bundlewrap/bundles/nfs-server/metadata.py

from bundlewrap.metadata import atomic

defaults = {
    'apt': {
        'packages': {
            'nfs-kernel-server': {
                'needed_by': {
                    'action:nfs_reload_shares',
                    'svc_systemd:nfs-server',
                },
            },
        },
    },
    'sysctl': {
        'options': {
            'fs.nfs.nlm_udpport': 4045,
            'fs.nfs.nlm_tcpport': 4045,
        },
        'reload_triggers': {
            'svc_systemd:nfs-server:restart',
        },
    },
}


@metadata_reactor.provides(
    'firewall/port_rules',
)
def firewall(metadata):
    ips = set()
    for share_items in metadata.get('nfs-server/shares', {}).values():
        for share_target in share_items:
            ips.add(share_target)

    rules = {}
    for port in ('111', '2049', '1110', '4045', '35295'): # TODO find out if we need more ports
        for proto in ('', '/udp'):
            rules[port + proto] = atomic(ips)

    return {
        'firewall': {
            'port_rules': rules,
        },
    }
bundles/nfs-server: add iptables config 2021-03-21 11:24:21 +01:00			`from bundlewrap.metadata import atomic`

bundles/nfs-server: introduce 2020-11-12 19:59:02 +01:00			`defaults = {`
			`'apt': {`
			`'packages': {`
bundles/nfs-server: fix package name 2022-02-19 20:09:53 +01:00			`'nfs-kernel-server': {`
bundles/{lldp,nfs-server,smartd}: move package dependencies to metadata 2022-02-18 22:37:07 +01:00			`'needed_by': {`
various bundles: fix dependencies 2022-02-18 22:18:44 +01:00			`'action:nfs_reload_shares',`
bundles/{lldpd,nfs-server}: fix dependencies 2022-02-19 17:47:49 +01:00			`'svc_systemd:nfs-server',`
bundles/{lldp,nfs-server,smartd}: move package dependencies to metadata 2022-02-18 22:37:07 +01:00			`},`
various bundles: fix dependencies 2022-02-18 22:18:44 +01:00			`},`
bundles/nfs-server: introduce 2020-11-12 19:59:02 +01:00			`},`
			`},`
bundles/nfs-server: ensure nfs runs on managed ports, fix firewall rules 2022-02-20 08:24:38 +01:00			`'sysctl': {`
			`'options': {`
			`'fs.nfs.nlm_udpport': 4045,`
			`'fs.nfs.nlm_tcpport': 4045,`
			`},`
			`'reload_triggers': {`
			`'svc_systemd:nfs-server:restart',`
			`},`
			`},`
bundles/nfs-server: introduce 2020-11-12 19:59:02 +01:00			`}`
bundles/nfs-server: add iptables config 2021-03-21 11:24:21 +01:00

			`@metadata_reactor.provides(`
modify nodes and bundles for new nftables syntax 2021-06-03 13:59:15 +02:00			`'firewall/port_rules',`
bundles/nfs-server: add iptables config 2021-03-21 11:24:21 +01:00			`)`
modify nodes and bundles for new nftables syntax 2021-06-03 13:59:15 +02:00			`def firewall(metadata):`
bundles/nfs-server: add iptables config 2021-03-21 11:24:21 +01:00			`ips = set()`
			`for share_items in metadata.get('nfs-server/shares', {}).values():`
			`for share_target in share_items:`
bundles/nfs-server: support using node names for shares 2021-06-03 07:45:56 +02:00			`ips.add(share_target)`
bundles/nfs-server: add iptables config 2021-03-21 11:24:21 +01:00
bundles/nfs-server: ensure nfs runs on managed ports, fix firewall rules 2022-02-20 08:24:38 +01:00			`rules = {}`
			`for port in ('111', '2049', '1110', '4045', '35295'): # TODO find out if we need more ports`
			`for proto in ('', '/udp'):`
			`rules[port + proto] = atomic(ips)`

bundles/nfs-server: add iptables config 2021-03-21 11:24:21 +01:00			`return {`
modify nodes and bundles for new nftables syntax 2021-06-03 13:59:15 +02:00			`'firewall': {`
bundles/nfs-server: ensure nfs runs on managed ports, fix firewall rules 2022-02-20 08:24:38 +01:00			`'port_rules': rules,`
bundles/nfs-server: add iptables config 2021-03-21 11:24:21 +01:00			`},`
			`}`