Add nfsclient role for mounting data in VM from hypervisor

author: binary <me@rgoncalves.se> 2021-03-03 14:57:10 +0100
committer: binary <me@rgoncalves.se> 2021-03-03 14:57:10 +0100
commit: dde73d89a725ad764509aa623c945cfa789ae2e4 (patch)
tree: bfcdc3325c3edabd9ee51caeab430974f2ce2b15 /roles
parent: 3147612e821c234c8df7a82760b66a6c373f799a (diff)
download: infrastructure-dde73d89a725ad764509aa623c945cfa789ae2e4.tar.gz
7 files changed, 114 insertions, 4 deletions
diff --git a/roles/nfsclient/defaults/main.yml b/roles/nfsclient/defaults/main.yml
new file mode 100644
index 0000000..c1a8e13
--- /dev/null
+++ b/roles/nfsclient/defaults/main.yml
@@ -0,0 +1,7 @@
+
+# nfsclient ~~ roles/nfsclient/vars/main.yml
+
+---
+
+nfsclient_dir: "/data"
+nfsclient_test_dir: "/tmp/nfsd-test"
diff --git a/roles/nfsclient/tasks/_alpine.yml b/roles/nfsclient/tasks/_alpine.yml
new file mode 100644
index 0000000..86e21d9
--- /dev/null
+++ b/roles/nfsclient/tasks/_alpine.yml
@@ -0,0 +1,16 @@
+
+# nfsclient ~~ roles/nfsclient/tasks/_alpine.yml
+# alpine prerequisites
+
+---
+
+- name: install nfs-utils
+  package:
+    name: nfs-utils
+    state: present
+
+- name: ensure that nfsmount is restarted and enabled
+  service:
+    name: nfsmount
+    state: restarted
+    enabled: true
diff --git a/roles/nfsclient/tasks/_openbsd.yml b/roles/nfsclient/tasks/_openbsd.yml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/roles/nfsclient/tasks/_openbsd.yml
diff --git a/roles/nfsclient/tasks/main.yml b/roles/nfsclient/tasks/main.yml
new file mode 100644
index 0000000..f84c926
--- /dev/null
+++ b/roles/nfsclient/tasks/main.yml
@@ -0,0 +1,66 @@
+
+# nfsclient ~~ roles/nfsclient/tasks/main.yml
+# setup nfs client for a given server
+
+---
+
+- name: fallback to default nfs server
+  set_fact:
+    nfsclient_server: "{{ global.nfs_server }}"
+  when: nfsclient_server is not defined
+
+- name: fallback default nfs server directory
+  set_fact:
+    nfsclient_server_dir: "{{ global.nfs_server_dir }}"
+  when: nfsclient_server_dir is not defined
+
+- name: translate server string to server dict if not
+  set_fact:
+    nfsclient_server: "{{ hostvars[nfsclient_server] }}"
+
+- name: include distribution specific prerequisites
+  include_tasks: "_{{ ansible_distribution | lower }}.yml"
+  ignore_errors: true
+
+- name: ensure tmp directory exists for testing nfsd
+  file:
+    path: "{{ nfsclient_test_dir }}"
+    owner: 0
+    group: 0
+    mode: 0700
+    state: directory
+
+- name: test nfs setup
+  shell: mount -t nfs "{{ nfsclient_server.ip.out }}:{{ nfsclient_server_dir }}" /tmp/nfsd-test
+
+- name: cleanup fstab with previous nfs setup
+  lineinfile:
+    path: /etc/fstab
+    regexp: ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:/.* {{ nfsclient_dir }} nfs
+    state: absent
+
+- name: complete fstab with nfs
+  lineinfile:
+    path: /etc/fstab
+    line: "{{ nfsclient_server.ip.out }}:{{ nfsclient_server_dir }} {{ nfsclient_dir }} nfs rw,nodev,nosuid 0 0"
+
+- name: reload fstab
+  shell: |
+    umount -af -t nfs
+    mount -a
+  ignore_errors: true
+
+- name: remove nfs test directory
+  file:
+    path: "{{ nfsclient_test_dir }}"
+    state: absent
+
+- name: register mounted volumes
+  shell: df -P | grep nfs
+  register: out
+
+- name: display mounted volumes 
+  debug:
+    msg: |
+      {{ out.stdout_lines }}
+      {{ out.stderr_lines }}
diff --git a/roles/nfsd/defaults/main.yml b/roles/nfsd/defaults/main.yml
index 792ce23..d116b22 100644
--- a/roles/nfsd/defaults/main.yml
+++ b/roles/nfsd/defaults/main.yml
@@ -8,3 +8,7 @@ nfsd_dirs: "undefined"
 nfsd_config: "/etc/exports"
 nfsd_nb_process: 10
 
+nfsd_user: nfsu
+nfsd_user_id: 2000
+nfsd_group: nfsu
+nfsd_group_id: 2000
diff --git a/roles/nfsd/tasks/main.yml b/roles/nfsd/tasks/main.yml
index 2f64fdb..7da9240 100644
--- a/roles/nfsd/tasks/main.yml
+++ b/roles/nfsd/tasks/main.yml
@@ -13,18 +13,35 @@
   loop:
     - "{{ nfsd_dirs }}"
 
+- name: ensure nfs shared group exists
+  group:
+    name: "{{ nfsd_group }}"
+    gid: "{{ nfsd_group_id }}"
+    system: true
+    state: absent
+
+- name: ensure nfs shared user exists
+  user:
+    name: "{{ nfsd_user }}"
+    uid: "{{ nfsd_user_id }}"
+    group: "{{ nfsd_group }}"
+    system: true
+    state: absent
+
 - name: ensure nfsd directory exists
   file:
     path: "{{ nfsd_dir }}"
-    owner: root
+    owner: 0
+    group: 0
     mode: 0700
     state: directory
 
 - name: ensure directories exists
   file:
     path: "{{ nfsd_dir }}/{{ item }}"
-    owner: root
-    mode: 0700
+    owner: 0
+    group: 0
+    mode: 0777
     state: directory
   loop: "{{ nfsd_dirs.split(' ') if nfsd_dirs is string else nfsd_dirs }}"
 
diff --git a/roles/nfsd/templates/etc-exports.j2 b/roles/nfsd/templates/etc-exports.j2
index 55250dd..2fdbf21 100644
--- a/roles/nfsd/templates/etc-exports.j2
+++ b/roles/nfsd/templates/etc-exports.j2
@@ -4,5 +4,5 @@
 
 {% for host in groups["servers"] %}
 {% set host = dict(hostvars[host]) %}
-/data/nfs/{{ host.ansible_host }} -maproot=root -alldirs {{ host.ip.in if host.ip.in is defined  }} {{ host.ip.out if host.ip.out is defined }} 
+/data/nfs/{{ host.ansible_host }} -maproot=0:0 -alldirs {{ host.ip.in if host.ip.in is defined  }} {{ host.ip.out if host.ip.out is defined }} 
 {% endfor %}
author	binary <me@rgoncalves.se>	2021-03-03 14:57:10 +0100
committer	binary <me@rgoncalves.se>	2021-03-03 14:57:10 +0100
commit	dde73d89a725ad764509aa623c945cfa789ae2e4 (patch)
tree	bfcdc3325c3edabd9ee51caeab430974f2ce2b15 /roles
parent	3147612e821c234c8df7a82760b66a6c373f799a (diff)
download	infrastructure-dde73d89a725ad764509aa623c945cfa789ae2e4.tar.gz