Ema has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/365911 )
Change subject: [1/2] use kmod puppet module instead of File resources
......................................................................
[1/2] use kmod puppet module instead of File resources
This commit replaces ad-hoc usages of File resources with kmod defines
introduced in 0f33d9daee6e2a64ff0f97a46843580fce753dac. Only trivial
cases have been tackled by this commit, leaving untouched those where,
for instance, update-initramfs is needed.
Change-Id: I32b633e398ab617b56c9a683272d4bbc990a5335
---
D modules/base/files/kernel/blacklist-linux44.conf
D modules/base/files/kernel/blacklist-r320.conf
D modules/base/files/kernel/blacklist-wmf.conf
M modules/base/manifests/kernel.pp
M modules/dataset/manifests/nfs.pp
M modules/ganeti/manifests/init.pp
M modules/ipmi/manifests/monitor.pp
M modules/labstore/manifests/traffic_shaping.pp
M modules/lvs/manifests/kernel_config.pp
M modules/role/manifests/labs/openstack/nova/compute.pp
10 files changed, 65 insertions(+), 86 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/11/365911/1
diff --git a/modules/base/files/kernel/blacklist-linux44.conf
b/modules/base/files/kernel/blacklist-linux44.conf
deleted file mode 100644
index d4016d1..0000000
--- a/modules/base/files/kernel/blacklist-linux44.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-blacklist asn1_decoder
-blacklist macsec
diff --git a/modules/base/files/kernel/blacklist-r320.conf
b/modules/base/files/kernel/blacklist-r320.conf
deleted file mode 100644
index da8f184..0000000
--- a/modules/base/files/kernel/blacklist-r320.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-blacklist acpi_pad
-
diff --git a/modules/base/files/kernel/blacklist-wmf.conf
b/modules/base/files/kernel/blacklist-wmf.conf
deleted file mode 100644
index ffb4b41..0000000
--- a/modules/base/files/kernel/blacklist-wmf.conf
+++ /dev/null
@@ -1,17 +0,0 @@
-blacklist overlayfs
-blacklist overlay
-blacklist aufs
-blacklist usbip-core
-blacklist usbip-host
-blacklist vhci-hcd
-blacklist dccp
-blacklist dccp_ipv6
-blacklist dccp_ipv4
-blacklist dccp_probe
-blacklist dccp_diag
-blacklist n_hdlc
-blacklist intel_uncore
-blacklist parport
-blacklist parport_pc
-blacklist ppdev
-blacklist acpi_power_meter
diff --git a/modules/base/manifests/kernel.pp b/modules/base/manifests/kernel.pp
index 01c9c76..23031a2 100644
--- a/modules/base/manifests/kernel.pp
+++ b/modules/base/manifests/kernel.pp
@@ -17,21 +17,31 @@
}
}
- file { '/etc/modprobe.d/blacklist-wmf.conf':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0444',
- source => 'puppet:///modules/base/kernel/blacklist-wmf.conf',
+ kmod::blacklist { "wmf":
+ modules => [
+ 'overlayfs',
+ 'overlay',
+ 'aufs',
+ 'usbip-core',
+ 'usbip-host',
+ 'vhci-hcd',
+ 'dccp',
+ 'dccp_ipv6',
+ 'dccp_ipv4',
+ 'dccp_probe',
+ 'dccp_diag',
+ 'n_hdlc',
+ 'intel_uncore',
+ 'parport',
+ 'parport_pc',
+ 'ppdev',
+ 'acpi_power_meter',
+ ],
}
if (versioncmp($::kernelversion, '4.4') >= 0) {
- file { '/etc/modprobe.d/blacklist-linux44.conf':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0444',
- source => 'puppet:///modules/base/kernel/blacklist-linux44.conf',
+ kmod::blacklist { "linux44":
+ modules => [ 'asn1_decoder', 'macsec' ],
}
}
@@ -40,12 +50,8 @@
# but is meant to be extended as needed.
case $::productname {
'PowerEdge R320': {
- file { '/etc/modprobe.d/blacklist-r320.conf':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0444',
- source => 'puppet:///modules/base/kernel/blacklist-r320.conf',
+ kmod::blacklist { 'r320':
+ modules => [ 'acpi_pad' ],
}
}
default: {}
diff --git a/modules/dataset/manifests/nfs.pp b/modules/dataset/manifests/nfs.pp
index d5cda51..86464af 100644
--- a/modules/dataset/manifests/nfs.pp
+++ b/modules/dataset/manifests/nfs.pp
@@ -52,11 +52,11 @@
check_command => 'check_tcp!2049',
}
+ kmod::options { 'lockd':
+ options => 'nlm_udpport=32768 nlm_tcpport=32769',
+ }
+
file { '/etc/modprobe.d/nfs-lockd.conf':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => 'options lockd nlm_udpport=32768 nlm_tcpport=32769',
+ ensure => absent,
}
}
diff --git a/modules/ganeti/manifests/init.pp b/modules/ganeti/manifests/init.pp
index 55cd84b..980f8af 100644
--- a/modules/ganeti/manifests/init.pp
+++ b/modules/ganeti/manifests/init.pp
@@ -26,23 +26,19 @@
}
if $with_drbd {
+ kmod::options { 'drbd':
+ options => 'minor_count=128 usermode_helper=/bin/true',
+ }
+
file { '/etc/modprobe.d/drbd.conf':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => "options drbd minor_count=128
usermode_helper=/bin/true\n",
+ ensure => absent,
}
# Enable drbd
- exec { 'enable-module-drbd':
- unless => "/bin/grep -q '^drbd$' /etc/modules",
- command => '/bin/echo drbd >> /etc/modules',
+ kmod::module { 'drbd':
+ ensure => 'present',
}
- exec { 'load-module-drbd' :
- unless => "/bin/lsmod | /bin/grep -q '^drbd'",
- command => '/sbin/modprobe drbd',
- }
+
# Disable the systemd service shipped with drbd8-utils. Ganeti handles
# DRBD on its own
service { 'drbd':
@@ -50,14 +46,10 @@
enable => false,
}
}
+
# Enable vhost_net
- exec { 'enable-module-vhost_net' :
- unless => "/bin/grep -q '^vhost_net$' /etc/modules",
- command => '/bin/echo vhost_net >> /etc/modules',
- }
- exec { 'load-module-vhost_net' :
- unless => "/bin/lsmod | /bin/grep -q '^vhost_net'",
- command => '/sbin/modprobe vhost_net',
+ kmod::module { 'vhost_net'
+ ensure => 'present',
}
# lvm.conf
diff --git a/modules/ipmi/manifests/monitor.pp
b/modules/ipmi/manifests/monitor.pp
index ef5e92f..f26ed26 100644
--- a/modules/ipmi/manifests/monitor.pp
+++ b/modules/ipmi/manifests/monitor.pp
@@ -11,11 +11,11 @@
}
file { '/etc/modules-load.d/ipmi.conf':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0444',
- content => "ipmi_devintf\n",
+ ensure => absent,
+ }
+
+ kmod::module { 'ipmi_devintf':
+ ensure => present,
}
::sudo::user { 'nagios_ipmi_temp':
diff --git a/modules/labstore/manifests/traffic_shaping.pp
b/modules/labstore/manifests/traffic_shaping.pp
index ac94d88..5a154e1 100644
--- a/modules/labstore/manifests/traffic_shaping.pp
+++ b/modules/labstore/manifests/traffic_shaping.pp
@@ -44,8 +44,11 @@
}
# ifb by default creates 2 interfaces
+ kmod::options { 'ifb':
+ options => 'numifbs=1',
+ }
+
file { '/etc/modprobe.d/ifb.conf':
- ensure => present,
- content => 'options ifb numifbs=1',
+ ensure => absent,
}
}
diff --git a/modules/lvs/manifests/kernel_config.pp
b/modules/lvs/manifests/kernel_config.pp
index 146963d..e866bc4 100644
--- a/modules/lvs/manifests/kernel_config.pp
+++ b/modules/lvs/manifests/kernel_config.pp
@@ -58,12 +58,12 @@
# systemd-sysctl.service. Add the module to modules-load.d, causing it to
# be loaded statically before sysctl settings are applied as described in
# sysctl.d(5).
+ kmod::module { 'ip_vs':
+ ensure => present,
+ }
+
file { '/etc/modules-load.d/lvs.conf':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0444',
- content => "ip_vs\n",
+ ensure => absent,
}
# Bump min_free_kbytes a bit to ensure network buffers are available
quickly
diff --git a/modules/role/manifests/labs/openstack/nova/compute.pp
b/modules/role/manifests/labs/openstack/nova/compute.pp
index 0baa3d2..e0f0ac2 100644
--- a/modules/role/manifests/labs/openstack/nova/compute.pp
+++ b/modules/role/manifests/labs/openstack/nova/compute.pp
@@ -56,24 +56,23 @@
},
}
+ kmod::options { 'nf_conntrack':
+ options => 'hashsize=32768',
+ }
+
file { '/etc/modprobe.d/nf_conntrack.conf':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0444',
- source => 'puppet:///modules/base/firewall/nf_conntrack.conf',
+ ensure => absent,
}
# Starting with 3.18 (34666d467cbf1e2e3c7bb15a63eccfb582cdd71f) the
netfilter code
# was split from the bridge kernel module into a separate module
(br_netfilter)
if (versioncmp($::kernelversion, '3.18') >= 0) {
file { '/etc/modules-load.d/brnetfilter.conf':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0444',
- require => File['/etc/modules-load.d/'],
- content => "br_netfilter\n",
+ ensure => absent,
+ }
+
+ kmod::module { 'br_netfilter':
+ ensure => present,
}
}
--
To view, visit https://gerrit.wikimedia.org/r/365911
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I32b633e398ab617b56c9a683272d4bbc990a5335
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ema <e...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
