[MediaWiki-commits] [Gerrit] operations/puppet[production]: move ferm rules for nfs out from dumps module to a profile
ArielGlenn has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/400244 )
Change subject: move ferm rules for nfs out from dumps module to a profile
..
move ferm rules for nfs out from dumps module to a profile
Change-Id: I68c06f7a0e52713a2b4a5c3916f1e5694d2f05bd
---
M hieradata/hosts/dataset1001.yaml
M hieradata/hosts/dumpsdata1001.yaml
M hieradata/hosts/dumpsdata1002.yaml
M hieradata/hosts/ms1001.yaml
M modules/dumps/manifests/nfs.pp
A modules/profile/manifests/dumps/nfs.pp
D modules/profile/manifests/dumps/nfs/all.pp
D modules/profile/manifests/dumps/nfs/generation.pp
D modules/profile/manifests/dumps/nfs/public.pp
M modules/role/manifests/dumps/generation/server/fallback.pp
M modules/role/manifests/dumps/generation/server/primary.pp
M modules/role/manifests/dumps/web/xmldumps_active.pp
M modules/role/manifests/dumps/web/xmldumps_fallback.pp
13 files changed, 93 insertions(+), 122 deletions(-)
Approvals:
ArielGlenn: Looks good to me, approved
jenkins-bot: Verified
diff --git a/hieradata/hosts/dataset1001.yaml b/hieradata/hosts/dataset1001.yaml
index 7bd4d09..06d47e5 100644
--- a/hieradata/hosts/dataset1001.yaml
+++ b/hieradata/hosts/dataset1001.yaml
@@ -5,6 +5,8 @@
profile::dumps::xmldumpspublicdir: '/data/xmldatadumps/public'
profile::dumps::dumpstempdir: '/data/xmldatadumps/temp'
+profile::dumps::nfs::clients_wanted: 'all'
+
profile::dumps::rsyncer:
dumps_user: 'dumpsgen'
dumps_group: 'dumpsgen'
diff --git a/hieradata/hosts/dumpsdata1001.yaml
b/hieradata/hosts/dumpsdata1001.yaml
index f18774a..622f655 100644
--- a/hieradata/hosts/dumpsdata1001.yaml
+++ b/hieradata/hosts/dumpsdata1001.yaml
@@ -5,3 +5,5 @@
profile::dumps::cleanup::isreplica: false
profile::dumps::cleanup::labscopy: false
+
+profile::dumps::nfs::clients_wanted: 'generation'
diff --git a/hieradata/hosts/dumpsdata1002.yaml
b/hieradata/hosts/dumpsdata1002.yaml
index 717b3d0..7ba77da 100644
--- a/hieradata/hosts/dumpsdata1002.yaml
+++ b/hieradata/hosts/dumpsdata1002.yaml
@@ -9,6 +9,8 @@
profile::dumps::cleanup::isreplica: false
profile::dumps::cleanup::labscopy: false
+profile::dumps::nfs::clients_wanted: 'generation'
+
profile::dumps::rsyncer:
dumps_user: 'dumpsgen'
dumps_group: 'dumpsgen'
diff --git a/hieradata/hosts/ms1001.yaml b/hieradata/hosts/ms1001.yaml
index 1781b14..aeb0581 100644
--- a/hieradata/hosts/ms1001.yaml
+++ b/hieradata/hosts/ms1001.yaml
@@ -6,6 +6,8 @@
profile::dumps::xmldumpspublicdir: '/data/xmldatadumps/public'
profile::dumps::dumpstempdir: '/data/xmldatadumps/temp'
+profile::dumps::nfs::clients_wanted: 'all'
+
profile::dumps::rsyncer:
dumps_user: 'dumpsgen'
dumps_group: 'dumpsgen'
diff --git a/modules/dumps/manifests/nfs.pp b/modules/dumps/manifests/nfs.pp
index 66770aa..9be6b46 100644
--- a/modules/dumps/manifests/nfs.pp
+++ b/modules/dumps/manifests/nfs.pp
@@ -1,12 +1,11 @@
class dumps::nfs(
$clients = undef,
-$statd_port = undef,
-$statd_out = undef,
+$path = undef,
$lockd_udp = undef,
$lockd_tcp = undef,
$mountd_port = undef,
-$path = undef,
-$portmapper_port = undef,
+$statd_port = undef,
+$statd_out = undef,
) {
file { '/etc/exports':
mode=> '0444',
@@ -45,50 +44,6 @@
kmod::options { 'lockd':
options => "nlm_udpport=${lockd_udp} nlm_tcpport=${lockd_tcp}",
-}
-
-include ::network::constants
-
-ferm::service { 'dumps_nfs':
-proto => 'tcp',
-port => '2049',
-srange => '$PRODUCTION_NETWORKS',
-}
-
-ferm::service { 'nfs_rpc_mountd':
-proto => 'tcp',
-port => $mountd_port,
-srange => '$PRODUCTION_NETWORKS',
-}
-
-ferm::service { 'nfs_rpc_statd':
-proto => 'tcp',
-port => $statd_port,
-srange => '$PRODUCTION_NETWORKS',
-}
-
-ferm::service { 'nfs_portmapper_udp':
-proto => 'udp',
-port => $portmapper_port,
-srange => '$PRODUCTION_NETWORKS',
-}
-
-ferm::service { 'nfs_portmapper_tcp':
-proto => 'tcp',
-port => $portmapper_port,
-srange => '$PRODUCTION_NETWORKS',
-}
-
-ferm::service { 'nfs_lockd_udp':
-proto => 'udp',
-port => $lockd_udp,
-srange => '$PRODUCTION_NETWORKS',
-}
-
-ferm::service { 'nfs_lockd_tcp':
-proto => 'tcp',
-port => $lockd_tcp,
-srange => '$PRODUCTION_NETWORKS',
}
monitoring::service { 'nfs':
diff --git a/modules/profile/manifests/dumps/nfs.pp
b/modules/profile/manifests/dumps/nfs.pp
new file mode 100644
index 000..bc8
--- /dev/null
+++ b/modules/profile/manifests/dumps/nfs.pp
@@ -0,0 +1,78 @@
+class profile::dumps::nfs(
+$clients_all = hiera('dumps_nfs_clients'),
+$clients_wanted = hiera('profile::dumps::nfs::clients_wanted'),
+) {
+$path= '/data'
+
+if ($clients_wanted == 'all') {
+
[MediaWiki-commits] [Gerrit] operations/puppet[production]: move ferm rules for nfs out from dumps module to a profile
ArielGlenn has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/400244 )
Change subject: move ferm rules for nfs out from dumps module to a profile
..
move ferm rules for nfs out from dumps module to a profile
Change-Id: I68c06f7a0e52713a2b4a5c3916f1e5694d2f05bd
---
M modules/dumps/manifests/nfs.pp
M modules/profile/manifests/dumps/nfs/all.pp
A modules/profile/manifests/dumps/nfs/ferm.pp
M modules/profile/manifests/dumps/nfs/generation.pp
M modules/profile/manifests/dumps/nfs/public.pp
5 files changed, 59 insertions(+), 87 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/44/400244/1
diff --git a/modules/dumps/manifests/nfs.pp b/modules/dumps/manifests/nfs.pp
index 66770aa..6a98ce3 100644
--- a/modules/dumps/manifests/nfs.pp
+++ b/modules/dumps/manifests/nfs.pp
@@ -1,12 +1,6 @@
class dumps::nfs(
$clients = undef,
-$statd_port = undef,
-$statd_out = undef,
-$lockd_udp = undef,
-$lockd_tcp = undef,
-$mountd_port = undef,
$path = undef,
-$portmapper_port = undef,
) {
file { '/etc/exports':
mode=> '0444',
@@ -44,51 +38,7 @@
}
kmod::options { 'lockd':
-options => "nlm_udpport=${lockd_udp} nlm_tcpport=${lockd_tcp}",
-}
-
-include ::network::constants
-
-ferm::service { 'dumps_nfs':
-proto => 'tcp',
-port => '2049',
-srange => '$PRODUCTION_NETWORKS',
-}
-
-ferm::service { 'nfs_rpc_mountd':
-proto => 'tcp',
-port => $mountd_port,
-srange => '$PRODUCTION_NETWORKS',
-}
-
-ferm::service { 'nfs_rpc_statd':
-proto => 'tcp',
-port => $statd_port,
-srange => '$PRODUCTION_NETWORKS',
-}
-
-ferm::service { 'nfs_portmapper_udp':
-proto => 'udp',
-port => $portmapper_port,
-srange => '$PRODUCTION_NETWORKS',
-}
-
-ferm::service { 'nfs_portmapper_tcp':
-proto => 'tcp',
-port => $portmapper_port,
-srange => '$PRODUCTION_NETWORKS',
-}
-
-ferm::service { 'nfs_lockd_udp':
-proto => 'udp',
-port => $lockd_udp,
-srange => '$PRODUCTION_NETWORKS',
-}
-
-ferm::service { 'nfs_lockd_tcp':
-proto => 'tcp',
-port => $lockd_tcp,
-srange => '$PRODUCTION_NETWORKS',
+options => "nlm_udpport=32768 nlm_tcpport=32769",
}
monitoring::service { 'nfs':
diff --git a/modules/profile/manifests/dumps/nfs/all.pp
b/modules/profile/manifests/dumps/nfs/all.pp
index 8cfb2e1..aeadcfb 100644
--- a/modules/profile/manifests/dumps/nfs/all.pp
+++ b/modules/profile/manifests/dumps/nfs/all.pp
@@ -1,24 +1,14 @@
class profile::dumps::nfs::all(
$clients_all = hiera('dumps_nfs_clients'),
) {
-$mountd_port = '32767'
-$statd_port = '32765'
-$statd_out = '32766'
-$portmapper_port = '111'
-$lockd_udp = '32768'
-$lockd_tcp = '32769'
+require ::profile::dumps::nfs::ferm
+
$path= '/data'
$clients = {'generation' => pick($clients_all['snapshots'], []),
'public' => pick($clients_all['other'], [])}
class { '::dumps::nfs':
clients => $clients,
-statd_port => $statd_port,
-statd_out => $statd_out,
-lockd_udp => $lockd_udp,
-lockd_tcp => $lockd_tcp,
-mountd_port => $mountd_port,
-portmapper_port => $portmapper_port,
path=> $path,
}
}
diff --git a/modules/profile/manifests/dumps/nfs/ferm.pp
b/modules/profile/manifests/dumps/nfs/ferm.pp
new file mode 100644
index 000..cf0cf21
--- /dev/null
+++ b/modules/profile/manifests/dumps/nfs/ferm.pp
@@ -0,0 +1,52 @@
+class profile::dumps::nfs::ferm {
+include ::network::constants
+
+$mountd_port = '32767'
+$statd_port = '32765'
+$statd_out = '32766'
+$portmapper_port = '111'
+
+ferm::service { 'dumps_nfs':
+proto => 'tcp',
+port => '2049',
+srange => '$PRODUCTION_NETWORKS',
+}
+
+ferm::service { 'nfs_rpc_mountd':
+proto => 'tcp',
+port => $mountd_port,
+srange => '$PRODUCTION_NETWORKS',
+}
+
+ferm::service { 'nfs_rpc_statd':
+proto => 'tcp',
+port => $statd_port,
+srange => '$PRODUCTION_NETWORKS',
+}
+
+ferm::service { 'nfs_portmapper_udp':
+proto => 'udp',
+port => $portmapper_port,
+srange => '$PRODUCTION_NETWORKS',
+}
+
+ferm::service { 'nfs_portmapper_tcp':
+proto => 'tcp',
+port => $portmapper_port,
+srange => '$PRODUCTION_NETWORKS',
+}
+
+ferm::service { 'nfs_lockd_udp':
+proto => 'udp',
+port => '32768',
+srange => '$PRODUCTION_NETWORKS',
+}
+
+ferm::service { 'nfs_lockd_tcp':
+
