Added roles nfs/server and nfs/export
parent
24ab62d6a0
commit
4e6df015f5
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
export_name: "{{ real_path | basename }}"
|
||||||
|
# real_path: "/exported/path"
|
||||||
|
export_path: "{{ root_directory }}/{{ export_name }}"
|
||||||
|
export_config_name: "{{ export_name | regex_replace('/', '-') }}"
|
||||||
|
mount_unit_name: "{{ export_path | regex_replace('^/') | regex_replace('/', '-') }}.mount"
|
||||||
|
|
||||||
|
export_hosts:
|
||||||
|
- "*"
|
||||||
|
squash_user: "nfs_exports" # If not empty, creates user and changes requests to it
|
||||||
|
readonly: on # export is readonly
|
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: mount export
|
||||||
|
systemd:
|
||||||
|
enabled: yes
|
||||||
|
name: "{{ mount_unit_name }}"
|
||||||
|
state: restarted
|
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
allow_duplicates: yes
|
||||||
|
|
||||||
|
dependencies:
|
||||||
|
- role: misc/handlers
|
||||||
|
- role: nfs/server
|
@ -0,0 +1,47 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Create user account for export
|
||||||
|
user:
|
||||||
|
state: present
|
||||||
|
name: "{{ squash_user }}"
|
||||||
|
system: yes
|
||||||
|
shell: "/bin/false"
|
||||||
|
create_home: no
|
||||||
|
when: squash_user != ""
|
||||||
|
register: user_info
|
||||||
|
|
||||||
|
- name: Create original export directory
|
||||||
|
file:
|
||||||
|
state: directory
|
||||||
|
path: "{{ real_path }}"
|
||||||
|
owner: "{{ squash_user | default('root') }}"
|
||||||
|
group: "{{ squash_user | default('root') }}"
|
||||||
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
|
||||||
|
- name: Create directory for bind mount
|
||||||
|
file:
|
||||||
|
state: directory
|
||||||
|
path: "{{ export_path }}"
|
||||||
|
owner: "{{ squash_user | default('root') }}"
|
||||||
|
group: "{{ squash_user | default('root') }}"
|
||||||
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
|
||||||
|
- name: Configure bind mount
|
||||||
|
template:
|
||||||
|
src: bind.mount
|
||||||
|
dest: "{{ global_systemd_configuration_directory }}/{{ mount_unit_name }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=r
|
||||||
|
notify:
|
||||||
|
- reload systemd
|
||||||
|
- mount export
|
||||||
|
|
||||||
|
- name: Configure export
|
||||||
|
template:
|
||||||
|
src: export.exports
|
||||||
|
dest: "{{ exports_config_directory }}/{{ export_config_name }}.exports"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=r
|
||||||
|
notify: reload nfs exports
|
@ -0,0 +1,10 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Bind Mount for NFS of {{ export_name }}
|
||||||
|
|
||||||
|
[Mount]
|
||||||
|
What={{ real_path }}
|
||||||
|
Where={{ export_path }}
|
||||||
|
Options=bind
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -0,0 +1,7 @@
|
|||||||
|
{{ root_directory }}/{{ export_name }} {% for host in export_hosts -%}
|
||||||
|
{{ host }}({{ readonly | ternary('ro', 'rw') }},sync
|
||||||
|
{%- if squash_user != "" -%}
|
||||||
|
,all_squash,anonuid={{ user_info.uid }},anongid={{ user_info.group }}
|
||||||
|
{%- endif -%}
|
||||||
|
,crossmnt,no_subtree_check)
|
||||||
|
{%- endfor %}
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
root_directory: "{{ global_webservers_directory }}/nfs"
|
||||||
|
|
||||||
|
exports_config: "/etc/exports"
|
||||||
|
exports_config_directory: "/etc/exports.d"
|
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: reload nfs exports
|
||||||
|
# export all = read config files, reexport = disable removed entries, be verbose
|
||||||
|
command: exportfs -arv
|
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
allow_duplicates: no
|
@ -0,0 +1,39 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Install required packages
|
||||||
|
apt:
|
||||||
|
state: present
|
||||||
|
name:
|
||||||
|
- nfs-kernel-server
|
||||||
|
|
||||||
|
- name: Create exports root directory
|
||||||
|
file:
|
||||||
|
state: directory
|
||||||
|
path: "{{ root_directory }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
|
||||||
|
- name: Configure exports root
|
||||||
|
template:
|
||||||
|
src: root.exports
|
||||||
|
dest: "{{ exports_config }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=r
|
||||||
|
notify:
|
||||||
|
- reload nfs exports
|
||||||
|
|
||||||
|
- name: Create exports config directory
|
||||||
|
file:
|
||||||
|
state: directory
|
||||||
|
path: "{{ exports_config_directory }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
|
||||||
|
- name: Allow ports in firewall
|
||||||
|
ufw:
|
||||||
|
rule: allow
|
||||||
|
port: "{{ global_nfs_port }}"
|
||||||
|
proto: tcp
|
@ -0,0 +1 @@
|
|||||||
|
{{ root_directory }} *(ro,sync,all_squash,no_subtree_check,fsid=root)
|
Loading…
Reference in New Issue