modules/nfs-server/manifests/init.pp

   1 class nfs-server {
   2
   3         package { [
   4                         'nfs-common',
   5                         'nfs-kernel-server'
   6                 ]:
   7                 ensure => installed
   8         }
   9
  10         service { 'nfs-common':
  11                 hasstatus   => false,
  12                 status      => '/bin/true',
  13         }
  14         service { 'nfs-kernel-server':
  15                 hasstatus   => false,
  16                 status      => '/bin/true',
  17         }
  18
  19         case $::hostname {
  20                 lw01,lw02,lw03,lw04: {
  21                         $client_range    = '10.0.0.0/8'
  22                 }
  23                 milanollo,senfter: {
  24                         $client_range    = '172.29.122.0/24'
  25                 }
  26                 buxtehude,glinka: {
  27                         $client_range    = '(192.168.2.0/24 209.87.16.34/32)'
  28                 }
  29                 default: {
  30                         # Better than 0.0.0.0/0 - we really ought to configure a
  31                         # client range for them all instead of exporting to the world.
  32                         $client_range    = '127.0.0.0/8'
  33                 }
  34         }
  35
  36         @ferm::rule { 'dsa-portmap':
  37                 description => 'Allow portmap access',
  38                 rule        => "&TCP_UDP_SERVICE_RANGE(111, $client_range)"
  39         }
  40         @ferm::rule { 'dsa-nfs':
  41                 description => 'Allow nfsd access',
  42                 rule        => "&TCP_UDP_SERVICE_RANGE(2049, $client_range)"
  43         }
  44         @ferm::rule { 'dsa-status':
  45                 description => 'Allow statd access',
  46                 rule        => "&TCP_UDP_SERVICE_RANGE(10000, $client_range)"
  47         }
  48         @ferm::rule { 'dsa-mountd':
  49                 description => 'Allow mountd access',
  50                 rule        => "&TCP_UDP_SERVICE_RANGE(10002, $client_range)"
  51         }
  52         @ferm::rule { 'dsa-lockd':
  53                 description => 'Allow lockd access',
  54                 rule        => "&TCP_UDP_SERVICE_RANGE(10003, $client_range)"
  55         }
  56
  57         file { '/etc/default/nfs-common':
  58                 source  => 'puppet:///modules/nfs-server/nfs-common.default',
  59                 before  => Package['nfs-common'],
  60                 notify  => Service['nfs-common'],
  61         }
  62         file { '/etc/default/nfs-kernel-server':
  63                 source  => 'puppet:///modules/nfs-server/nfs-kernel-server.default',
  64                 before  => Package['nfs-kernel-server'],
  65                 notify  => Service['nfs-kernel-server'],
  66         }
  67         file { '/etc/modprobe.d/lockd.local':
  68                 source => 'puppet:///modules/nfs-server/lockd.local.modprobe',
  69                 before => Package['nfs-common'],
  70                 notify => Service['nfs-common'],
  71         }
  72 }