[MediaWiki-commits] [Gerrit] operations/puppet[production]: move ferm rules for dataset roles into common manifest

Mon, 01 Aug 2016 10:45:12 -0700 

ArielGlenn has submitted this change and it was merged.

Change subject: move ferm rules for dataset roles into common manifest
......................................................................


move ferm rules for dataset roles into common manifest

also include standard and base::firewall there and move out of node
declarations

Change-Id: Ia310d4ce92fdf4a9c9867f41e0d1cfbdc376f55f
---
M manifests/site.pp
A modules/role/manifests/dataset/common.pp
M modules/role/manifests/dataset/primary.pp
M modules/role/manifests/dataset/secondary.pp
4 files changed, 32 insertions(+), 52 deletions(-)

Approvals:
  ArielGlenn: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/manifests/site.pp b/manifests/site.pp
index 3d31de4..97546c2 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -408,8 +408,6 @@
 node 'dataset1001.wikimedia.org' {
 
     role dataset::primary, dumps
-    include standard
-    include base::firewall
 
     interface::add_ip6_mapped { 'eth2':
         interface => 'eth2',
@@ -2019,8 +2017,6 @@
     $cluster = 'misc'
 
     role dataset::secondary, dumps
-    include standard
-    include base::firewall
 
     interface::add_ip6_mapped { 'main':
         interface => 'eth0',
diff --git a/modules/role/manifests/dataset/common.pp 
b/modules/role/manifests/dataset/common.pp
new file mode 100644
index 0000000..8a14ea5
--- /dev/null
+++ b/modules/role/manifests/dataset/common.pp
@@ -0,0 +1,28 @@
+class role::dataset::common {
+    include standard
+    include base::firewall
+
+    ferm::service { 'nfs_rpc_mountd':
+        proto  => 'tcp',
+        port   => '32767',
+        srange => '$INTERNAL',
+    }
+
+    ferm::service { 'nfs_rpc_statd':
+        proto  => 'tcp',
+        port   => '32765',
+        srange => '$INTERNAL',
+    }
+
+    ferm::service { 'nfs_portmapper_udp':
+        proto  => 'udp',
+        port   => '111',
+        srange => '$INTERNAL',
+    }
+
+    ferm::service { 'nfs_portmapper_tcp':
+        proto  => 'tcp',
+        port   => '111',
+        srange => '$INTERNAL',
+    }
+}
diff --git a/modules/role/manifests/dataset/primary.pp 
b/modules/role/manifests/dataset/primary.pp
index f21f876..1b6290a 100644
--- a/modules/role/manifests/dataset/primary.pp
+++ b/modules/role/manifests/dataset/primary.pp
@@ -4,6 +4,8 @@
 # of content may or may not be generated here (but should all be eventually)
 # mirrors to the public should not be provided from here via rsync
 class role::dataset::primary {
+    include role::dataset::common
+
     system::role { 'role::dataset::primary':
         description => 'dataset primary host',
     }
@@ -111,30 +113,6 @@
         source      => 'stat1002.eqiad.wmnet::hdfs-archive/unique_devices',
         destination => '/data/xmldatadumps/public/other/unique_devices',
         minute      => '31',
-    }
-
-    ferm::service { 'nfs_rpc_mountd':
-        proto  => 'tcp',
-        port   => '32767',
-        srange => '$INTERNAL',
-    }
-
-    ferm::service { 'nfs_rpc_statd':
-        proto  => 'tcp',
-        port   => '32765',
-        srange => '$INTERNAL',
-    }
-
-    ferm::service { 'nfs_portmapper_udp':
-        proto  => 'udp',
-        port   => '111',
-        srange => '$INTERNAL',
-    }
-
-    ferm::service { 'nfs_portmapper_tcp':
-        proto  => 'tcp',
-        port   => '111',
-        srange => '$INTERNAL',
     }
 }
 
diff --git a/modules/role/manifests/dataset/secondary.pp 
b/modules/role/manifests/dataset/secondary.pp
index 2e6fdfd..131a239 100644
--- a/modules/role/manifests/dataset/secondary.pp
+++ b/modules/role/manifests/dataset/secondary.pp
@@ -2,6 +2,8 @@
 # number of directories (but best is not at all)
 # mirrors to the public should be provided from here via rsync
 class role::dataset::secondary {
+    include role::dataset::common
+
     system::role { 'role::dataset::secondary':
         description => 'dataset secondary host',
     }
@@ -19,29 +21,5 @@
         rsync   => $rsync,
         grabs   => $grabs,
         uploads => $uploads,
-    }
-
-    ferm::service { 'nfs_rpc_mountd':
-        proto  => 'tcp',
-        port   => '32767',
-        srange => '$INTERNAL',
-    }
-
-    ferm::service { 'nfs_rpc_statd':
-        proto  => 'tcp',
-        port   => '32765',
-        srange => '$INTERNAL',
-    }
-
-    ferm::service { 'nfs_portmapper_udp':
-        proto  => 'udp',
-        port   => '111',
-        srange => '$INTERNAL',
-    }
-
-    ferm::service { 'nfs_portmapper_tcp':
-        proto  => 'tcp',
-        port   => '111',
-        srange => '$INTERNAL',
     }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/302281
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ia310d4ce92fdf4a9c9867f41e0d1cfbdc376f55f
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: ArielGlenn <ar...@wikimedia.org>
Gerrit-Reviewer: ArielGlenn <ar...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to