ArielGlenn has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/400244 )
Change subject: move ferm rules for nfs out from dumps module to a profile
......................................................................
move ferm rules for nfs out from dumps module to a profile
Change-Id: I68c06f7a0e52713a2b4a5c3916f1e5694d2f05bd
---
M hieradata/hosts/dataset1001.yaml
M hieradata/hosts/dumpsdata1001.yaml
M hieradata/hosts/dumpsdata1002.yaml
M hieradata/hosts/ms1001.yaml
M modules/dumps/manifests/nfs.pp
A modules/profile/manifests/dumps/nfs.pp
D modules/profile/manifests/dumps/nfs/all.pp
D modules/profile/manifests/dumps/nfs/generation.pp
D modules/profile/manifests/dumps/nfs/public.pp
M modules/role/manifests/dumps/generation/server/fallback.pp
M modules/role/manifests/dumps/generation/server/primary.pp
M modules/role/manifests/dumps/web/xmldumps_active.pp
M modules/role/manifests/dumps/web/xmldumps_fallback.pp
13 files changed, 93 insertions(+), 122 deletions(-)
Approvals:
ArielGlenn: Looks good to me, approved
jenkins-bot: Verified
diff --git a/hieradata/hosts/dataset1001.yaml b/hieradata/hosts/dataset1001.yaml
index 7bd4d09..06d47e5 100644
--- a/hieradata/hosts/dataset1001.yaml
+++ b/hieradata/hosts/dataset1001.yaml
@@ -5,6 +5,8 @@
profile::dumps::xmldumpspublicdir: '/data/xmldatadumps/public'
profile::dumps::dumpstempdir: '/data/xmldatadumps/temp'
+profile::dumps::nfs::clients_wanted: 'all'
+
profile::dumps::rsyncer:
dumps_user: 'dumpsgen'
dumps_group: 'dumpsgen'
diff --git a/hieradata/hosts/dumpsdata1001.yaml
b/hieradata/hosts/dumpsdata1001.yaml
index f18774a..622f655 100644
--- a/hieradata/hosts/dumpsdata1001.yaml
+++ b/hieradata/hosts/dumpsdata1001.yaml
@@ -5,3 +5,5 @@
profile::dumps::cleanup::isreplica: false
profile::dumps::cleanup::labscopy: false
+
+profile::dumps::nfs::clients_wanted: 'generation'
diff --git a/hieradata/hosts/dumpsdata1002.yaml
b/hieradata/hosts/dumpsdata1002.yaml
index 717b3d0..7ba77da 100644
--- a/hieradata/hosts/dumpsdata1002.yaml
+++ b/hieradata/hosts/dumpsdata1002.yaml
@@ -9,6 +9,8 @@
profile::dumps::cleanup::isreplica: false
profile::dumps::cleanup::labscopy: false
+profile::dumps::nfs::clients_wanted: 'generation'
+
profile::dumps::rsyncer:
dumps_user: 'dumpsgen'
dumps_group: 'dumpsgen'
diff --git a/hieradata/hosts/ms1001.yaml b/hieradata/hosts/ms1001.yaml
index 1781b14..aeb0581 100644
--- a/hieradata/hosts/ms1001.yaml
+++ b/hieradata/hosts/ms1001.yaml
@@ -6,6 +6,8 @@
profile::dumps::xmldumpspublicdir: '/data/xmldatadumps/public'
profile::dumps::dumpstempdir: '/data/xmldatadumps/temp'
+profile::dumps::nfs::clients_wanted: 'all'
+
profile::dumps::rsyncer:
dumps_user: 'dumpsgen'
dumps_group: 'dumpsgen'
diff --git a/modules/dumps/manifests/nfs.pp b/modules/dumps/manifests/nfs.pp
index 66770aa..9be6b46 100644
--- a/modules/dumps/manifests/nfs.pp
+++ b/modules/dumps/manifests/nfs.pp
@@ -1,12 +1,11 @@
class dumps::nfs(
$clients = undef,
- $statd_port = undef,
- $statd_out = undef,
+ $path = undef,
$lockd_udp = undef,
$lockd_tcp = undef,
$mountd_port = undef,
- $path = undef,
- $portmapper_port = undef,
+ $statd_port = undef,
+ $statd_out = undef,
) {
file { '/etc/exports':
mode => '0444',
@@ -45,50 +44,6 @@
kmod::options { 'lockd':
options => "nlm_udpport=${lockd_udp} nlm_tcpport=${lockd_tcp}",
- }
-
- include ::network::constants
-
- ferm::service { 'dumps_nfs':
- proto => 'tcp',
- port => '2049',
- srange => '$PRODUCTION_NETWORKS',
- }
-
- ferm::service { 'nfs_rpc_mountd':
- proto => 'tcp',
- port => $mountd_port,
- srange => '$PRODUCTION_NETWORKS',
- }
-
- ferm::service { 'nfs_rpc_statd':
- proto => 'tcp',
- port => $statd_port,
- srange => '$PRODUCTION_NETWORKS',
- }
-
- ferm::service { 'nfs_portmapper_udp':
- proto => 'udp',
- port => $portmapper_port,
- srange => '$PRODUCTION_NETWORKS',
- }
-
- ferm::service { 'nfs_portmapper_tcp':
- proto => 'tcp',
- port => $portmapper_port,
- srange => '$PRODUCTION_NETWORKS',
- }
-
- ferm::service { 'nfs_lockd_udp':
- proto => 'udp',
- port => $lockd_udp,
- srange => '$PRODUCTION_NETWORKS',
- }
-
- ferm::service { 'nfs_lockd_tcp':
- proto => 'tcp',
- port => $lockd_tcp,
- srange => '$PRODUCTION_NETWORKS',
}
monitoring::service { 'nfs':
diff --git a/modules/profile/manifests/dumps/nfs.pp
b/modules/profile/manifests/dumps/nfs.pp
new file mode 100644
index 0000000..bc8cccc
--- /dev/null
+++ b/modules/profile/manifests/dumps/nfs.pp
@@ -0,0 +1,78 @@
+class profile::dumps::nfs(
+ $clients_all = hiera('dumps_nfs_clients'),
+ $clients_wanted = hiera('profile::dumps::nfs::clients_wanted'),
+) {
+ $path = '/data'
+
+ if ($clients_wanted == 'all') {
+ $clients = {'generation' => pick($clients_all['snapshots'], []),
+ 'public' => pick($clients_all['other'], [])}
+ } elsif ($clients_wanted == 'generation') {
+ $clients = {'generation' => pick($clients_all['snapshots'], [])}
+ } elsif ($clients_wanted == 'public') {
+ $clients = {'public' => pick($clients_all['other'], [])}
+ }
+
+ $lockd_udp = '32768'
+ $lockd_tcp = '32769'
+ $mountd_port = '32767'
+ $statd_port = '32765'
+ $statd_out = '32766'
+ $portmapper_port = '111'
+
+ class { '::dumps::nfs':
+ clients => $clients,
+ path => $path,
+ lockd_udp => $lockd_udp,
+ lockd_tcp => $lockd_tcp,
+ mountd_port => $mountd_port,
+ statd_port => $statd_port,
+ statd_out => $statd_out,
+ }
+
+ include ::network::constants
+
+ ferm::service { 'dumps_nfs':
+ proto => 'tcp',
+ port => '2049',
+ srange => '$PRODUCTION_NETWORKS',
+ }
+
+ ferm::service { 'nfs_rpc_mountd':
+ proto => 'tcp',
+ port => $mountd_port,
+ srange => '$PRODUCTION_NETWORKS',
+ }
+
+ ferm::service { 'nfs_rpc_statd':
+ proto => 'tcp',
+ port => $statd_port,
+ srange => '$PRODUCTION_NETWORKS',
+ }
+
+ ferm::service { 'nfs_portmapper_udp':
+ proto => 'udp',
+ port => $portmapper_port,
+ srange => '$PRODUCTION_NETWORKS',
+ }
+
+ ferm::service { 'nfs_portmapper_tcp':
+ proto => 'tcp',
+ port => $portmapper_port,
+ srange => '$PRODUCTION_NETWORKS',
+ }
+
+ ferm::service { 'nfs_lockd_udp':
+ proto => 'udp',
+ port => $lockd_udp,
+ srange => '$PRODUCTION_NETWORKS',
+ }
+
+ ferm::service { 'nfs_lockd_tcp':
+ proto => 'tcp',
+ port => $lockd_tcp,
+ srange => '$PRODUCTION_NETWORKS',
+ }
+
+
+}
diff --git a/modules/profile/manifests/dumps/nfs/all.pp
b/modules/profile/manifests/dumps/nfs/all.pp
deleted file mode 100644
index 8cfb2e1..0000000
--- a/modules/profile/manifests/dumps/nfs/all.pp
+++ /dev/null
@@ -1,24 +0,0 @@
-class profile::dumps::nfs::all(
- $clients_all = hiera('dumps_nfs_clients'),
-) {
- $mountd_port = '32767'
- $statd_port = '32765'
- $statd_out = '32766'
- $portmapper_port = '111'
- $lockd_udp = '32768'
- $lockd_tcp = '32769'
- $path = '/data'
- $clients = {'generation' => pick($clients_all['snapshots'], []),
- 'public' => pick($clients_all['other'], [])}
-
- class { '::dumps::nfs':
- clients => $clients,
- statd_port => $statd_port,
- statd_out => $statd_out,
- lockd_udp => $lockd_udp,
- lockd_tcp => $lockd_tcp,
- mountd_port => $mountd_port,
- portmapper_port => $portmapper_port,
- path => $path,
- }
-}
diff --git a/modules/profile/manifests/dumps/nfs/generation.pp
b/modules/profile/manifests/dumps/nfs/generation.pp
deleted file mode 100644
index 1e91086..0000000
--- a/modules/profile/manifests/dumps/nfs/generation.pp
+++ /dev/null
@@ -1,23 +0,0 @@
-class profile::dumps::nfs::generation(
- $clients_all = hiera('dumps_nfs_clients'),
-) {
- $mountd_port = '32767'
- $statd_port = '32765'
- $statd_out = '32766'
- $portmapper_port = '111'
- $lockd_udp = '32768'
- $lockd_tcp = '32769'
- $path = '/data'
- $clients = {'generation' => pick($clients_all['snapshots'], [])}
-
- class { '::dumps::nfs':
- clients => $clients,
- statd_port => $statd_port,
- statd_out => $statd_out,
- lockd_udp => $lockd_udp,
- lockd_tcp => $lockd_tcp,
- mountd_port => $mountd_port,
- portmapper_port => $portmapper_port,
- path => $path,
- }
-}
diff --git a/modules/profile/manifests/dumps/nfs/public.pp
b/modules/profile/manifests/dumps/nfs/public.pp
deleted file mode 100644
index a7bada2..0000000
--- a/modules/profile/manifests/dumps/nfs/public.pp
+++ /dev/null
@@ -1,23 +0,0 @@
-class profile::dumps::nfs::public(
- $clients_all = hiera('dumps_nfs_clients'),
-) {
- $mountd_port = '32767'
- $statd_port = '32765'
- $statd_out = '32766'
- $portmapper_port = '111'
- $lockd_udp = '32768'
- $lockd_tcp = '32769'
- $path = '/data'
- $clients = {'public' => pick($clients_all['other'], [])}
-
- class { '::dumps::nfs':
- clients => $clients,
- statd_port => $statd_port,
- statd_out => $statd_out,
- lockd_udp => $lockd_udp,
- lockd_tcp => $lockd_tcp,
- mountd_port => $mountd_port,
- portmapper_port => $portmapper_port,
- path => $path,
- }
-}
diff --git a/modules/role/manifests/dumps/generation/server/fallback.pp
b/modules/role/manifests/dumps/generation/server/fallback.pp
index 20dccf6..36440bb 100644
--- a/modules/role/manifests/dumps/generation/server/fallback.pp
+++ b/modules/role/manifests/dumps/generation/server/fallback.pp
@@ -6,7 +6,7 @@
include ::profile::dumps::generation::server::fallback
include ::profile::dumps::generation::server::rsync
include ::profile::dumps::rsyncer_peer
- include ::profile::dumps::nfs::generation
+ include ::profile::dumps::nfs
include ::profile::dumps::web::dumpstatusfiles_sync
include ::profile::dumps::web::cleanup
}
diff --git a/modules/role/manifests/dumps/generation/server/primary.pp
b/modules/role/manifests/dumps/generation/server/primary.pp
index 9150046..53dbe44 100644
--- a/modules/role/manifests/dumps/generation/server/primary.pp
+++ b/modules/role/manifests/dumps/generation/server/primary.pp
@@ -4,6 +4,6 @@
include ::standard
include ::profile::base::firewall
include ::profile::dumps::generation::server::primary
- include ::profile::dumps::nfs::generation
+ include ::profile::dumps::nfs
include ::profile::dumps::web::cleanup
}
diff --git a/modules/role/manifests/dumps/web/xmldumps_active.pp
b/modules/role/manifests/dumps/web/xmldumps_active.pp
index b7bbae3..1fd10cd 100644
--- a/modules/role/manifests/dumps/web/xmldumps_active.pp
+++ b/modules/role/manifests/dumps/web/xmldumps_active.pp
@@ -9,7 +9,7 @@
include ::profile::dumps::web::dumpstatusfiles_sync
include ::profile::dumps::rsyncer
include ::profile::dumps::fetcher
- include ::profile::dumps::nfs::all
+ include ::profile::dumps::nfs
include ::profile::dumps::web::cleanup
include ::profile::dumps::web::cleanup_miscdatasets
diff --git a/modules/role/manifests/dumps/web/xmldumps_fallback.pp
b/modules/role/manifests/dumps/web/xmldumps_fallback.pp
index 64cbd72..a8e1eb5 100644
--- a/modules/role/manifests/dumps/web/xmldumps_fallback.pp
+++ b/modules/role/manifests/dumps/web/xmldumps_fallback.pp
@@ -8,7 +8,7 @@
include ::profile::dumps::web::rsync_server
include ::profile::dumps::web::dumpstatusfiles_sync
include ::profile::dumps::rsyncer_peer
- include ::profile::dumps::nfs::all
+ include ::profile::dumps::nfs
include ::profile::dumps::web::cleanup
include ::profile::dumps::web::cleanup_miscdatasets
--
To view, visit https://gerrit.wikimedia.org/r/400244
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I68c06f7a0e52713a2b4a5c3916f1e5694d2f05bd
Gerrit-PatchSet: 7
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: ArielGlenn <ar...@wikimedia.org>
Gerrit-Reviewer: ArielGlenn <ar...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
