[MediaWiki-commits] [Gerrit] labs: do not use nfs on precises for ssh keys - change (operations/puppet)

Thu, 18 Jun 2015 06:15:47 -0700 

Yuvipanda has submitted this change and it was merged.

Change subject: labs: do not use nfs on precises for ssh keys
......................................................................


labs: do not use nfs on precises for ssh keys

Since there is a severe NFS outage on labs, we do the following:

- Assure we don't mount /public/keys from nfs
- Run manage-nfs-keys locally (it now writes to /public/keys)
- Don't run it on the nfs server anymore

Change-Id: I97f846e6f0f2296424e18e2ca5da7a4172ed349c
---
M manifests/role/labs.pp
M modules/ldap/files/scripts/manage-keys-nfs
M modules/openstack/manifests/project-nfs-storage-service.pp
3 files changed, 10 insertions(+), 9 deletions(-)

Approvals:
  Yuvipanda: Verified; Looks good to me, approved



diff --git a/manifests/role/labs.pp b/manifests/role/labs.pp
index 0fd787a..b4c6bc6 100644
--- a/manifests/role/labs.pp
+++ b/manifests/role/labs.pp
@@ -125,14 +125,14 @@
             ensure  => directory,
             require => File['/public'],
         }
+
         mount { '/public/keys':
-            ensure  => mounted,
-            atboot  => true,
-            fstype  => 'nfs',
-            options => "ro,${nfs_opts}",
-            device  => "${nfs_server}:/keys",
-            require => File['/public/keys', '/etc/modprobe.d/nfs-no-idmap'],
-            notify  => Service['ssh'],
+            ensure  => absent,
+        }
+
+
+        exec { '/usr/local/sbin/manage-keys-nfs':
+            require => [File['/public/keys'], 
File['/usr/local/sbin/manage-keys-nfs']],
         }
     }
 
diff --git a/modules/ldap/files/scripts/manage-keys-nfs 
b/modules/ldap/files/scripts/manage-keys-nfs
index 2fc3fe4..b79bc47 100755
--- a/modules/ldap/files/scripts/manage-keys-nfs
+++ b/modules/ldap/files/scripts/manage-keys-nfs
@@ -28,7 +28,7 @@
 
 class ExportManager:
     def __init__(self):
-        self.keysdir = "/srv/keys/"
+        self.keysdir = "/public/keys/"
         self.loglevel = INFO
         self.logfile = None
         self.hostname = socket.gethostname()
diff --git a/modules/openstack/manifests/project-nfs-storage-service.pp 
b/modules/openstack/manifests/project-nfs-storage-service.pp
index 8e4616f..53bc8e7 100644
--- a/modules/openstack/manifests/project-nfs-storage-service.pp
+++ b/modules/openstack/manifests/project-nfs-storage-service.pp
@@ -63,8 +63,9 @@
     }
 
     if ($::site == 'eqiad') {
+        # Not needed anymore, keys are written locally to the host
         cron { 'Update labs ssh keys':
-                ensure  => present,
+                ensure  => absent,
                 user    => 'root',
                 command => '/usr/local/sbin/manage-keys-nfs 
--logfile=/var/log/manage-keys.log >/dev/null 2>&1',
                 hour    => '*',

-- 
To view, visit https://gerrit.wikimedia.org/r/219157
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I97f846e6f0f2296424e18e2ca5da7a4172ed349c
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Giuseppe Lavagetto <glavage...@wikimedia.org>
Gerrit-Reviewer: Yuvipanda <yuvipa...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to