[MediaWiki-commits] [Gerrit] operations/puppet[production]: kmod::blacklist: prevent manual install, update initramfs

Tue, 21 Nov 2017 06:29:29 -0800 

BBlack has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/392644 )

Change subject: kmod::blacklist: prevent manual install, update initramfs
......................................................................

kmod::blacklist: prevent manual install, update initramfs

* Without the update-initramfs notify, I don't think the blacklist
  necessarily comes into effect until next time initramfs is
  updated for some other reason?

* Without the "install foo /bin/true" hack, it's still possible
  for the module to be loaded by runtime actions (e.g. modprobe,
  or autoloading by some CLI tool...)

Change-Id: I0829faa6e0c737e958ec480eb787f7468b49833c
---
M modules/kmod/manifests/blacklist.pp
M modules/kmod/templates/blacklist.conf.erb
2 files changed, 2 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/44/392644/1

diff --git a/modules/kmod/manifests/blacklist.pp 
b/modules/kmod/manifests/blacklist.pp
index f33b1e3..46649f3 100644
--- a/modules/kmod/manifests/blacklist.pp
+++ b/modules/kmod/manifests/blacklist.pp
@@ -20,5 +20,6 @@
         group   => 'root',
         mode    => '0444',
         content => template('kmod/blacklist.conf.erb'),
+        notify  => Exec['update-initramfs'],
     }
 }
diff --git a/modules/kmod/templates/blacklist.conf.erb 
b/modules/kmod/templates/blacklist.conf.erb
index 4da3f52..acd86dd 100644
--- a/modules/kmod/templates/blacklist.conf.erb
+++ b/modules/kmod/templates/blacklist.conf.erb
@@ -3,4 +3,5 @@
 #
 <%- @modules.sort.each do |mod| -%>
 blacklist <%= mod %>
+install <%= mod %> /bin/true
 <%- end -%>

-- 
To view, visit https://gerrit.wikimedia.org/r/392644
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I0829faa6e0c737e958ec480eb787f7468b49833c
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to