modules/nfs-server/manifests/init.pp

   1 class nfs-server {
   2
   3         package { [
   4                         'nfs-common',
   5                         'nfs-kernel-server'
   6                 ]:
   7                 ensure => installed
   8         }
   9
  10         service { 'nfs-common':
  11                 hasstatus   => false,
  12                 status      => '/bin/true',
  13         }
  14         service { 'nfs-kernel-server':
  15                 hasstatus   => false,
  16                 status      => '/bin/true',
  17         }
  18
  19         case $::hostname {
  20                 lw01,lw02,lw03,lw04: {
  21                         $client_range    = '10.0.0.0/8'
  22                 }
  23                 milanollo: {
  24                         $client_range    = '172.29.122.0/24'
  25                 }
  26                 default: {
  27                         $client_range    = '0.0.0.0/0'
  28                 }
  29         }
  30
  31         @ferm::rule { 'dsa-portmap':
  32                 description => 'Allow portmap access',
  33                 rule        => '&TCP_UDP_SERVICE_RANGE(111, $client_range)'
  34         }
  35         @ferm::rule { 'dsa-nfs':
  36                 description => 'Allow nfsd access',
  37                 rule        => '&TCP_UDP_SERVICE_RANGE(2049, $client_range)'
  38         }
  39         @ferm::rule { 'dsa-status':
  40                 description => 'Allow statd access',
  41                 rule        => '&TCP_UDP_SERVICE_RANGE(10000, $client_range)'
  42         }
  43         @ferm::rule { 'dsa-mountd':
  44                 description => 'Allow mountd access',
  45                 rule        => '&TCP_UDP_SERVICE_RANGE(10002, $client_range)'
  46         }
  47         @ferm::rule { 'dsa-lockd':
  48                 description => 'Allow lockd access',
  49                 rule        => '&TCP_UDP_SERVICE_RANGE(10003, $client_range)'
  50         }
  51
  52         file { '/etc/default/nfs-common':
  53                 source  => 'puppet:///modules/nfs-server/nfs-common.default',
  54                 before  => Package['nfs-common'],
  55                 notify  => Service['nfs-common'],
  56         }
  57         file { '/etc/default/nfs-kernel-server':
  58                 source  => 'puppet:///modules/nfs-server/nfs-kernel-server.default',
  59                 before  => Package['nfs-kernel-server'],
  60                 notify  => Service['nfs-kernel-server'],
  61         }
  62         file { '/etc/modprobe.d/lockd.local':
  63                 source => 'puppet:///modules/nfs-server/lockd.local.modprobe',
  64                 before => Package['nfs-common'],
  65                 notify => Service['nfs-common'],
  66         }
  67 }