puppet-cvmfs

This cvmfs module is designed to install, enable and configure CvmFS clients and servers.

For general details on CvmFS see http://cernvm.cern.ch/portal/filesystem

Custom Facts

The module include two customfacts

• cvmfsversion returns the version of cvmfs installed as supplied by '/usr/bin/cvmfs2 --version'
• cvmfspartsize returns the size in megabytes of partition that contains the CVMFS_CACHE_BASE.

These facts will only be available once cvmfs is installed and so configuration of cvmfs is skipped until cvmfs has been installed on the first puppet run. Two puppet runs are required to install and then configure cvmfs.

Client Configuration

To configure a cvmfs client to mount cvmfs repository or a domain a domain of cvmfs repositories use the following.

class{"cvmfs":
  cvmfs_http_proxy  => 'http://ca-proxy.example.org:3128',
  cvmfs_quota_limit => 100
}
cvmfs::mount{'files.example.org:
  cvmfs_server_url  => 'http://web.example.org/cvmfs/files.example.org',
}

or

class{"cvmfs":
  cvmfs_http_proxy  => 'http://ca-proxy.example.org:3128',
  cvmfs_quota_limit => 100,
}

cvmfs::domain{'example.net'
  cvmfs_server_url   => 'http://web.example.org/cvmfs/@fqrn@'
}

Parameters to Cvmfs Class

• config_automounter boolean defaults to true and configures the automounter for cvmfs.

• manage_autofs_service boolean defaults to true, should the autofs service be maintained.

• cvmfs_quota_limit The cvmfs quota size in megabytes. See params.pp for default.

• cvmfs_quota_ratio If set to ration, e.g '0.8' then 0.8 of the partition size the cvmfs cache is on will be used. Setting this assumes you have allocated a partition to cvmfs cache.

• cvmfs_http_proxy List of squid servers, see params.pp for default.

• cvmfs_cache_base Location of the CVMFS cache base, see params.pp for default.

• cvmfs_mount_rw Mount option to mount read-only or read/write, 'yes|no', see params.pp for default.

• cvmfs_follow_redirects Sets CVMFS_FOLLOW_REDIRECTS to its value, by default unset.

• cvmfs_timeout cvmfs timeout setting, see params.pp for default.

• cvmfs_timeout_direct cvmfs timeout to direct connections, see params.pp for default.

• cvmfs_nfiles Number of open files, system setting, see params.pp for default.

• cvmfs_force_signing Boolean defaults to true, repositories must be signed.

• cvmfs_syslog_level Default is in params.pp

• cvmfs_tracefile Create a tracefile at this location.

• cvmfs_debuglog Create a debug log file at this location.

• cvmfs_max_ttl Max ttl, see params.pp for default.

• cvmfs_version Version of cvmfs to install , default is present.

• cvmfs_yum Yum repository URL for cvmfs.

• cvmfs_yum_proxy http proxy for cvmfs yum package repository

• cvmfs_yum_config Yum repository URL for cvmfs site configs.

• cvmfs_yum_config_enabled Defaults to false, set to true to enable.

• cvmfs_yum_testing Yum repository URL for cmvfs testing repository.

• cvmfs_yum_testing_enabled Defaults to false, should the testing repository be enabled.

• cvmfs_yum_testsing_enabled TO DOC

• cvmfs_yum_gpgcheck Defaults to true, set to false to disable GPG checking (Do Not Do This)

• cvmfs_yum_gpgkey Set a custom GPG key for yum repos, you must deploy it yourself.

• cvmfs_use_geoapi TO DOC

• cvmfs_hash Rather than using cvmfs::mount defined type a hash of mounts can be sepecfied. cvmfs_hash {'myrepo' => {'cvmfs_server_url' => 'http://web.example.org/cvmfs/ams.example.org/}

• cvmfs_env_variables $cvmfs_env_variables = {'CMS_LOCAL_SITE' => '' will produce export CMS_LOCAL_SITE=<path to siteconf> in the default.local file.

Puppet databindings allows all the above settings to be set via hiera. In this case it is not nescesary to include class{'cvmfs':}.

---
cvmfs::cvmfs_quota_limit: 100
cvmfs::cvmfs_nfiles: 20000

Cvmfs::Mount Type

To mount individual repositories optionally with a particular configuration on each repository. e.g

cvmfs::mount{'lhcb.example.org':
}
cvmfs::mount{'atlas.example.org': 
  cvmfs_timeout => 50 
}
cvmfs::mount{'cms.example.org': 
  cvmfs_timeout    => 100,
  cvmfs_server_url => 'http://web.example.org/cms.cern.ch' 
}

Cvmfs::Mount Type Parameters

• namevar The namevar is the repository name, e.g atlas.example.ch
• cvmfs_repo_list A boolean defaults to true. Should this repository be included in the list of repositories listed as CVMFS_REPOSITORIES with /etc/cvmfs/default.local.
• cvmfs_follow_redirects Sets CVMFS_FOLLOW_REDIRECTS to its value, by default unset.
• TBC

In addition to creating mounts as above the create_resources('cvmfs::mount',{}) function is called allowing the mounts to be specified in a hiera yaml file:

---
cvmfs::mount:
  atlas.example.ch:
    cvmfs_quota_limit: 10000
  atlas-condb.example.ch:
       {}
  atlas-nightlies.example.ch:
    cvmfs_server_url: http://cvmfs-atlas-nightlies.example.ch/cvmfs/atlas-nightlies.example.ch

which will enable these three mount points with the specified options.

Cvmfs::Domain Type

A cvmfs domain file can be created with the cvmfs::domain type

cvmfs::domain{'example.org':
     cvmfs_server_url => 'http://host1.example.org/@repo@;http://host2.example2.org/@repo@',
     cvmfs_public_key => '/etc/cvmfs/keys/key1.pub,/etc/cvmfs/keys/key2.pub'
}

Cvmfs::Domain Type Parameters

• namevar The namevar is the domain name, e.g example.ch
• cvmfs_follow_redirects Sets CVMFS_FOLLOW_REDIRECTS to its value, by default unset.
• TBC

Fsck Module

An optional class 'cvmfs::fsck' can be included to enable a cron job to regualarly run fsck on cvmfs systems.

class{'cvmfs::fsck':
   options => '-p',
   onreboot => true
}

In addition a cron will be created to purge quarentine corrupted files after 30 days.

Fsck Options

• options Will pass parameters to the cvmfs_fsck command, by default none will be passed.
• onreboot If set to true a @reboot job will be set to run cvmfs_fsck at boot time. Default is false.

Stratum 0 Configuration

There are currently two options to configure a stratum 0. The class method only supports one stratum one and will at some point be deprecated.

Stratum 0 Configuration as a Class

class{'cvmfs::server':
 repo   => 'ilc.example.org',
 pubkey => 'public.example.org'
}

See the docs in cvmfs::server for explanation of parameters.

Stratum 0 Configuration as a Defined Type

A new method where each stratum 0 can be configured as an instance. The advantage here is that multiple stratum zeros can be configured per server. The previous class method will be deprecated at some future point.

cvmfs::zero{'files.example.org':
   repo_store => '/mybigdisk',
   spool_store => '/var/spool/cvmfs',
   user        => steve,
   uid         => 500
}

Stratum 0 Parameters

• clientuesr If set will specify the user running the cvmfs_client on the server. Optinal.
• claim_ownership. By default false if true it enables the CVMFS_CLAIM_OWNERSHIP option the server's client instance.
• group The group name that will manage the repository and own the files on the server.
• home The home directory of the user account that owns the cvmfs repositories. The default value is repo_store/repo/user.
• gid The gid fo the group, it defaults to the be same as the uid, defaults to the user setting.
• repo the fully qualified repository name. Defaults the *name* value of the instance. e.g example.domain.org`.
• repo_store large disk location where the cvmfs repositories are stored. Defaults to /srv/cvmfs.
• nofiles The nofiles the user is permitted to open. Defaults to 65000
• spool_store location of files internal to a cvmfs server.
• uid The uid of the user
• user The user name that will manage the repository and own the files on the server.
• auto_tag Boolean to set CVMFS_AUTO_TAG, defaults to false.
• garbage_collection to set CVMFS_GARBAGE_COLLECTION defaults to false.
• auto_gc to set CVMFS_AUTO_GC defaults to false.
• auto_gc_timespan to set CVMFS_AUTO_GC_TIMESPAN defaults to 3 days ago.
• ignore_xdir_hardlinks boolean to set to CVMFS_IGNORE_XDIR_HARDLINKS defaults to false.

Stratum 0 Examples

A common case is to mount a device or nfs storage volume to use as the repo store. In this case the mount should happen before cvmfs::zero populates the area. For example two repositories stoed on two block device /dev/vdb and /dev/vdc.

mount{'/srv/cvmfs/files.example.org':
  ensure  => mounted,
  device  => '/dev/vdb',
  options => 'rw,noatime,nodiratime,nobarrier,user_xattr'
  require => File['/srv/cvmfs/files.example.org'],
  before  => File['/srv/cvmfs/files.example.org/data']
}
mount{'/srv/cvmfs/objects.example.org':
  ensure  => mounted,
  device  => '/dev/vdc',
  options => 'rw,noatime,nodiratime,nobarrier,user_xattr'
  require => File['/srv/cvmfs/objects.example.org'],
  before  => File['/srv/cvmfs/objects.example.org/data']
}

cvmfs::zero{'files.example.org':
   user => 'steve',
   uid  => 200,
}
cvmfs::zero{'objects.example.org':
   user => 'andrew',
   uid  => 201,
}

Migrating Stratum 0 Class to Stratum 0 Type

The class based stratum 0 will be deprecated at some point. The differences are:

1. The new type no longer attempts to manage a symbolic link to a master key. If desired this should be done by the addition of symbolic link outside of cvmfs::zero.
2. The new type no longer supports mounting e.g nfs volumes. This myst be done externally as per the example above.

Replacing

class{'cvmfs::server':
 repo   => 'ilc.example.org',
 pubkey => 'public.example.org',
 user   => 'shared',
 uid    => 101
}

with

cvmfs::zero{'ilc.example.org':
   user => shared,
   uid  => 101
}
file{'/etc/cvmfs/keys/ilc.example.org':
   ensure  => link,
   target  => '/etc/cvmfs/keys/public.example.org.pem',
   require => Package['cvmfs']
}

Stratum One Configuration

A stratum one can be configured for multiple repositories with a

cvmfs::one{'mice.example.org':
  origin => 'http://cvmfs01.example.org/cvmfs',
  keys   => ['/etc/cvmfs/keys/example1.pub','/etc/cvmfs/keys/example1.pub']
}

See cvmfs::one.pp for more details of parameters.

Tests

To run standalone tests

bundle install
bundle exec rake validate
bundle exec rake lint
bundle exec rake spec

The acceptance tests by default use vagrant and vargrant-libvirtd so ensure they are working or provide beaker configuration for your own hypervisor.

This example mutates the virtualbox images from puppetlabs into ones suitable for libvirt.

vagrant plugin install vagrant-mutate
vagrant mutate https://vagrantcloud.com/puppetlabs/boxes/centos-6.6-64-nocm/versions/1.0.1/providers/virtualbox.box libvirt
vagrant box repackage virtualbox libvirt 0
vagrant box add puppetlabs/centos-6.6-64-nocm ./package.box
bundle install
BEAKER_debug=yes bundle exec rspec spec/acceptance
# or with docker
BEAKER_debug=yes BEAKER_setfile=spec/acceptance/nodesets/docker.yml bundle exec rspec spec/acceptance

License

Apache II License for all files except automaster.aug which is copied from the http://augeas.net project. The automaster.aug file is LGPL v2+.

Contact

Steve Traylen steve.traylen@cern.ch

Support

https://github.com/cvmfs/puppet-cvmfs

##2015-08-04 - Release 0.9.0

##Features

• A tmpwatch -f 30d now runs as weekly cron withing cvmfs::fsck to purge quarentined files.

##2015-07-07 - Release 0.8.0

##Features

• Tests now check default configuration do not change.
• CVMFS_FOLLOW_REDIRECTS can now be set globally, per repo or per domain.
• New onreboot paramter to fsck module runs an fsck on reboot. Default false.
• zfs kernel module built for aufs kernel may now be installed on stratum0s.

##2015-06-22 - Release 0.7.0 ##Features

• New option defaults cvmfs::fsck::options allows an option, e.g. -p to parsed to cvmfs_fsck cron.

##Bugfixes

• Reintroduce $::concat_basedir in tests since puppetlabs-concat was reverted to version 1.

##2015-06-10 - Release 0.6.0 ##Features

• Garbage collection parameters for stratum 0.
• CVMFS_IGNORE_XDIR_HARDLINKS can be set on stratum 0.

##2015-05-06 - Release 0.5.0 ##Deprecations

• All the hiera variables explicity called from params.pp file are now deprecated. These variables include. cvmfs_config_automaster, cvmfs_quota_limit, cvmfs_quota_limit, cvmfs_quota_ratio, cvmfs_http_proxy, cvmfs_server_url, cvmfs_cache_base, cvmfs_timeout, cvmfs_nfiles, cvmfs_public_key, cvmfs_force_signing, cvmfs_syslog_level, cvmfs_tracefile, cvmfs_debuglog cvmfs_max_ttl, cvmfs::mount, cvmfsversion, cvmfs_yum, cvmfs_yum_testing, cvmfs_yum_proxy cvmfs_kernel_version, cvmfs_yum_kernel, cvmfs_yum_kernel_enabled Instead use the hiera binding that maps to one of the paramters of the cvmfs class, e.g cvmfs_quota_limit becomes cvmfs::cvmfs_quota_limit A future version of this module will print a warning if these variables are still being used.

##Features

• Beaker acceptence tests now added for client. Configures a client and mounts the cms.cern.ch and atlas.cern.ch repositories.
• The fact ::operatingsystemmajrelease is used everywhere now to determine major OS version.
• Unit tests for yumrepos.
• The GPG key location for packages in the cvmfs yum repositories can now be specified.
• The GPG check of packages can be disabled in the yum repository configuration.
• The new cvmfs-config repository is now configured but is disabled by default.

##Bugfixes

• The examples in the README now work.

##2015-04-30 - Release 0.4.4 ###Bugfixes

• Correct erwbgy-limits version dependency.

##2015-04-30 - Release 0.4.3 ###Bugfixes

• Fix github to puppetforge publishing.

##2015-04-30 - Release 0.4.2 ###Bugfixes

• Fix github to puppetforge publishing.

##2015-04-29 - Release 0.4.1 ###Bugfixes

• Fix github to puppetforge publishing.

##2015-04-29 - Release 0.4.0

###Features

• New paramter cvmfs_repo_list allows entries of CVMFS_REPOSITORIES to be fine tuned per cvmfs::mount. https://github.com/cvmfs/puppet-cvmfs/pull/22
• New paramter manage_autofs_service controls if autofs service should be managed module. Existing paramter config_automaster now only configures auto.master file - @jcpunk.
• New type cvmfs::zero to configure a CvmFS stratum 0. The existing class cvmfs::server for stratum 0s will be deprecated at some future date.
• Doc changes for latest PL style guide. CHANGELOG is now markdown. Docs for classes and types being migrated from them to README.md.
• puppet-cvmfs is now autodeployed to puppetforge once tagged.
• CvmFS env settings can now be set globally as well per domain or mount.
• New variable cvmfs_domain_hash allows a hash of CvmFS domains to loaded from hiera.
• New variable cvmfs_use_geoapi can be set globally, per domain or mount to influence CVMFS_USE_GEOAPI
• rspec functional tests now exist for class cvmfs and types cvmfs::zero, cvmfs::mount and cvmfs::domain.

###Bugfixes

• cvmfs-config* packages can now be installed on cvmfs servers.
• All references to deprecated concat::setup removed - @berghaus.
• Vague use of undef was failing under furture parser or puppet 4.0

##2015-03-06 - Release 0.3.3

###Features

• do not control autofs service when asked not to.
• Install mod_wsgi and configure for geoip on stratum 1.
• Allow a http proxy for yum repos to be configured.
• Migrate to puppetlabs lint tests.

###Bugfixes

##2014-06-18 - Release 0.3.2

###Features

• server - seperate yum configuration for server and client.
• server - Add nofiles paramter to server class to allow no open files to be specified for the user running the cvmfs server.
• server - An exact kernel version is no longer specified.
• README file converted to markdown, now README.md.
• client - new defined type cvmfs::domain to create .local file in /etc/cvmfs/domain.d.
• client - cvmfs::init class is now paramatised so supports that in addition to hiera.

###Bugfixes

• server - force a public key file location to be specified.
• server - when disabling selinux on server specify an augeas scope

##2014-03-27 - Release 0.2.2

###Features

###Bugfixes

• bugfix for cvmfs_public_key variable.

##2014-01-16 - Release 0.2.1

###Features

###Bugfixes

• Puppet 3.4 compatability for ensure_resources.