10 service { 'nfs-common':
12 status => '/bin/true',
14 service { 'nfs-kernel-server':
16 status => '/bin/true',
20 lw01,lw02,lw03,lw04: {
21 $client_range = '10.0.0.0/8'
24 $client_range = '172.29.122.0/24'
27 $client_range = '0.0.0.0/0'
31 @ferm::rule { 'dsa-portmap':
32 description => 'Allow portmap access',
33 rule => "&TCP_UDP_SERVICE_RANGE(111, $client_range)"
35 @ferm::rule { 'dsa-nfs':
36 description => 'Allow nfsd access',
37 rule => "&TCP_UDP_SERVICE_RANGE(2049, $client_range)"
39 @ferm::rule { 'dsa-status':
40 description => 'Allow statd access',
41 rule => "&TCP_UDP_SERVICE_RANGE(10000, $client_range)"
43 @ferm::rule { 'dsa-mountd':
44 description => 'Allow mountd access',
45 rule => "&TCP_UDP_SERVICE_RANGE(10002, $client_range)"
47 @ferm::rule { 'dsa-lockd':
48 description => 'Allow lockd access',
49 rule => "&TCP_UDP_SERVICE_RANGE(10003, $client_range)"
52 file { '/etc/default/nfs-common':
53 source => 'puppet:///modules/nfs-server/nfs-common.default',
54 before => Package['nfs-common'],
55 notify => Service['nfs-common'],
57 file { '/etc/default/nfs-kernel-server':
58 source => 'puppet:///modules/nfs-server/nfs-kernel-server.default',
59 before => Package['nfs-kernel-server'],
60 notify => Service['nfs-kernel-server'],
62 file { '/etc/modprobe.d/lockd.local':
63 source => 'puppet:///modules/nfs-server/lockd.local.modprobe',
64 before => Package['nfs-common'],
65 notify => Service['nfs-common'],