ArielGlenn has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/400244 )
Change subject: move ferm rules for nfs out from dumps module to a profile
......................................................................
move ferm rules for nfs out from dumps module to a profile
Change-Id: I68c06f7a0e52713a2b4a5c3916f1e5694d2f05bd
---
M modules/dumps/manifests/nfs.pp
M modules/profile/manifests/dumps/nfs/all.pp
A modules/profile/manifests/dumps/nfs/ferm.pp
M modules/profile/manifests/dumps/nfs/generation.pp
M modules/profile/manifests/dumps/nfs/public.pp
5 files changed, 59 insertions(+), 87 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/44/400244/1
diff --git a/modules/dumps/manifests/nfs.pp b/modules/dumps/manifests/nfs.pp
index 66770aa..6a98ce3 100644
--- a/modules/dumps/manifests/nfs.pp
+++ b/modules/dumps/manifests/nfs.pp
@@ -1,12 +1,6 @@
class dumps::nfs(
$clients = undef,
- $statd_port = undef,
- $statd_out = undef,
- $lockd_udp = undef,
- $lockd_tcp = undef,
- $mountd_port = undef,
$path = undef,
- $portmapper_port = undef,
) {
file { '/etc/exports':
mode => '0444',
@@ -44,51 +38,7 @@
}
kmod::options { 'lockd':
- options => "nlm_udpport=${lockd_udp} nlm_tcpport=${lockd_tcp}",
- }
-
- include ::network::constants
-
- ferm::service { 'dumps_nfs':
- proto => 'tcp',
- port => '2049',
- srange => '$PRODUCTION_NETWORKS',
- }
-
- ferm::service { 'nfs_rpc_mountd':
- proto => 'tcp',
- port => $mountd_port,
- srange => '$PRODUCTION_NETWORKS',
- }
-
- ferm::service { 'nfs_rpc_statd':
- proto => 'tcp',
- port => $statd_port,
- srange => '$PRODUCTION_NETWORKS',
- }
-
- ferm::service { 'nfs_portmapper_udp':
- proto => 'udp',
- port => $portmapper_port,
- srange => '$PRODUCTION_NETWORKS',
- }
-
- ferm::service { 'nfs_portmapper_tcp':
- proto => 'tcp',
- port => $portmapper_port,
- srange => '$PRODUCTION_NETWORKS',
- }
-
- ferm::service { 'nfs_lockd_udp':
- proto => 'udp',
- port => $lockd_udp,
- srange => '$PRODUCTION_NETWORKS',
- }
-
- ferm::service { 'nfs_lockd_tcp':
- proto => 'tcp',
- port => $lockd_tcp,
- srange => '$PRODUCTION_NETWORKS',
+ options => "nlm_udpport=32768 nlm_tcpport=32769",
}
monitoring::service { 'nfs':
diff --git a/modules/profile/manifests/dumps/nfs/all.pp
b/modules/profile/manifests/dumps/nfs/all.pp
index 8cfb2e1..aeadcfb 100644
--- a/modules/profile/manifests/dumps/nfs/all.pp
+++ b/modules/profile/manifests/dumps/nfs/all.pp
@@ -1,24 +1,14 @@
class profile::dumps::nfs::all(
$clients_all = hiera('dumps_nfs_clients'),
) {
- $mountd_port = '32767'
- $statd_port = '32765'
- $statd_out = '32766'
- $portmapper_port = '111'
- $lockd_udp = '32768'
- $lockd_tcp = '32769'
+ require ::profile::dumps::nfs::ferm
+
$path = '/data'
$clients = {'generation' => pick($clients_all['snapshots'], []),
'public' => pick($clients_all['other'], [])}
class { '::dumps::nfs':
clients => $clients,
- statd_port => $statd_port,
- statd_out => $statd_out,
- lockd_udp => $lockd_udp,
- lockd_tcp => $lockd_tcp,
- mountd_port => $mountd_port,
- portmapper_port => $portmapper_port,
path => $path,
}
}
diff --git a/modules/profile/manifests/dumps/nfs/ferm.pp
b/modules/profile/manifests/dumps/nfs/ferm.pp
new file mode 100644
index 0000000..cf0cf21
--- /dev/null
+++ b/modules/profile/manifests/dumps/nfs/ferm.pp
@@ -0,0 +1,52 @@
+class profile::dumps::nfs::ferm {
+ include ::network::constants
+
+ $mountd_port = '32767'
+ $statd_port = '32765'
+ $statd_out = '32766'
+ $portmapper_port = '111'
+
+ ferm::service { 'dumps_nfs':
+ proto => 'tcp',
+ port => '2049',
+ srange => '$PRODUCTION_NETWORKS',
+ }
+
+ ferm::service { 'nfs_rpc_mountd':
+ proto => 'tcp',
+ port => $mountd_port,
+ srange => '$PRODUCTION_NETWORKS',
+ }
+
+ ferm::service { 'nfs_rpc_statd':
+ proto => 'tcp',
+ port => $statd_port,
+ srange => '$PRODUCTION_NETWORKS',
+ }
+
+ ferm::service { 'nfs_portmapper_udp':
+ proto => 'udp',
+ port => $portmapper_port,
+ srange => '$PRODUCTION_NETWORKS',
+ }
+
+ ferm::service { 'nfs_portmapper_tcp':
+ proto => 'tcp',
+ port => $portmapper_port,
+ srange => '$PRODUCTION_NETWORKS',
+ }
+
+ ferm::service { 'nfs_lockd_udp':
+ proto => 'udp',
+ port => '32768',
+ srange => '$PRODUCTION_NETWORKS',
+ }
+
+ ferm::service { 'nfs_lockd_tcp':
+ proto => 'tcp',
+ port => '32769',
+ srange => '$PRODUCTION_NETWORKS',
+ }
+
+
+}
diff --git a/modules/profile/manifests/dumps/nfs/generation.pp
b/modules/profile/manifests/dumps/nfs/generation.pp
index 1e91086..2f72732 100644
--- a/modules/profile/manifests/dumps/nfs/generation.pp
+++ b/modules/profile/manifests/dumps/nfs/generation.pp
@@ -1,23 +1,13 @@
class profile::dumps::nfs::generation(
$clients_all = hiera('dumps_nfs_clients'),
) {
- $mountd_port = '32767'
- $statd_port = '32765'
- $statd_out = '32766'
- $portmapper_port = '111'
- $lockd_udp = '32768'
- $lockd_tcp = '32769'
+ require ::profile::dumps::nfs::ferm
+
$path = '/data'
$clients = {'generation' => pick($clients_all['snapshots'], [])}
class { '::dumps::nfs':
clients => $clients,
- statd_port => $statd_port,
- statd_out => $statd_out,
- lockd_udp => $lockd_udp,
- lockd_tcp => $lockd_tcp,
- mountd_port => $mountd_port,
- portmapper_port => $portmapper_port,
path => $path,
}
}
diff --git a/modules/profile/manifests/dumps/nfs/public.pp
b/modules/profile/manifests/dumps/nfs/public.pp
index a7bada2..07e24f6 100644
--- a/modules/profile/manifests/dumps/nfs/public.pp
+++ b/modules/profile/manifests/dumps/nfs/public.pp
@@ -1,23 +1,13 @@
class profile::dumps::nfs::public(
$clients_all = hiera('dumps_nfs_clients'),
) {
- $mountd_port = '32767'
- $statd_port = '32765'
- $statd_out = '32766'
- $portmapper_port = '111'
- $lockd_udp = '32768'
- $lockd_tcp = '32769'
+ require ::profile::dump::nfs::ferm
+
$path = '/data'
$clients = {'public' => pick($clients_all['other'], [])}
class { '::dumps::nfs':
clients => $clients,
- statd_port => $statd_port,
- statd_out => $statd_out,
- lockd_udp => $lockd_udp,
- lockd_tcp => $lockd_tcp,
- mountd_port => $mountd_port,
- portmapper_port => $portmapper_port,
path => $path,
}
}
--
To view, visit https://gerrit.wikimedia.org/r/400244
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I68c06f7a0e52713a2b4a5c3916f1e5694d2f05bd
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: ArielGlenn <ar...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
