Madhuvishy has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/393695 )
Change subject: public_dumps: Add puppet class to set up NFS for dumps servers ...................................................................... public_dumps: Add puppet class to set up NFS for dumps servers Bug: T181431 Change-Id: I068f639e3b5a544af288408d90558a85c8287f72 --- M modules/profile/manifests/dumps/public_server.pp A modules/public_dumps/files/nfs-common A modules/public_dumps/files/nfs-kernel-server A modules/public_dumps/manifests/nfs.pp 4 files changed, 78 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/95/393695/1 diff --git a/modules/profile/manifests/dumps/public_server.pp b/modules/profile/manifests/dumps/public_server.pp index f841c39..f0e95d9 100644 --- a/modules/profile/manifests/dumps/public_server.pp +++ b/modules/profile/manifests/dumps/public_server.pp @@ -5,5 +5,5 @@ class profile::dumps::public_server { class {'::public_dumps::server':} - class {'::labstore':} + class {'::public_dumps::nfs':} } diff --git a/modules/public_dumps/files/nfs-common b/modules/public_dumps/files/nfs-common new file mode 100644 index 0000000..cd91678 --- /dev/null +++ b/modules/public_dumps/files/nfs-common @@ -0,0 +1,17 @@ +# If you do not set values for the NEED_ options, they will be attempted +# autodetected; this should be sufficient for most people. Valid alternatives +# for the NEED_ options are "yes" and "no". + +# Do you want to start the statd daemon? It is not needed for NFSv4. +NEED_STATD=yes + +# Options for rpc.statd. +# Should rpc.statd listen on a specific port? This is especially useful +# when you have a port-based firewall. To use a fixed port, set this +# this variable to a statd argument like: "--port 4000 --outgoing-port 4001". +# For more information, see rpc.statd(8) or http://wiki.debian.org/SecuringNFS +STATDOPTS='--port 55659 --outgoing-port 44153' + +# Do you want to start the gssd daemon? It is required for Kerberos mounts. +NEED_GSSD= +NEED_LOCKD=no diff --git a/modules/public_dumps/files/nfs-kernel-server b/modules/public_dumps/files/nfs-kernel-server new file mode 100644 index 0000000..bfb4950 --- /dev/null +++ b/modules/public_dumps/files/nfs-kernel-server @@ -0,0 +1,23 @@ +# Number of servers to start up +# To disable nfsv4 on the server, specify '--no-nfs-version 4' here + +# Best as max concurrently connected clients. We currently hover around +# 250-280 connected clients as of 1/25/2016 +RPCNFSDCOUNT=192 + +# Runtime priority of server (see nice(1)) +RPCNFSDPRIORITY=0 + +# Options for rpc.mountd. +# If you have a port-based firewall, you might want to set up +# a fixed port here using the --port option. For more information, +# see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS +# To disable NFSv4 on the server, specify '--no-nfs-version 4' here +RPCMOUNTDOPTS='--manage-gids --port 38466 --no-nfs-version 2,3' + +# Do you want to start the svcgssd daemon? It is only required for Kerberos +# exports. Valid alternatives are "yes" and "no"; the default is "no". +NEED_SVCGSSD= + +# Options for rpc.svcgssd. +RPCSVCGSSDOPTS= diff --git a/modules/public_dumps/manifests/nfs.pp b/modules/public_dumps/manifests/nfs.pp new file mode 100644 index 0000000..3586906 --- /dev/null +++ b/modules/public_dumps/manifests/nfs.pp @@ -0,0 +1,37 @@ +# Set up NFS Server for the public dumps servers +# Firewall rules are managed separately through profile::wmcs::nfs::ferm + +class public_dumps::nfs { + + require_package('nfs-kernel-server', 'nfs-common', 'rpcbind') + + file { '/etc/default/nfs-common': + ensure => present, + owner => 'root', + group => 'root', + mode => '0555', + source => 'puppet:///modules/public_dumps/nfs-common', + } + + file { '/etc/default/nfs-kernel-server': + ensure => present, + owner => 'root', + group => 'root', + mode => '0555', + source => 'puppet:///modules/public_dumps/nfs-kernel-server', + } + + file { '/etc/modprobe.d/nfs-lockd.conf': + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', + content => 'options lockd nlm_udpport=32768 nlm_tcpport=32769', + } + + # Manage state manually + service { 'nfs-kernel-server': + enable => false, + } + +} -- To view, visit https://gerrit.wikimedia.org/r/393695 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I068f639e3b5a544af288408d90558a85c8287f72 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Madhuvishy <mviswanat...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits