kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 2 Releases Activity

bundles/nfs-server: ensure nfs runs on managed ports, fix firewall rules
Some checks failed
kunsi/bundlewrap/pipeline/head There was a failure building this commit
Details

Browse source
This commit is contained in:
Franzi 2022-02-20 08:24:38 +01:00
parent 6267b4c33d
commit 88891b44be
Signed by: kunsi
GPG key ID: 12E3D2136B818350
4 changed files with 41 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

22
bundles/nfs-server/metadata.py
View file

@ -11,6 +11,15 @@ defaults = {
},
},
},
'sysctl': {
'options': {
'fs.nfs.nlm_udpport': 4045,
'fs.nfs.nlm_tcpport': 4045,
},
'reload_triggers': {
'svc_systemd:nfs-server:restart',
},
},
}
@ -19,18 +28,17 @@ defaults = {
)
def firewall(metadata):
ips = set()
for share_items in metadata.get('nfs-server/shares', {}).values():
for share_target in share_items:
ips.add(share_target)
rules = {}
for port in ('111', '2049', '1110', '4045', '35295'): # TODO find out if we need more ports
for proto in ('', '/udp'):
rules[port + proto] = atomic(ips)
return {
'firewall': {
'port_rules': {
'111': atomic(ips),
'111/udp': atomic(ips),
'2049': atomic(ips),
'35295': atomic(ips),
},
'port_rules': rules,
},
}