Ema has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/365030 )
Change subject: Linux kernel module handling ...................................................................... Linux kernel module handling Add a new puppet module called 'kmod' allowing to: - insert/remove a Linux kernel module - blacklist the given modules - set module options Change-Id: Ib2bd63df23dcc6e33ad51b444c45cc731ea25f0c --- A modules/kmod/manifests/blacklist.pp A modules/kmod/manifests/init.pp A modules/kmod/manifests/module.pp A modules/kmod/manifests/options.pp A modules/kmod/templates/blacklist.conf.erb A modules/kmod/templates/options.conf.erb 6 files changed, 113 insertions(+), 0 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved Ema: Verified diff --git a/modules/kmod/manifests/blacklist.pp b/modules/kmod/manifests/blacklist.pp new file mode 100644 index 0000000..f33b1e3 --- /dev/null +++ b/modules/kmod/manifests/blacklist.pp @@ -0,0 +1,24 @@ +# == Define: kmod::blacklist +# +# Blacklist the given Linux kernel modules. +# +# === Parameters +# +# [*modules*] +# The list of module names to be blacklisted. +# +# === Example +# +# kmod::blacklist { "linux44": +# modules => [ 'asn1_decoder', 'macsec' ], +# } +# +define kmod::blacklist($modules) { + file { "/etc/modprobe.d/blacklist-${name}.conf": + ensure => present, + owner => 'root', + group => 'root', + mode => '0444', + content => template('kmod/blacklist.conf.erb'), + } +} diff --git a/modules/kmod/manifests/init.pp b/modules/kmod/manifests/init.pp new file mode 100644 index 0000000..a76ff85 --- /dev/null +++ b/modules/kmod/manifests/init.pp @@ -0,0 +1,17 @@ +# == Class: kmod +# +# Linux Kernel module handling +# +class kmod { + if os_version('ubuntu == trusty') { + # This directory is shipped by systemd, but trusty's upstart job for + # kmod also parses /etc/modules-load.d/ (but doesn't create the + # directory). + file { '/etc/modules-load.d/': + ensure => 'directory', + owner => 'root', + group => 'root', + mode => '0755', + } + } +} diff --git a/modules/kmod/manifests/module.pp b/modules/kmod/manifests/module.pp new file mode 100644 index 0000000..90eb60a --- /dev/null +++ b/modules/kmod/manifests/module.pp @@ -0,0 +1,40 @@ +# == Define: kmod::module +# +# Make sure that the given kernel module is loaded (or not). +# +# === Parameters +# +# [*ensure*] +# If 'present', the module will be loaded. If 'absent', unloaded. +# The default is 'present'. +# +define kmod::module($ensure=present) { + validate_ensure($ensure) + + if $ensure == 'present' { + $modprobe_cmd = "/sbin/modprobe ${name}" + } else { + $modprobe_cmd = "/sbin/modprobe -r ${name}" + } + + file { "/etc/modules-load.d/${name}.conf": + ensure => $ensure, + owner => 'root', + group => 'root', + mode => '0444', + content => "${name}\n", + notify => Exec[$modprobe_cmd], + } + + if $ensure == 'present' { + exec { $modprobe_cmd: + unless => "/bin/lsmod | /bin/grep -q '^${name} '", + refreshonly => true, + } + } else { + exec { $modprobe_cmd: + onlyif => "/bin/lsmod | /bin/grep -q '^${name} '", + refreshonly => true, + } + } +} diff --git a/modules/kmod/manifests/options.pp b/modules/kmod/manifests/options.pp new file mode 100644 index 0000000..b7f43cc --- /dev/null +++ b/modules/kmod/manifests/options.pp @@ -0,0 +1,24 @@ +# == Define: kmod::options +# +# Add options to the given module every time it is inserted into the kernel. +# +# === Parameters +# +# [*options*] +# The options to add. +# +# === Example +# +# kmod::options { "nf_conntrack": +# options => 'hashsize=32768', +# } +# +define kmod::options($options) { + file { "/etc/modprobe.d/options-${name}.conf": + ensure => present, + owner => 'root', + group => 'root', + mode => '0444', + content => template('kmod/options.conf.erb'), + } +} diff --git a/modules/kmod/templates/blacklist.conf.erb b/modules/kmod/templates/blacklist.conf.erb new file mode 100644 index 0000000..4da3f52 --- /dev/null +++ b/modules/kmod/templates/blacklist.conf.erb @@ -0,0 +1,6 @@ +# <%= @name %> - blacklisted kernel modules +# This file is managed by Puppet +# +<%- @modules.sort.each do |mod| -%> +blacklist <%= mod %> +<%- end -%> diff --git a/modules/kmod/templates/options.conf.erb b/modules/kmod/templates/options.conf.erb new file mode 100644 index 0000000..85f2fe7 --- /dev/null +++ b/modules/kmod/templates/options.conf.erb @@ -0,0 +1,2 @@ +# This file is managed by Puppet +options <%= @name %> <%= @options %> -- To view, visit https://gerrit.wikimedia.org/r/365030 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ib2bd63df23dcc6e33ad51b444c45cc731ea25f0c Gerrit-PatchSet: 4 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Ema <e...@wikimedia.org> Gerrit-Reviewer: Ema <e...@wikimedia.org> Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org> Gerrit-Reviewer: Gehel <guillaume.leder...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits