modules/nfs_server/manifests/init.pp

   1 class nfs_server {
   2
   3         package { [
   4                         'nfs-common',
   5                         'nfs-kernel-server'
   6                 ]:
   7                 ensure => installed
   8         }
   9
  10         service { 'nfs-common':
  11                 hasstatus   => false,
  12                 status      => '/bin/true',
  13         }
  14         service { 'nfs-kernel-server':
  15                 hasstatus   => false,
  16                 status      => '/bin/true',
  17         }
  18
  19         case $::hostname {
  20                 lw01,lw02,lw03,lw04,lw09,lw10: {
  21                         $client_range    = '(172.29.188.0/24)'
  22                 }
  23                 milanollo,senfter: {
  24                         $client_range    = '172.29.122.0/24'
  25                 }
  26                 buxtehude: {
  27                         $client_range    = '(172.29.40.0/22 206.12.19.126/32)'
  28                 }
  29                 gretchaninov: {
  30                         $client_range    = '172.29.40.0/22'
  31                 }
  32                 sibelius: {
  33                         $client_range    = '192.168.0.14/32'
  34                 }
  35                 default: {
  36                         # Better than 0.0.0.0/0 - we really ought to configure a
  37                         # client range for them all instead of exporting to the world.
  38                         $client_range    = '127.0.0.0/8'
  39                 }
  40         }
  41
  42         ferm::rule { 'dsa-portmap':
  43                 description => 'Allow portmap access',
  44                 rule        => "&TCP_UDP_SERVICE_RANGE(111, $client_range)"
  45         }
  46         ferm::rule { 'dsa-nfs':
  47                 description => 'Allow nfsd access',
  48                 rule        => "&TCP_UDP_SERVICE_RANGE(2049, $client_range)"
  49         }
  50         ferm::rule { 'dsa-status':
  51                 description => 'Allow statd access',
  52                 rule        => "&TCP_UDP_SERVICE_RANGE(10000, $client_range)"
  53         }
  54         ferm::rule { 'dsa-mountd':
  55                 description => 'Allow mountd access',
  56                 rule        => "&TCP_UDP_SERVICE_RANGE(10002, $client_range)"
  57         }
  58         ferm::rule { 'dsa-lockd':
  59                 description => 'Allow lockd access',
  60                 rule        => "&TCP_UDP_SERVICE_RANGE(10003, $client_range)"
  61         }
  62
  63         file { '/etc/default/nfs-common':
  64                 source  => 'puppet:///modules/nfs_server/nfs-common.default',
  65                 before  => Package['nfs-common'],
  66                 notify  => Service['nfs-common'],
  67         }
  68         file { '/etc/default/nfs-kernel-server':
  69                 source  => 'puppet:///modules/nfs_server/nfs-kernel-server.default',
  70                 before  => Package['nfs-kernel-server'],
  71                 notify  => Service['nfs-kernel-server'],
  72         }
  73         file { '/etc/modprobe.d/lockd.local':
  74                 source => 'puppet:///modules/nfs_server/lockd.local.modprobe',
  75                 before => Package['nfs-common'],
  76                 notify => Service['nfs-common'],
  77         }
  78 }