}
if $::hostname in [buxtehude,milanollo,lw01,lw02,lw03,lw04,senfter,gretchaninov] {
- include nfs-server
+ include nfs_server
}
if $::brokenhosts {
+++ /dev/null
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-options lockd nlm_udpport=10003 nlm_tcpport=10003
+++ /dev/null
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-# If you do not set values for the NEED_ options, they will be attempted
-# autodetected; this should be sufficient for most people. Valid alternatives
-# for the NEED_ options are "yes" and "no".
-
-# Do you want to start the statd daemon? It is not needed for NFSv4.
-NEED_STATD=
-
-# Options for rpc.statd.
-# Should rpc.statd listen on a specific port? This is especially useful
-# when you have a port-based firewall. To use a fixed port, set this
-# this variable to a statd argument like: "--port 4000 --outgoing-port 4001".
-# For more information, see rpc.statd(8) or http://wiki.debian.org/SecuringNFS
-STATDOPTS='--port 10000 -o 10001'
-
-# Do you want to start the idmapd daemon? It is only needed for NFSv4.
-NEED_IDMAPD=
-
-# Do you want to start the gssd daemon? It is required for Kerberos mounts.
-NEED_GSSD=
+++ /dev/null
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-# Number of servers to start up
-RPCNFSDCOUNT=8
-
-# Runtime priority of server (see nice(1))
-RPCNFSDPRIORITY=0
-
-# Options for rpc.mountd.
-# If you have a port-based firewall, you might want to set up
-# a fixed port here using the --port option. For more information,
-# see rpc.mountd(8) or http://wiki.debian.org/?SecuringNFS
-RPCMOUNTDOPTS="-p 10002"
-
-# Do you want to start the svcgssd daemon? It is only required for Kerberos
-# exports. Valid alternatives are "yes" and "no"; the default is "no".
-NEED_SVCGSSD=
-
-# Options for rpc.svcgssd.
-RPCSVCGSSDOPTS=
+++ /dev/null
-class nfs-server {
-
- package { [
- 'nfs-common',
- 'nfs-kernel-server'
- ]:
- ensure => installed
- }
-
- service { 'nfs-common':
- hasstatus => false,
- status => '/bin/true',
- }
- service { 'nfs-kernel-server':
- hasstatus => false,
- status => '/bin/true',
- }
-
- case $::hostname {
- lw01,lw02,lw03,lw04: {
- $client_range = '10.0.0.0/8'
- }
- milanollo,senfter: {
- $client_range = '172.29.122.0/24'
- }
- buxtehude: {
- $client_range = '(172.29.40.0/22 206.12.19.126/32)'
- }
- gretchaninov: {
- $client_range = '172.29.40.0/22'
- }
- default: {
- # Better than 0.0.0.0/0 - we really ought to configure a
- # client range for them all instead of exporting to the world.
- $client_range = '127.0.0.0/8'
- }
- }
-
- @ferm::rule { 'dsa-portmap':
- description => 'Allow portmap access',
- rule => "&TCP_UDP_SERVICE_RANGE(111, $client_range)"
- }
- @ferm::rule { 'dsa-nfs':
- description => 'Allow nfsd access',
- rule => "&TCP_UDP_SERVICE_RANGE(2049, $client_range)"
- }
- @ferm::rule { 'dsa-status':
- description => 'Allow statd access',
- rule => "&TCP_UDP_SERVICE_RANGE(10000, $client_range)"
- }
- @ferm::rule { 'dsa-mountd':
- description => 'Allow mountd access',
- rule => "&TCP_UDP_SERVICE_RANGE(10002, $client_range)"
- }
- @ferm::rule { 'dsa-lockd':
- description => 'Allow lockd access',
- rule => "&TCP_UDP_SERVICE_RANGE(10003, $client_range)"
- }
-
- file { '/etc/default/nfs-common':
- source => 'puppet:///modules/nfs-server/nfs-common.default',
- before => Package['nfs-common'],
- notify => Service['nfs-common'],
- }
- file { '/etc/default/nfs-kernel-server':
- source => 'puppet:///modules/nfs-server/nfs-kernel-server.default',
- before => Package['nfs-kernel-server'],
- notify => Service['nfs-kernel-server'],
- }
- file { '/etc/modprobe.d/lockd.local':
- source => 'puppet:///modules/nfs-server/lockd.local.modprobe',
- before => Package['nfs-common'],
- notify => Service['nfs-common'],
- }
-}
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+options lockd nlm_udpport=10003 nlm_tcpport=10003
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# If you do not set values for the NEED_ options, they will be attempted
+# autodetected; this should be sufficient for most people. Valid alternatives
+# for the NEED_ options are "yes" and "no".
+
+# Do you want to start the statd daemon? It is not needed for NFSv4.
+NEED_STATD=
+
+# Options for rpc.statd.
+# Should rpc.statd listen on a specific port? This is especially useful
+# when you have a port-based firewall. To use a fixed port, set this
+# this variable to a statd argument like: "--port 4000 --outgoing-port 4001".
+# For more information, see rpc.statd(8) or http://wiki.debian.org/SecuringNFS
+STATDOPTS='--port 10000 -o 10001'
+
+# Do you want to start the idmapd daemon? It is only needed for NFSv4.
+NEED_IDMAPD=
+
+# Do you want to start the gssd daemon? It is required for Kerberos mounts.
+NEED_GSSD=
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# Number of servers to start up
+RPCNFSDCOUNT=8
+
+# Runtime priority of server (see nice(1))
+RPCNFSDPRIORITY=0
+
+# Options for rpc.mountd.
+# If you have a port-based firewall, you might want to set up
+# a fixed port here using the --port option. For more information,
+# see rpc.mountd(8) or http://wiki.debian.org/?SecuringNFS
+RPCMOUNTDOPTS="-p 10002"
+
+# Do you want to start the svcgssd daemon? It is only required for Kerberos
+# exports. Valid alternatives are "yes" and "no"; the default is "no".
+NEED_SVCGSSD=
+
+# Options for rpc.svcgssd.
+RPCSVCGSSDOPTS=
--- /dev/null
+class nfs_server {
+
+ package { [
+ 'nfs-common',
+ 'nfs-kernel-server'
+ ]:
+ ensure => installed
+ }
+
+ service { 'nfs-common':
+ hasstatus => false,
+ status => '/bin/true',
+ }
+ service { 'nfs-kernel-server':
+ hasstatus => false,
+ status => '/bin/true',
+ }
+
+ case $::hostname {
+ lw01,lw02,lw03,lw04: {
+ $client_range = '10.0.0.0/8'
+ }
+ milanollo,senfter: {
+ $client_range = '172.29.122.0/24'
+ }
+ buxtehude: {
+ $client_range = '(172.29.40.0/22 206.12.19.126/32)'
+ }
+ gretchaninov: {
+ $client_range = '172.29.40.0/22'
+ }
+ default: {
+ # Better than 0.0.0.0/0 - we really ought to configure a
+ # client range for them all instead of exporting to the world.
+ $client_range = '127.0.0.0/8'
+ }
+ }
+
+ @ferm::rule { 'dsa-portmap':
+ description => 'Allow portmap access',
+ rule => "&TCP_UDP_SERVICE_RANGE(111, $client_range)"
+ }
+ @ferm::rule { 'dsa-nfs':
+ description => 'Allow nfsd access',
+ rule => "&TCP_UDP_SERVICE_RANGE(2049, $client_range)"
+ }
+ @ferm::rule { 'dsa-status':
+ description => 'Allow statd access',
+ rule => "&TCP_UDP_SERVICE_RANGE(10000, $client_range)"
+ }
+ @ferm::rule { 'dsa-mountd':
+ description => 'Allow mountd access',
+ rule => "&TCP_UDP_SERVICE_RANGE(10002, $client_range)"
+ }
+ @ferm::rule { 'dsa-lockd':
+ description => 'Allow lockd access',
+ rule => "&TCP_UDP_SERVICE_RANGE(10003, $client_range)"
+ }
+
+ file { '/etc/default/nfs-common':
+ source => 'puppet:///modules/nfs_server/nfs-common.default',
+ before => Package['nfs-common'],
+ notify => Service['nfs-common'],
+ }
+ file { '/etc/default/nfs-kernel-server':
+ source => 'puppet:///modules/nfs_server/nfs-kernel-server.default',
+ before => Package['nfs-kernel-server'],
+ notify => Service['nfs-kernel-server'],
+ }
+ file { '/etc/modprobe.d/lockd.local':
+ source => 'puppet:///modules/nfs_server/lockd.local.modprobe',
+ before => Package['nfs-common'],
+ notify => Service['nfs-common'],
+ }
+}
projects / mirror / dsa-puppet.git / commitdiff