labs: Centralize config of which projects have NFS enabled

Authored by yuvipanda.

Description

labs: Centralize config of which projects have NFS enabled

This introduces:

  • A config file that is the canonical source of truth about which projects have which NFS mounts enabled.
  • A puppet function (nfs_volume_mounted) which can be called to check if a particular volume should be mounted in a particular project.

This replaces the current setup, where the data is contained in
LDAP (set via 'configure' in wikitech) and in hiera (to set
which volumes puppet will actually try to mount).

This also will introduce policy changes:

  • New projects will not get NFS by default anymore
  • Opting into NFS requires that the project owner pokes someone from the Ops team and explains their rationale. This should be reflected in the instructions for requesting a new project at T76375

Follow up changes:

  • Update manage-nfs-volumes deamon to read from this config file than from LDAP
  • Continue auditing projects, removing NFS when not needed (See T102240)

Bug: T102403
Change-Id: I79b71ccd1b1b7c31aa28d590dcc82a9332a28928

Details

Committed
yuvipandaJun 29 2015, 12:53 PM
Parents
rOPUP7dcfca324e08: move text backend_random into "directors"
Branches
Unknown
Tags
Unknown
References
refs/changes/37/218637/22
ChangeId
I79b71ccd1b1b7c31aa28d590dcc82a9332a28928