[MediaWiki-commits] [Gerrit] operations/puppet[production]: kmod::blacklist: prevent manual install, update initramfs

Mon, 27 Nov 2017 10:37:26 -0800 

BBlack has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/392644 )

Change subject: kmod::blacklist: prevent manual install, update initramfs
......................................................................


kmod::blacklist: prevent manual install, update initramfs

* Without the update-initramfs notify, I don't think the blacklist
  necessarily comes into effect until next time initramfs is
  updated for some other reason?

* Without the "install foo /bin/true" hack, it's still possible
  for the module to be loaded by runtime actions (e.g. modprobe,
  or autoloading by some CLI tool...)

Change-Id: I0829faa6e0c737e958ec480eb787f7468b49833c
---
M modules/kmod/manifests/blacklist.pp
M modules/kmod/templates/blacklist.conf.erb
2 files changed, 2 insertions(+), 0 deletions(-)

Approvals:
  Muehlenhoff: Looks good to me, but someone else must approve
  BBlack: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/kmod/manifests/blacklist.pp 
b/modules/kmod/manifests/blacklist.pp
index f33b1e3..46649f3 100644
--- a/modules/kmod/manifests/blacklist.pp
+++ b/modules/kmod/manifests/blacklist.pp
@@ -20,5 +20,6 @@
         group   => 'root',
         mode    => '0444',
         content => template('kmod/blacklist.conf.erb'),
+        notify  => Exec['update-initramfs'],
     }
 }
diff --git a/modules/kmod/templates/blacklist.conf.erb 
b/modules/kmod/templates/blacklist.conf.erb
index 4da3f52..acd86dd 100644
--- a/modules/kmod/templates/blacklist.conf.erb
+++ b/modules/kmod/templates/blacklist.conf.erb
@@ -3,4 +3,5 @@
 #
 <%- @modules.sort.each do |mod| -%>
 blacklist <%= mod %>
+install <%= mod %> /bin/true
 <%- end -%>

-- 
To view, visit https://gerrit.wikimedia.org/r/392644
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I0829faa6e0c737e958ec480eb787f7468b49833c
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <[email protected]>
Gerrit-Reviewer: BBlack <[email protected]>
Gerrit-Reviewer: Ema <[email protected]>
Gerrit-Reviewer: Faidon Liambotis <[email protected]>
Gerrit-Reviewer: Muehlenhoff <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to