Madhuvishy has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/401420 )
Change subject: dumps: Set up NFS on the dumps distribution servers ...................................................................... dumps: Set up NFS on the dumps distribution servers Bug: T181431 Change-Id: I5ae96b29a284983edb257330db13ed5eb2639b68 --- A modules/profile/files/dumps/distribution/nfs-common A modules/profile/files/dumps/distribution/nfs-kernel-server A modules/profile/manifests/dumps/distribution/nfs.pp M modules/profile/manifests/dumps/distribution/server.pp M modules/role/manifests/dumps/distribution/server.pp 5 files changed, 79 insertions(+), 1 deletion(-) Approvals: Madhuvishy: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/profile/files/dumps/distribution/nfs-common b/modules/profile/files/dumps/distribution/nfs-common new file mode 100644 index 0000000..cd91678 --- /dev/null +++ b/modules/profile/files/dumps/distribution/nfs-common @@ -0,0 +1,17 @@ +# If you do not set values for the NEED_ options, they will be attempted +# autodetected; this should be sufficient for most people. Valid alternatives +# for the NEED_ options are "yes" and "no". + +# Do you want to start the statd daemon? It is not needed for NFSv4. +NEED_STATD=yes + +# Options for rpc.statd. +# Should rpc.statd listen on a specific port? This is especially useful +# when you have a port-based firewall. To use a fixed port, set this +# this variable to a statd argument like: "--port 4000 --outgoing-port 4001". +# For more information, see rpc.statd(8) or http://wiki.debian.org/SecuringNFS +STATDOPTS='--port 55659 --outgoing-port 44153' + +# Do you want to start the gssd daemon? It is required for Kerberos mounts. +NEED_GSSD= +NEED_LOCKD=no diff --git a/modules/profile/files/dumps/distribution/nfs-kernel-server b/modules/profile/files/dumps/distribution/nfs-kernel-server new file mode 100644 index 0000000..bfb4950 --- /dev/null +++ b/modules/profile/files/dumps/distribution/nfs-kernel-server @@ -0,0 +1,23 @@ +# Number of servers to start up +# To disable nfsv4 on the server, specify '--no-nfs-version 4' here + +# Best as max concurrently connected clients. We currently hover around +# 250-280 connected clients as of 1/25/2016 +RPCNFSDCOUNT=192 + +# Runtime priority of server (see nice(1)) +RPCNFSDPRIORITY=0 + +# Options for rpc.mountd. +# If you have a port-based firewall, you might want to set up +# a fixed port here using the --port option. For more information, +# see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS +# To disable NFSv4 on the server, specify '--no-nfs-version 4' here +RPCMOUNTDOPTS='--manage-gids --port 38466 --no-nfs-version 2,3' + +# Do you want to start the svcgssd daemon? It is only required for Kerberos +# exports. Valid alternatives are "yes" and "no"; the default is "no". +NEED_SVCGSSD= + +# Options for rpc.svcgssd. +RPCSVCGSSDOPTS= diff --git a/modules/profile/manifests/dumps/distribution/nfs.pp b/modules/profile/manifests/dumps/distribution/nfs.pp new file mode 100644 index 0000000..0f3a8c3 --- /dev/null +++ b/modules/profile/manifests/dumps/distribution/nfs.pp @@ -0,0 +1,37 @@ +# Set up NFS Server for the public dumps servers +# Firewall rules are managed separately through profile::wmcs::nfs::ferm + +class profile::dumps::distribution::nfs { + + require_package('nfs-kernel-server', 'nfs-common', 'rpcbind') + + file { '/etc/default/nfs-common': + ensure => present, + owner => 'root', + group => 'root', + mode => '0555', + source => 'puppet:///modules/profile/dumps/distribution/nfs-common', + } + + file { '/etc/default/nfs-kernel-server': + ensure => present, + owner => 'root', + group => 'root', + mode => '0555', + source => 'puppet:///modules/profile/dumps/distribution/nfs-kernel-server', + } + + file { '/etc/modprobe.d/nfs-lockd.conf': + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', + content => 'options lockd nlm_udpport=32768 nlm_tcpport=32769', + } + + # Manage state manually + service { 'nfs-kernel-server': + enable => false, + } + +} diff --git a/modules/profile/manifests/dumps/distribution/server.pp b/modules/profile/manifests/dumps/distribution/server.pp index a7d1edc..35a6c15 100644 --- a/modules/profile/manifests/dumps/distribution/server.pp +++ b/modules/profile/manifests/dumps/distribution/server.pp @@ -3,6 +3,7 @@ # or via web or rsync to mirrors class profile::dumps::distribution::server { + class { '::dumpsuser': } file { '/srv/dumps': diff --git a/modules/role/manifests/dumps/distribution/server.pp b/modules/role/manifests/dumps/distribution/server.pp index 250130c..c40f2d0 100644 --- a/modules/role/manifests/dumps/distribution/server.pp +++ b/modules/role/manifests/dumps/distribution/server.pp @@ -5,10 +5,10 @@ include ::profile::base::firewall include ::profile::wmcs::nfs::ferm include ::profile::dumps::distribution::server + include ::profile::dumps::distribution::nfs include ::profile::dumps::web::rsync_server include ::profile::dumps::rsyncer include ::profile::dumps::web::dumpstatusfiles_sync include ::profile::dumps::web::cleanup include ::profile::dumps::web::cleanup_miscdatasets - } -- To view, visit https://gerrit.wikimedia.org/r/401420 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I5ae96b29a284983edb257330db13ed5eb2639b68 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Madhuvishy <mviswanat...@wikimedia.org> Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org> Gerrit-Reviewer: Madhuvishy <mviswanat...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits