ArielGlenn has uploaded a new change for review.
https://gerrit.wikimedia.org/r/302281
Change subject: move ferm rules for dataset roles into common manifest
......................................................................
move ferm rules for dataset roles into common manifest
also include standard and base::firewall there and move out of node
declarations
Change-Id: Ia310d4ce92fdf4a9c9867f41e0d1cfbdc376f55f
---
M manifests/site.pp
A modules/role/manifests/dataset/common.pp
M modules/role/manifests/dataset/secondary.pp
3 files changed, 30 insertions(+), 28 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/81/302281/1
diff --git a/manifests/site.pp b/manifests/site.pp
index 3d31de4..97546c2 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -408,8 +408,6 @@
node 'dataset1001.wikimedia.org' {
role dataset::primary, dumps
- include standard
- include base::firewall
interface::add_ip6_mapped { 'eth2':
interface => 'eth2',
@@ -2019,8 +2017,6 @@
$cluster = 'misc'
role dataset::secondary, dumps
- include standard
- include base::firewall
interface::add_ip6_mapped { 'main':
interface => 'eth0',
diff --git a/modules/role/manifests/dataset/common.pp
b/modules/role/manifests/dataset/common.pp
new file mode 100644
index 0000000..8a14ea5
--- /dev/null
+++ b/modules/role/manifests/dataset/common.pp
@@ -0,0 +1,28 @@
+class role::dataset::common {
+ include standard
+ include base::firewall
+
+ ferm::service { 'nfs_rpc_mountd':
+ proto => 'tcp',
+ port => '32767',
+ srange => '$INTERNAL',
+ }
+
+ ferm::service { 'nfs_rpc_statd':
+ proto => 'tcp',
+ port => '32765',
+ srange => '$INTERNAL',
+ }
+
+ ferm::service { 'nfs_portmapper_udp':
+ proto => 'udp',
+ port => '111',
+ srange => '$INTERNAL',
+ }
+
+ ferm::service { 'nfs_portmapper_tcp':
+ proto => 'tcp',
+ port => '111',
+ srange => '$INTERNAL',
+ }
+}
diff --git a/modules/role/manifests/dataset/secondary.pp
b/modules/role/manifests/dataset/secondary.pp
index 2e6fdfd..131a239 100644
--- a/modules/role/manifests/dataset/secondary.pp
+++ b/modules/role/manifests/dataset/secondary.pp
@@ -2,6 +2,8 @@
# number of directories (but best is not at all)
# mirrors to the public should be provided from here via rsync
class role::dataset::secondary {
+ include role::dataset::common
+
system::role { 'role::dataset::secondary':
description => 'dataset secondary host',
}
@@ -19,29 +21,5 @@
rsync => $rsync,
grabs => $grabs,
uploads => $uploads,
- }
-
- ferm::service { 'nfs_rpc_mountd':
- proto => 'tcp',
- port => '32767',
- srange => '$INTERNAL',
- }
-
- ferm::service { 'nfs_rpc_statd':
- proto => 'tcp',
- port => '32765',
- srange => '$INTERNAL',
- }
-
- ferm::service { 'nfs_portmapper_udp':
- proto => 'udp',
- port => '111',
- srange => '$INTERNAL',
- }
-
- ferm::service { 'nfs_portmapper_tcp':
- proto => 'tcp',
- port => '111',
- srange => '$INTERNAL',
}
}
--
To view, visit https://gerrit.wikimedia.org/r/302281
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia310d4ce92fdf4a9c9867f41e0d1cfbdc376f55f
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: ArielGlenn <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
