coren has uploaded a new change for review. https://gerrit.wikimedia.org/r/218666
Change subject: Labs: More puppetization fixes for labstore* ...................................................................... Labs: More puppetization fixes for labstore* This simply reflects the current status and does not bring in new configuration. Bug: T102478 Change-Id: I28d2f35f0f54853ccab01350922411828de967a2 --- A modules/openstack/files/PUBLIC.exports A modules/openstack/files/ROOT.exports A modules/openstack/files/nfs-common A modules/openstack/files/nfs-kernel-server M modules/openstack/manifests/project-nfs-storage-service.pp 5 files changed, 75 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/66/218666/1 diff --git a/modules/openstack/files/PUBLIC.exports b/modules/openstack/files/PUBLIC.exports new file mode 100644 index 0000000..32e08b1 --- /dev/null +++ b/modules/openstack/files/PUBLIC.exports @@ -0,0 +1,2 @@ +/exp/keys *(ro,sec=sys,sync,no_subtree_check,no_root_squash) +/exp/scratch *(rw,sec=sys,sync,no_subtree_check,root_squash) diff --git a/modules/openstack/files/ROOT.exports b/modules/openstack/files/ROOT.exports new file mode 100644 index 0000000..1d30671 --- /dev/null +++ b/modules/openstack/files/ROOT.exports @@ -0,0 +1 @@ +/exp *(ro,fsid=0,sec=sys,sync,subtree_check,root_squash,nocrossmnt) diff --git a/modules/openstack/files/nfs-common b/modules/openstack/files/nfs-common new file mode 100644 index 0000000..cd91678 --- /dev/null +++ b/modules/openstack/files/nfs-common @@ -0,0 +1,17 @@ +# If you do not set values for the NEED_ options, they will be attempted +# autodetected; this should be sufficient for most people. Valid alternatives +# for the NEED_ options are "yes" and "no". + +# Do you want to start the statd daemon? It is not needed for NFSv4. +NEED_STATD=yes + +# Options for rpc.statd. +# Should rpc.statd listen on a specific port? This is especially useful +# when you have a port-based firewall. To use a fixed port, set this +# this variable to a statd argument like: "--port 4000 --outgoing-port 4001". +# For more information, see rpc.statd(8) or http://wiki.debian.org/SecuringNFS +STATDOPTS='--port 55659 --outgoing-port 44153' + +# Do you want to start the gssd daemon? It is required for Kerberos mounts. +NEED_GSSD= +NEED_LOCKD=no diff --git a/modules/openstack/files/nfs-kernel-server b/modules/openstack/files/nfs-kernel-server new file mode 100644 index 0000000..ea0974e --- /dev/null +++ b/modules/openstack/files/nfs-kernel-server @@ -0,0 +1,23 @@ +# Number of servers to start up +# To disable nfsv4 on the server, specify '--no-nfs-version 4' here +RPCNFSDCOUNT=64 + +# Runtime priority of server (see nice(1)) +RPCNFSDPRIORITY=0 + +# Options for rpc.mountd. +# If you have a port-based firewall, you might want to set up +# a fixed port here using the --port option. For more information, +# see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS +# To disable NFSv4 on the server, specify '--no-nfs-version 4' here +RPCMOUNTDOPTS='--manage-gids --port 38466' + +# Do you want to start the svcgssd daemon? It is only required for Kerberos +# exports. Valid alternatives are "yes" and "no"; the default is "no". +NEED_SVCGSSD= + +# Options for rpc.svcgssd. +RPCSVCGSSDOPTS= + +# Options for rpc.nfsd. +RPCNFSDOPTS="-p 38467" diff --git a/modules/openstack/manifests/project-nfs-storage-service.pp b/modules/openstack/manifests/project-nfs-storage-service.pp index 8e4616f..92e2f2b 100644 --- a/modules/openstack/manifests/project-nfs-storage-service.pp +++ b/modules/openstack/manifests/project-nfs-storage-service.pp @@ -24,6 +24,22 @@ source => 'puppet:///modules/openstack/set-stripe-cache', } + file { '/etc/default/nfs-common': + ensure => present, + owner => 'root', + group => 'root', + mode => '0555', + source => 'puppet:///modules/openstack/nfs-common', + } + + file { '/etc/default/nfs-kernel-server': + ensure => present, + owner => 'root', + group => 'root', + mode => '0555', + source => 'puppet:///modules/openstack/nfs-kernel-server', + } + # This is done unconditionally to all the md devices at # interval to guard against (a) puppet not applying for # any reason, and (b) the fact that the set of started @@ -62,6 +78,22 @@ mode => '2775', } + file { '/etc/exports.d/ROOT.exports', + ensure => present, + owner => 'root', + group => 'root', + mode => '0555', + source => 'puppet:///modules/openstack/ROOT.exports', + } + + file { '/etc/exports.d/PUBLIC.exports', + ensure => present, + owner => 'root', + group => 'root', + mode => '0555', + source => 'puppet:///modules/openstack/PUBLIC.exports', + } + if ($::site == 'eqiad') { cron { 'Update labs ssh keys': ensure => present, -- To view, visit https://gerrit.wikimedia.org/r/218666 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I28d2f35f0f54853ccab01350922411828de967a2 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: coren <mpellet...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits