Ema has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/365030 )
Change subject: Linux kernel module handling
......................................................................
Linux kernel module handling
Add a new puppet module called 'kmod' allowing to:
- insert/remove a Linux kernel module
- blacklist the given modules
- set module options
Change-Id: Ib2bd63df23dcc6e33ad51b444c45cc731ea25f0c
---
A modules/kmod/manifests/blacklist.pp
A modules/kmod/manifests/init.pp
A modules/kmod/manifests/module.pp
A modules/kmod/manifests/options.pp
A modules/kmod/templates/blacklist.conf.erb
A modules/kmod/templates/options.conf.erb
6 files changed, 113 insertions(+), 0 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
Ema: Verified
diff --git a/modules/kmod/manifests/blacklist.pp
b/modules/kmod/manifests/blacklist.pp
new file mode 100644
index 0000000..f33b1e3
--- /dev/null
+++ b/modules/kmod/manifests/blacklist.pp
@@ -0,0 +1,24 @@
+# == Define: kmod::blacklist
+#
+# Blacklist the given Linux kernel modules.
+#
+# === Parameters
+#
+# [*modules*]
+# The list of module names to be blacklisted.
+#
+# === Example
+#
+# kmod::blacklist { "linux44":
+# modules => [ 'asn1_decoder', 'macsec' ],
+# }
+#
+define kmod::blacklist($modules) {
+ file { "/etc/modprobe.d/blacklist-${name}.conf":
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ content => template('kmod/blacklist.conf.erb'),
+ }
+}
diff --git a/modules/kmod/manifests/init.pp b/modules/kmod/manifests/init.pp
new file mode 100644
index 0000000..a76ff85
--- /dev/null
+++ b/modules/kmod/manifests/init.pp
@@ -0,0 +1,17 @@
+# == Class: kmod
+#
+# Linux Kernel module handling
+#
+class kmod {
+ if os_version('ubuntu == trusty') {
+ # This directory is shipped by systemd, but trusty's upstart job for
+ # kmod also parses /etc/modules-load.d/ (but doesn't create the
+ # directory).
+ file { '/etc/modules-load.d/':
+ ensure => 'directory',
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ }
+ }
+}
diff --git a/modules/kmod/manifests/module.pp b/modules/kmod/manifests/module.pp
new file mode 100644
index 0000000..90eb60a
--- /dev/null
+++ b/modules/kmod/manifests/module.pp
@@ -0,0 +1,40 @@
+# == Define: kmod::module
+#
+# Make sure that the given kernel module is loaded (or not).
+#
+# === Parameters
+#
+# [*ensure*]
+# If 'present', the module will be loaded. If 'absent', unloaded.
+# The default is 'present'.
+#
+define kmod::module($ensure=present) {
+ validate_ensure($ensure)
+
+ if $ensure == 'present' {
+ $modprobe_cmd = "/sbin/modprobe ${name}"
+ } else {
+ $modprobe_cmd = "/sbin/modprobe -r ${name}"
+ }
+
+ file { "/etc/modules-load.d/${name}.conf":
+ ensure => $ensure,
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ content => "${name}\n",
+ notify => Exec[$modprobe_cmd],
+ }
+
+ if $ensure == 'present' {
+ exec { $modprobe_cmd:
+ unless => "/bin/lsmod | /bin/grep -q '^${name} '",
+ refreshonly => true,
+ }
+ } else {
+ exec { $modprobe_cmd:
+ onlyif => "/bin/lsmod | /bin/grep -q '^${name} '",
+ refreshonly => true,
+ }
+ }
+}
diff --git a/modules/kmod/manifests/options.pp
b/modules/kmod/manifests/options.pp
new file mode 100644
index 0000000..b7f43cc
--- /dev/null
+++ b/modules/kmod/manifests/options.pp
@@ -0,0 +1,24 @@
+# == Define: kmod::options
+#
+# Add options to the given module every time it is inserted into the kernel.
+#
+# === Parameters
+#
+# [*options*]
+# The options to add.
+#
+# === Example
+#
+# kmod::options { "nf_conntrack":
+# options => 'hashsize=32768',
+# }
+#
+define kmod::options($options) {
+ file { "/etc/modprobe.d/options-${name}.conf":
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ content => template('kmod/options.conf.erb'),
+ }
+}
diff --git a/modules/kmod/templates/blacklist.conf.erb
b/modules/kmod/templates/blacklist.conf.erb
new file mode 100644
index 0000000..4da3f52
--- /dev/null
+++ b/modules/kmod/templates/blacklist.conf.erb
@@ -0,0 +1,6 @@
+# <%= @name %> - blacklisted kernel modules
+# This file is managed by Puppet
+#
+<%- @modules.sort.each do |mod| -%>
+blacklist <%= mod %>
+<%- end -%>
diff --git a/modules/kmod/templates/options.conf.erb
b/modules/kmod/templates/options.conf.erb
new file mode 100644
index 0000000..85f2fe7
--- /dev/null
+++ b/modules/kmod/templates/options.conf.erb
@@ -0,0 +1,2 @@
+# This file is managed by Puppet
+options <%= @name %> <%= @options %>
--
To view, visit https://gerrit.wikimedia.org/r/365030
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ib2bd63df23dcc6e33ad51b444c45cc731ea25f0c
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ema <e...@wikimedia.org>
Gerrit-Reviewer: Ema <e...@wikimedia.org>
Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: Gehel <guillaume.leder...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
