file { '/public/keys':
- ensure => directory,
- require => File['/public'],
- }
- mount { '/public/keys':
- ensure => mounted,
- atboot => true,
- fstype => 'nfs',
- options => "ro,${nfs_opts}",
- device => "${nfs_server}:/keys",
- require => File['/public/keys', '/etc/modprobe.d/nfs-no-idmap'],
- notify => Service['ssh'],
+ # Used by ssh for logging in, only on precise and lower
+ if os_version('ubuntu <= precise') {
+ file { '/public/keys':
+ ensure => directory,
+ require => File['/public'],
+ }
+ mount { '/public/keys':
+ ensure => mounted,
+ atboot => true,
+ fstype => 'nfs',
+ options => "ro,${nfs_opts}",
+ device => "${nfs_server}:/keys",
+ require => File['/public/keys', '/etc/modprobe.d/nfs-no-idmap'],
+ notify => Service['ssh'],
+ }
}
# While the default on kernels >= 3.3 is to have idmap disabled,
--
To view, visit https://gerrit.wikimedia.org/r/217247
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ibf6b3bc35508ab19713a858dfb25d26227a220fa
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <[email protected]>
Gerrit-Reviewer: Yuvipanda <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
