Yuvipanda has submitted this change and it was merged. Change subject: labs: do not use nfs on precises for ssh keys ......................................................................
labs: do not use nfs on precises for ssh keys Since there is a severe NFS outage on labs, we do the following: - Assure we don't mount /public/keys from nfs - Run manage-nfs-keys locally (it now writes to /public/keys) - Don't run it on the nfs server anymore Change-Id: I97f846e6f0f2296424e18e2ca5da7a4172ed349c --- M manifests/role/labs.pp M modules/ldap/files/scripts/manage-keys-nfs M modules/openstack/manifests/project-nfs-storage-service.pp 3 files changed, 10 insertions(+), 9 deletions(-) Approvals: Yuvipanda: Verified; Looks good to me, approved diff --git a/manifests/role/labs.pp b/manifests/role/labs.pp index 0fd787a..b4c6bc6 100644 --- a/manifests/role/labs.pp +++ b/manifests/role/labs.pp @@ -125,14 +125,14 @@ ensure => directory, require => File['/public'], } + mount { '/public/keys': - ensure => mounted, - atboot => true, - fstype => 'nfs', - options => "ro,${nfs_opts}", - device => "${nfs_server}:/keys", - require => File['/public/keys', '/etc/modprobe.d/nfs-no-idmap'], - notify => Service['ssh'], + ensure => absent, + } + + + exec { '/usr/local/sbin/manage-keys-nfs': + require => [File['/public/keys'], File['/usr/local/sbin/manage-keys-nfs']], } } diff --git a/modules/ldap/files/scripts/manage-keys-nfs b/modules/ldap/files/scripts/manage-keys-nfs index 2fc3fe4..b79bc47 100755 --- a/modules/ldap/files/scripts/manage-keys-nfs +++ b/modules/ldap/files/scripts/manage-keys-nfs @@ -28,7 +28,7 @@ class ExportManager: def __init__(self): - self.keysdir = "/srv/keys/" + self.keysdir = "/public/keys/" self.loglevel = INFO self.logfile = None self.hostname = socket.gethostname() diff --git a/modules/openstack/manifests/project-nfs-storage-service.pp b/modules/openstack/manifests/project-nfs-storage-service.pp index 8e4616f..53bc8e7 100644 --- a/modules/openstack/manifests/project-nfs-storage-service.pp +++ b/modules/openstack/manifests/project-nfs-storage-service.pp @@ -63,8 +63,9 @@ } if ($::site == 'eqiad') { + # Not needed anymore, keys are written locally to the host cron { 'Update labs ssh keys': - ensure => present, + ensure => absent, user => 'root', command => '/usr/local/sbin/manage-keys-nfs --logfile=/var/log/manage-keys.log >/dev/null 2>&1', hour => '*', -- To view, visit https://gerrit.wikimedia.org/r/219157 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I97f846e6f0f2296424e18e2ca5da7a4172ed349c Gerrit-PatchSet: 4 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Giuseppe Lavagetto <glavage...@wikimedia.org> Gerrit-Reviewer: Yuvipanda <yuvipa...@gmail.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits