[MediaWiki-commits] [Gerrit] labs: do not use nfs on precises for ssh keys - change (operations/puppet)

Thu, 18 Jun 2015 05:30:08 -0700 

Giuseppe Lavagetto has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/219157

Change subject: labs: do not use nfs on precises for ssh keys
......................................................................

labs: do not use nfs on precises for ssh keys

Since there is a severe NFS outage on labs, we do the following:

- Assure we don't mount /public/keys from nfs
- Run manage-nfs-keys locally

Also, a config option was added to manage-nfs-keys in order to allow
choosing the output directory

Change-Id: I97f846e6f0f2296424e18e2ca5da7a4172ed349c
---
M manifests/role/labs.pp
M modules/ldap/files/scripts/manage-keys-nfs
2 files changed, 10 insertions(+), 7 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/57/219157/1

diff --git a/manifests/role/labs.pp b/manifests/role/labs.pp
index 0fd787a..f3b5279 100644
--- a/manifests/role/labs.pp
+++ b/manifests/role/labs.pp
@@ -125,14 +125,14 @@
             ensure  => directory,
             require => File['/public'],
         }
+
         mount { '/public/keys':
-            ensure  => mounted,
-            atboot  => true,
-            fstype  => 'nfs',
-            options => "ro,${nfs_opts}",
-            device  => "${nfs_server}:/keys",
-            require => File['/public/keys', '/etc/modprobe.d/nfs-no-idmap'],
-            notify  => Service['ssh'],
+            ensure  => absent,
+        }
+
+
+        exec { '/usr/local/sbin/manage-keys-nfs --dir /public/keys':
+            require => [File['/public/keys'], 
File['/usr/local/sbin/manage-keys-nfs']],
         }
     }
 
diff --git a/modules/ldap/files/scripts/manage-keys-nfs 
b/modules/ldap/files/scripts/manage-keys-nfs
index 2fc3fe4..60cc871 100755
--- a/modules/ldap/files/scripts/manage-keys-nfs
+++ b/modules/ldap/files/scripts/manage-keys-nfs
@@ -42,6 +42,7 @@
 
         parser.add_option("--logfile", dest="logfile", help="Write output to 
the specified log file. (default: stdout)")
         parser.add_option("--loglevel", dest="loglevel", help="Change level of 
logging; NONE, INFO, DEBUG (default: INFO)")
+        parser.add_option("--dir", dest="keysdir", help="Output directory 
(default: /srv/keys)")
         (options, args) = parser.parse_args()
         ldapSupportLib.setBindInfoByOptions(options, parser)
 
@@ -49,6 +50,8 @@
             self.logfile = options.logfile
         if options.loglevel:
             self.loglevel = options.loglevel
+        if options.keysdir:
+            self.keysdir = options.keysdir
 
         base = ldapSupportLib.getBase()
         ds = ldapSupportLib.connect()

-- 
To view, visit https://gerrit.wikimedia.org/r/219157
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I97f846e6f0f2296424e18e2ca5da7a4172ed349c
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Giuseppe Lavagetto <glavage...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to