Puppet Class: labstore::fileserver::exports

Defined in:
modules/labstore/manifests/fileserver/exports.pp

Overview

sets up NFS exports on a labstore fileserver

Parameters:

  • server_vols (Array[String])
  • drbd_role (String) (defaults to: 'primary')


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# File 'modules/labstore/manifests/fileserver/exports.pp', line 2

class labstore::fileserver::exports(
    Array[String] $server_vols,
    String $drbd_role = 'primary',
    ) {
    require_package(['python3-yaml'])

    group { 'nfsmanager':
        ensure => present,
        name   => 'nfsmanager',
        system => true,
    }

    user { 'nfsmanager':
        home       => '/var/lib/nfsmanager',
        shell      => '/bin/bash',
        managehome => true,
        system     => true,
    }

    file { '/etc/exports.d':
        ensure => directory,
        owner  => 'root',
        group  => 'nfsmanager',
        mode   => '2775',
    }

    sudo::user { 'nfsmanager':
        privileges => [
            'ALL = NOPASSWD: /bin/mkdir -p /srv/*',
            'ALL = NOPASSWD: /bin/rmdir /srv/*',
            'ALL = NOPASSWD: /usr/sbin/exportfs',
        ],
        require    => User['nfsmanager'],
    }

    file { '/etc/nfs-mounts.yaml':
        owner   => 'root',
        group   => 'root',
        mode    => '0444',
        content => template('labstore/nfs-mounts.yaml.erb'),
        require => [Package['python3'], Package['python3-yaml']],
        notify  => Service['nfs-exportd'],
    }

    # Clean up the bind script following Change-Id: I8fe9cbb84331c527cf3623a2204ceb835c604ff5
    # This script is actively dangerous to failover. See also T169570
    file { '/usr/local/sbin/nfs-manage-binds':
        ensure => absent,
    }


    file { '/usr/local/bin/nfs-exportd':
        owner   => 'root',
        group   => 'root',
        mode    => '0555',
        source  => 'puppet:///modules/labstore/nfs-exportd.py',
        require => File['/usr/local/sbin/nfs-manage-binds'],
        notify  => Service['nfs-exportd'],
    }

    file { '/etc/exports.bak':
        ensure  => directory,
        owner   => 'nfsmanager',
        group   => 'nfsmanager',
        require => File['/usr/local/bin/nfs-exportd'],
    }

    cron { 'archive_export_d':
        command => '/bin/cp -Rp /etc/exports.d /etc/exports.bak',
        user    => 'root',
        weekday => 1,
        hour    => 0,
        minute  => 0,
        require => File['/etc/exports.bak'],
    }

    # TODO: Remove after initial runs. This just cleans up the old setup.
    file { '/etc/exports.d/public_root.exports':
        ensure => absent,
    }

    file { '/usr/local/sbin/archive-project-volumes':
        owner  => 'root',
        group  => 'root',
        mode   => '0555',
        source => 'puppet:///modules/labstore/archive-project-volumes.py',
    }



    if $drbd_role == 'primary' {
        systemd::service { 'nfs-exportd':
            ensure    => 'present',
            content   => systemd_template('nfs-exportd'),
            require   => File['/usr/local/bin/nfs-exportd'],
            subscribe => File['/etc/novaobserver.yaml'],
        }
    } else {
        systemd::service { 'nfs-exportd':
            ensure         => 'present',
            content        => systemd_template('nfs-exportd'),
            require        => File['/usr/local/bin/nfs-exportd'],
            service_params => {
                ensure => 'stopped',
                enable => false,
            }
        }
    }

}