projects / mirror / dsa-puppet.git / blob
? search:


5545114f61cb8847f4222915de9e1eff4d416bdf
[mirror/dsa-puppet.git] / modules / nfs_server / manifests / init.pp
1 class nfs_server {
2
3         package { [
4                         'nfs-common',
5                         'nfs-kernel-server'
6                 ]:
7                 ensure => installed
8         }
9
10         service { 'nfs-common':
11                 hasstatus   => false,
12                 status      => '/bin/true',
13         }
14         service { 'nfs-kernel-server':
15                 hasstatus   => false,
16                 status      => '/bin/true',
17         }
18
19         case $::hostname {
20                 lw01,lw02,lw03,lw04: {
21                         $client_range    = '10.0.0.0/8'
22                 }
23                 milanollo,senfter: {
24                         $client_range    = '172.29.122.0/24'
25                 }
26                 buxtehude: {
27                         $client_range    = '(172.29.40.0/22 206.12.19.126/32)'
28                 }
29                 gretchaninov: {
30                         $client_range    = '172.29.40.0/22'
31                 }
32                 default: {
33                         # Better than 0.0.0.0/0 - we really ought to configure a
34                         # client range for them all instead of exporting to the world.
35                         $client_range    = '127.0.0.0/8'
36                 }
37         }
38
39         @ferm::rule { 'dsa-portmap':
40                 description => 'Allow portmap access',
41                 rule        => "&TCP_UDP_SERVICE_RANGE(111, $client_range)"
42         }
43         @ferm::rule { 'dsa-nfs':
44                 description => 'Allow nfsd access',
45                 rule        => "&TCP_UDP_SERVICE_RANGE(2049, $client_range)"
46         }
47         @ferm::rule { 'dsa-status':
48                 description => 'Allow statd access',
49                 rule        => "&TCP_UDP_SERVICE_RANGE(10000, $client_range)"
50         }
51         @ferm::rule { 'dsa-mountd':
52                 description => 'Allow mountd access',
53                 rule        => "&TCP_UDP_SERVICE_RANGE(10002, $client_range)"
54         }
55         @ferm::rule { 'dsa-lockd':
56                 description => 'Allow lockd access',
57                 rule        => "&TCP_UDP_SERVICE_RANGE(10003, $client_range)"
58         }
59
60         file { '/etc/default/nfs-common':
61                 source  => 'puppet:///modules/nfs_server/nfs-common.default',
62                 before  => Package['nfs-common'],
63                 notify  => Service['nfs-common'],
64         }
65         file { '/etc/default/nfs-kernel-server':
66                 source  => 'puppet:///modules/nfs_server/nfs-kernel-server.default',
67                 before  => Package['nfs-kernel-server'],
68                 notify  => Service['nfs-kernel-server'],
69         }
70         file { '/etc/modprobe.d/lockd.local':
71                 source => 'puppet:///modules/nfs_server/lockd.local.modprobe',
72                 before => Package['nfs-common'],
73                 notify => Service['nfs-common'],
74         }
75 }
Unnamed repository; edit this file 'description' to name the repository.