From: Peter Palfrader Date: Sat, 18 Mar 2017 20:36:43 +0000 (+0000) Subject: rename nfs-server to nfs_server X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fdsa-puppet.git;a=commitdiff_plain;h=c836c2a80e2fd64e4f18cdbba39a7eda1f241e89 rename nfs-server to nfs_server --- diff --git a/manifests/site.pp b/manifests/site.pp index 8e72e7d33..97e962abe 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -100,7 +100,7 @@ node default { } if $::hostname in [buxtehude,milanollo,lw01,lw02,lw03,lw04,senfter,gretchaninov] { - include nfs-server + include nfs_server } if $::brokenhosts { diff --git a/modules/nfs-server/files/lockd.local.modprobe b/modules/nfs-server/files/lockd.local.modprobe deleted file mode 100644 index 105d4b537..000000000 --- a/modules/nfs-server/files/lockd.local.modprobe +++ /dev/null @@ -1,6 +0,0 @@ -## -## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -## - -options lockd nlm_udpport=10003 nlm_tcpport=10003 diff --git a/modules/nfs-server/files/nfs-common.default b/modules/nfs-server/files/nfs-common.default deleted file mode 100644 index 93f659823..000000000 --- a/modules/nfs-server/files/nfs-common.default +++ /dev/null @@ -1,24 +0,0 @@ -## -## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -## - -# If you do not set values for the NEED_ options, they will be attempted -# autodetected; this should be sufficient for most people. Valid alternatives -# for the NEED_ options are "yes" and "no". - -# Do you want to start the statd daemon? It is not needed for NFSv4. -NEED_STATD= - -# Options for rpc.statd. -# Should rpc.statd listen on a specific port? This is especially useful -# when you have a port-based firewall. To use a fixed port, set this -# this variable to a statd argument like: "--port 4000 --outgoing-port 4001". -# For more information, see rpc.statd(8) or http://wiki.debian.org/SecuringNFS -STATDOPTS='--port 10000 -o 10001' - -# Do you want to start the idmapd daemon? It is only needed for NFSv4. -NEED_IDMAPD= - -# Do you want to start the gssd daemon? It is required for Kerberos mounts. -NEED_GSSD= diff --git a/modules/nfs-server/files/nfs-kernel-server.default b/modules/nfs-server/files/nfs-kernel-server.default deleted file mode 100644 index d40255f5c..000000000 --- a/modules/nfs-server/files/nfs-kernel-server.default +++ /dev/null @@ -1,23 +0,0 @@ -## -## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -## - -# Number of servers to start up -RPCNFSDCOUNT=8 - -# Runtime priority of server (see nice(1)) -RPCNFSDPRIORITY=0 - -# Options for rpc.mountd. -# If you have a port-based firewall, you might want to set up -# a fixed port here using the --port option. For more information, -# see rpc.mountd(8) or http://wiki.debian.org/?SecuringNFS -RPCMOUNTDOPTS="-p 10002" - -# Do you want to start the svcgssd daemon? It is only required for Kerberos -# exports. Valid alternatives are "yes" and "no"; the default is "no". -NEED_SVCGSSD= - -# Options for rpc.svcgssd. -RPCSVCGSSDOPTS= diff --git a/modules/nfs-server/manifests/init.pp b/modules/nfs-server/manifests/init.pp deleted file mode 100644 index 7021ef330..000000000 --- a/modules/nfs-server/manifests/init.pp +++ /dev/null @@ -1,75 +0,0 @@ -class nfs-server { - - package { [ - 'nfs-common', - 'nfs-kernel-server' - ]: - ensure => installed - } - - service { 'nfs-common': - hasstatus => false, - status => '/bin/true', - } - service { 'nfs-kernel-server': - hasstatus => false, - status => '/bin/true', - } - - case $::hostname { - lw01,lw02,lw03,lw04: { - $client_range = '10.0.0.0/8' - } - milanollo,senfter: { - $client_range = '172.29.122.0/24' - } - buxtehude: { - $client_range = '(172.29.40.0/22 206.12.19.126/32)' - } - gretchaninov: { - $client_range = '172.29.40.0/22' - } - default: { - # Better than 0.0.0.0/0 - we really ought to configure a - # client range for them all instead of exporting to the world. - $client_range = '127.0.0.0/8' - } - } - - @ferm::rule { 'dsa-portmap': - description => 'Allow portmap access', - rule => "&TCP_UDP_SERVICE_RANGE(111, $client_range)" - } - @ferm::rule { 'dsa-nfs': - description => 'Allow nfsd access', - rule => "&TCP_UDP_SERVICE_RANGE(2049, $client_range)" - } - @ferm::rule { 'dsa-status': - description => 'Allow statd access', - rule => "&TCP_UDP_SERVICE_RANGE(10000, $client_range)" - } - @ferm::rule { 'dsa-mountd': - description => 'Allow mountd access', - rule => "&TCP_UDP_SERVICE_RANGE(10002, $client_range)" - } - @ferm::rule { 'dsa-lockd': - description => 'Allow lockd access', - rule => "&TCP_UDP_SERVICE_RANGE(10003, $client_range)" - } - - file { '/etc/default/nfs-common': - source => 'puppet:///modules/nfs-server/nfs-common.default', - before => Package['nfs-common'], - notify => Service['nfs-common'], - } - file { '/etc/default/nfs-kernel-server': - source => 'puppet:///modules/nfs-server/nfs-kernel-server.default', - before => Package['nfs-kernel-server'], - notify => Service['nfs-kernel-server'], - } - file { '/etc/modprobe.d/lockd.local': - source => 'puppet:///modules/nfs-server/lockd.local.modprobe', - before => Package['nfs-common'], - notify => Service['nfs-common'], - } -} diff --git a/modules/nfs_server/files/lockd.local.modprobe b/modules/nfs_server/files/lockd.local.modprobe new file mode 100644 index 000000000..105d4b537 --- /dev/null +++ b/modules/nfs_server/files/lockd.local.modprobe @@ -0,0 +1,6 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +options lockd nlm_udpport=10003 nlm_tcpport=10003 diff --git a/modules/nfs_server/files/nfs-common.default b/modules/nfs_server/files/nfs-common.default new file mode 100644 index 000000000..93f659823 --- /dev/null +++ b/modules/nfs_server/files/nfs-common.default @@ -0,0 +1,24 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# If you do not set values for the NEED_ options, they will be attempted +# autodetected; this should be sufficient for most people. Valid alternatives +# for the NEED_ options are "yes" and "no". + +# Do you want to start the statd daemon? It is not needed for NFSv4. +NEED_STATD= + +# Options for rpc.statd. +# Should rpc.statd listen on a specific port? This is especially useful +# when you have a port-based firewall. To use a fixed port, set this +# this variable to a statd argument like: "--port 4000 --outgoing-port 4001". +# For more information, see rpc.statd(8) or http://wiki.debian.org/SecuringNFS +STATDOPTS='--port 10000 -o 10001' + +# Do you want to start the idmapd daemon? It is only needed for NFSv4. +NEED_IDMAPD= + +# Do you want to start the gssd daemon? It is required for Kerberos mounts. +NEED_GSSD= diff --git a/modules/nfs_server/files/nfs-kernel-server.default b/modules/nfs_server/files/nfs-kernel-server.default new file mode 100644 index 000000000..d40255f5c --- /dev/null +++ b/modules/nfs_server/files/nfs-kernel-server.default @@ -0,0 +1,23 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# Number of servers to start up +RPCNFSDCOUNT=8 + +# Runtime priority of server (see nice(1)) +RPCNFSDPRIORITY=0 + +# Options for rpc.mountd. +# If you have a port-based firewall, you might want to set up +# a fixed port here using the --port option. For more information, +# see rpc.mountd(8) or http://wiki.debian.org/?SecuringNFS +RPCMOUNTDOPTS="-p 10002" + +# Do you want to start the svcgssd daemon? It is only required for Kerberos +# exports. Valid alternatives are "yes" and "no"; the default is "no". +NEED_SVCGSSD= + +# Options for rpc.svcgssd. +RPCSVCGSSDOPTS= diff --git a/modules/nfs_server/manifests/init.pp b/modules/nfs_server/manifests/init.pp new file mode 100644 index 000000000..5545114f6 --- /dev/null +++ b/modules/nfs_server/manifests/init.pp @@ -0,0 +1,75 @@ +class nfs_server { + + package { [ + 'nfs-common', + 'nfs-kernel-server' + ]: + ensure => installed + } + + service { 'nfs-common': + hasstatus => false, + status => '/bin/true', + } + service { 'nfs-kernel-server': + hasstatus => false, + status => '/bin/true', + } + + case $::hostname { + lw01,lw02,lw03,lw04: { + $client_range = '10.0.0.0/8' + } + milanollo,senfter: { + $client_range = '172.29.122.0/24' + } + buxtehude: { + $client_range = '(172.29.40.0/22 206.12.19.126/32)' + } + gretchaninov: { + $client_range = '172.29.40.0/22' + } + default: { + # Better than 0.0.0.0/0 - we really ought to configure a + # client range for them all instead of exporting to the world. + $client_range = '127.0.0.0/8' + } + } + + @ferm::rule { 'dsa-portmap': + description => 'Allow portmap access', + rule => "&TCP_UDP_SERVICE_RANGE(111, $client_range)" + } + @ferm::rule { 'dsa-nfs': + description => 'Allow nfsd access', + rule => "&TCP_UDP_SERVICE_RANGE(2049, $client_range)" + } + @ferm::rule { 'dsa-status': + description => 'Allow statd access', + rule => "&TCP_UDP_SERVICE_RANGE(10000, $client_range)" + } + @ferm::rule { 'dsa-mountd': + description => 'Allow mountd access', + rule => "&TCP_UDP_SERVICE_RANGE(10002, $client_range)" + } + @ferm::rule { 'dsa-lockd': + description => 'Allow lockd access', + rule => "&TCP_UDP_SERVICE_RANGE(10003, $client_range)" + } + + file { '/etc/default/nfs-common': + source => 'puppet:///modules/nfs_server/nfs-common.default', + before => Package['nfs-common'], + notify => Service['nfs-common'], + } + file { '/etc/default/nfs-kernel-server': + source => 'puppet:///modules/nfs_server/nfs-kernel-server.default', + before => Package['nfs-kernel-server'], + notify => Service['nfs-kernel-server'], + } + file { '/etc/modprobe.d/lockd.local': + source => 'puppet:///modules/nfs_server/lockd.local.modprobe', + before => Package['nfs-common'], + notify => Service['nfs-common'], + } +}