[MediaWiki-commits] [Gerrit] labs: Disable mounting /public/keys on non-precise hosts - change (operations/puppet)

Wed, 10 Jun 2015 04:11:20 -0700 

Yuvipanda has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/217247

Change subject: labs: Disable mounting /public/keys on non-precise hosts
......................................................................

labs: Disable mounting /public/keys on non-precise hosts

They use LDAP for authentication anyway, so no need to have this
mounted at all.

Bug: T101660
Change-Id: Ibf6b3bc35508ab19713a858dfb25d26227a220fa
---
M manifests/role/labs.pp
1 file changed, 26 insertions(+), 20 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/47/217247/1

diff --git a/manifests/role/labs.pp b/manifests/role/labs.pp
index 3659266..0fd787a 100644
--- a/manifests/role/labs.pp
+++ b/manifests/role/labs.pp
@@ -30,14 +30,6 @@
         mode    => '0444',
     }
 
-    # Directory for public (readonly) mounts
-    file { '/public':
-        ensure => directory,
-        owner  => 'root',
-        group  => 'root',
-        mode   => '0755',
-    }
-
     package { 'puppet-lint':
         ensure => present,
     }
@@ -101,6 +93,17 @@
         }
     }
 
+    # Only create if we need /public/dumps or /public/keys
+    if $nfs_mounts['dumps'] or os_version('ubuntu <= precise') {
+        # Directory for public (readonly) mounts
+        file { '/public':
+            ensure => directory,
+            owner  => 'root',
+            group  => 'root',
+            mode   => '0755',
+        }
+    }
+
     if $nfs_mounts['dumps'] {
         file { '/public/dumps':
             ensure  => directory,
@@ -116,18 +119,21 @@
         }
     }
 
-    file { '/public/keys':
-        ensure  => directory,
-        require => File['/public'],
-    }
-    mount { '/public/keys':
-        ensure  => mounted,
-        atboot  => true,
-        fstype  => 'nfs',
-        options => "ro,${nfs_opts}",
-        device  => "${nfs_server}:/keys",
-        require => File['/public/keys', '/etc/modprobe.d/nfs-no-idmap'],
-        notify  => Service['ssh'],
+    # Used by ssh for logging in, only on precise and lower
+    if os_version('ubuntu <= precise') {
+        file { '/public/keys':
+            ensure  => directory,
+            require => File['/public'],
+        }
+        mount { '/public/keys':
+            ensure  => mounted,
+            atboot  => true,
+            fstype  => 'nfs',
+            options => "ro,${nfs_opts}",
+            device  => "${nfs_server}:/keys",
+            require => File['/public/keys', '/etc/modprobe.d/nfs-no-idmap'],
+            notify  => Service['ssh'],
+        }
     }
 
     # While the default on kernels >= 3.3 is to have idmap disabled,

-- 
To view, visit https://gerrit.wikimedia.org/r/217247
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibf6b3bc35508ab19713a858dfb25d26227a220fa
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <yuvipa...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to