Ema has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/365911 )
Change subject: [1/2] use kmod puppet module instead of File resources ...................................................................... [1/2] use kmod puppet module instead of File resources This commit replaces ad-hoc usages of File resources with kmod defines introduced in 0f33d9daee6e2a64ff0f97a46843580fce753dac. Only trivial cases have been tackled by this commit, leaving untouched those where, for instance, update-initramfs is needed. Change-Id: I32b633e398ab617b56c9a683272d4bbc990a5335 --- D modules/base/files/kernel/blacklist-linux44.conf D modules/base/files/kernel/blacklist-r320.conf D modules/base/files/kernel/blacklist-wmf.conf M modules/base/manifests/kernel.pp M modules/dataset/manifests/nfs.pp M modules/ganeti/manifests/init.pp M modules/ipmi/manifests/monitor.pp M modules/labstore/manifests/traffic_shaping.pp M modules/lvs/manifests/kernel_config.pp M modules/role/manifests/labs/openstack/nova/compute.pp 10 files changed, 65 insertions(+), 86 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/11/365911/1 diff --git a/modules/base/files/kernel/blacklist-linux44.conf b/modules/base/files/kernel/blacklist-linux44.conf deleted file mode 100644 index d4016d1..0000000 --- a/modules/base/files/kernel/blacklist-linux44.conf +++ /dev/null @@ -1,2 +0,0 @@ -blacklist asn1_decoder -blacklist macsec diff --git a/modules/base/files/kernel/blacklist-r320.conf b/modules/base/files/kernel/blacklist-r320.conf deleted file mode 100644 index da8f184..0000000 --- a/modules/base/files/kernel/blacklist-r320.conf +++ /dev/null @@ -1,2 +0,0 @@ -blacklist acpi_pad - diff --git a/modules/base/files/kernel/blacklist-wmf.conf b/modules/base/files/kernel/blacklist-wmf.conf deleted file mode 100644 index ffb4b41..0000000 --- a/modules/base/files/kernel/blacklist-wmf.conf +++ /dev/null @@ -1,17 +0,0 @@ -blacklist overlayfs -blacklist overlay -blacklist aufs -blacklist usbip-core -blacklist usbip-host -blacklist vhci-hcd -blacklist dccp -blacklist dccp_ipv6 -blacklist dccp_ipv4 -blacklist dccp_probe -blacklist dccp_diag -blacklist n_hdlc -blacklist intel_uncore -blacklist parport -blacklist parport_pc -blacklist ppdev -blacklist acpi_power_meter diff --git a/modules/base/manifests/kernel.pp b/modules/base/manifests/kernel.pp index 01c9c76..23031a2 100644 --- a/modules/base/manifests/kernel.pp +++ b/modules/base/manifests/kernel.pp @@ -17,21 +17,31 @@ } } - file { '/etc/modprobe.d/blacklist-wmf.conf': - ensure => present, - owner => 'root', - group => 'root', - mode => '0444', - source => 'puppet:///modules/base/kernel/blacklist-wmf.conf', + kmod::blacklist { "wmf": + modules => [ + 'overlayfs', + 'overlay', + 'aufs', + 'usbip-core', + 'usbip-host', + 'vhci-hcd', + 'dccp', + 'dccp_ipv6', + 'dccp_ipv4', + 'dccp_probe', + 'dccp_diag', + 'n_hdlc', + 'intel_uncore', + 'parport', + 'parport_pc', + 'ppdev', + 'acpi_power_meter', + ], } if (versioncmp($::kernelversion, '4.4') >= 0) { - file { '/etc/modprobe.d/blacklist-linux44.conf': - ensure => present, - owner => 'root', - group => 'root', - mode => '0444', - source => 'puppet:///modules/base/kernel/blacklist-linux44.conf', + kmod::blacklist { "linux44": + modules => [ 'asn1_decoder', 'macsec' ], } } @@ -40,12 +50,8 @@ # but is meant to be extended as needed. case $::productname { 'PowerEdge R320': { - file { '/etc/modprobe.d/blacklist-r320.conf': - ensure => present, - owner => 'root', - group => 'root', - mode => '0444', - source => 'puppet:///modules/base/kernel/blacklist-r320.conf', + kmod::blacklist { 'r320': + modules => [ 'acpi_pad' ], } } default: {} diff --git a/modules/dataset/manifests/nfs.pp b/modules/dataset/manifests/nfs.pp index d5cda51..86464af 100644 --- a/modules/dataset/manifests/nfs.pp +++ b/modules/dataset/manifests/nfs.pp @@ -52,11 +52,11 @@ check_command => 'check_tcp!2049', } + kmod::options { 'lockd': + options => 'nlm_udpport=32768 nlm_tcpport=32769', + } + file { '/etc/modprobe.d/nfs-lockd.conf': - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - content => 'options lockd nlm_udpport=32768 nlm_tcpport=32769', + ensure => absent, } } diff --git a/modules/ganeti/manifests/init.pp b/modules/ganeti/manifests/init.pp index 55cd84b..980f8af 100644 --- a/modules/ganeti/manifests/init.pp +++ b/modules/ganeti/manifests/init.pp @@ -26,23 +26,19 @@ } if $with_drbd { + kmod::options { 'drbd': + options => 'minor_count=128 usermode_helper=/bin/true', + } + file { '/etc/modprobe.d/drbd.conf': - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - content => "options drbd minor_count=128 usermode_helper=/bin/true\n", + ensure => absent, } # Enable drbd - exec { 'enable-module-drbd': - unless => "/bin/grep -q '^drbd$' /etc/modules", - command => '/bin/echo drbd >> /etc/modules', + kmod::module { 'drbd': + ensure => 'present', } - exec { 'load-module-drbd' : - unless => "/bin/lsmod | /bin/grep -q '^drbd'", - command => '/sbin/modprobe drbd', - } + # Disable the systemd service shipped with drbd8-utils. Ganeti handles # DRBD on its own service { 'drbd': @@ -50,14 +46,10 @@ enable => false, } } + # Enable vhost_net - exec { 'enable-module-vhost_net' : - unless => "/bin/grep -q '^vhost_net$' /etc/modules", - command => '/bin/echo vhost_net >> /etc/modules', - } - exec { 'load-module-vhost_net' : - unless => "/bin/lsmod | /bin/grep -q '^vhost_net'", - command => '/sbin/modprobe vhost_net', + kmod::module { 'vhost_net' + ensure => 'present', } # lvm.conf diff --git a/modules/ipmi/manifests/monitor.pp b/modules/ipmi/manifests/monitor.pp index ef5e92f..f26ed26 100644 --- a/modules/ipmi/manifests/monitor.pp +++ b/modules/ipmi/manifests/monitor.pp @@ -11,11 +11,11 @@ } file { '/etc/modules-load.d/ipmi.conf': - ensure => present, - owner => 'root', - group => 'root', - mode => '0444', - content => "ipmi_devintf\n", + ensure => absent, + } + + kmod::module { 'ipmi_devintf': + ensure => present, } ::sudo::user { 'nagios_ipmi_temp': diff --git a/modules/labstore/manifests/traffic_shaping.pp b/modules/labstore/manifests/traffic_shaping.pp index ac94d88..5a154e1 100644 --- a/modules/labstore/manifests/traffic_shaping.pp +++ b/modules/labstore/manifests/traffic_shaping.pp @@ -44,8 +44,11 @@ } # ifb by default creates 2 interfaces + kmod::options { 'ifb': + options => 'numifbs=1', + } + file { '/etc/modprobe.d/ifb.conf': - ensure => present, - content => 'options ifb numifbs=1', + ensure => absent, } } diff --git a/modules/lvs/manifests/kernel_config.pp b/modules/lvs/manifests/kernel_config.pp index 146963d..e866bc4 100644 --- a/modules/lvs/manifests/kernel_config.pp +++ b/modules/lvs/manifests/kernel_config.pp @@ -58,12 +58,12 @@ # systemd-sysctl.service. Add the module to modules-load.d, causing it to # be loaded statically before sysctl settings are applied as described in # sysctl.d(5). + kmod::module { 'ip_vs': + ensure => present, + } + file { '/etc/modules-load.d/lvs.conf': - ensure => present, - owner => 'root', - group => 'root', - mode => '0444', - content => "ip_vs\n", + ensure => absent, } # Bump min_free_kbytes a bit to ensure network buffers are available quickly diff --git a/modules/role/manifests/labs/openstack/nova/compute.pp b/modules/role/manifests/labs/openstack/nova/compute.pp index 0baa3d2..e0f0ac2 100644 --- a/modules/role/manifests/labs/openstack/nova/compute.pp +++ b/modules/role/manifests/labs/openstack/nova/compute.pp @@ -56,24 +56,23 @@ }, } + kmod::options { 'nf_conntrack': + options => 'hashsize=32768', + } + file { '/etc/modprobe.d/nf_conntrack.conf': - ensure => present, - owner => 'root', - group => 'root', - mode => '0444', - source => 'puppet:///modules/base/firewall/nf_conntrack.conf', + ensure => absent, } # Starting with 3.18 (34666d467cbf1e2e3c7bb15a63eccfb582cdd71f) the netfilter code # was split from the bridge kernel module into a separate module (br_netfilter) if (versioncmp($::kernelversion, '3.18') >= 0) { file { '/etc/modules-load.d/brnetfilter.conf': - ensure => present, - owner => 'root', - group => 'root', - mode => '0444', - require => File['/etc/modules-load.d/'], - content => "br_netfilter\n", + ensure => absent, + } + + kmod::module { 'br_netfilter': + ensure => present, } } -- To view, visit https://gerrit.wikimedia.org/r/365911 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I32b633e398ab617b56c9a683272d4bbc990a5335 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Ema <e...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits