Yuvipanda has uploaded a new change for review. https://gerrit.wikimedia.org/r/217247
Change subject: labs: Disable mounting /public/keys on non-precise hosts ...................................................................... labs: Disable mounting /public/keys on non-precise hosts They use LDAP for authentication anyway, so no need to have this mounted at all. Bug: T101660 Change-Id: Ibf6b3bc35508ab19713a858dfb25d26227a220fa --- M manifests/role/labs.pp 1 file changed, 26 insertions(+), 20 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/47/217247/1 diff --git a/manifests/role/labs.pp b/manifests/role/labs.pp index 3659266..0fd787a 100644 --- a/manifests/role/labs.pp +++ b/manifests/role/labs.pp @@ -30,14 +30,6 @@ mode => '0444', } - # Directory for public (readonly) mounts - file { '/public': - ensure => directory, - owner => 'root', - group => 'root', - mode => '0755', - } - package { 'puppet-lint': ensure => present, } @@ -101,6 +93,17 @@ } } + # Only create if we need /public/dumps or /public/keys + if $nfs_mounts['dumps'] or os_version('ubuntu <= precise') { + # Directory for public (readonly) mounts + file { '/public': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755', + } + } + if $nfs_mounts['dumps'] { file { '/public/dumps': ensure => directory, @@ -116,18 +119,21 @@ } } - file { '/public/keys': - ensure => directory, - require => File['/public'], - } - mount { '/public/keys': - ensure => mounted, - atboot => true, - fstype => 'nfs', - options => "ro,${nfs_opts}", - device => "${nfs_server}:/keys", - require => File['/public/keys', '/etc/modprobe.d/nfs-no-idmap'], - notify => Service['ssh'], + # Used by ssh for logging in, only on precise and lower + if os_version('ubuntu <= precise') { + file { '/public/keys': + ensure => directory, + require => File['/public'], + } + mount { '/public/keys': + ensure => mounted, + atboot => true, + fstype => 'nfs', + options => "ro,${nfs_opts}", + device => "${nfs_server}:/keys", + require => File['/public/keys', '/etc/modprobe.d/nfs-no-idmap'], + notify => Service['ssh'], + } } # While the default on kernels >= 3.3 is to have idmap disabled, -- To view, visit https://gerrit.wikimedia.org/r/217247 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ibf6b3bc35508ab19713a858dfb25d26227a220fa Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Yuvipanda <yuvipa...@gmail.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits