it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Bind mounts are no longer required; removing them

Browse source
This commit is contained in:
Raphael Dannecker 2025-07-02 13:15:21 +02:00
parent 58418bf48f
commit 3ff8d48827
1 changed files with 13 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
roles/lmn_vm/tasks/main.yml
View file

@ -28,46 +28,20 @@
# insertafter: '#auth_unix_rw = "polkit"' # insertafter: '#auth_unix_rw = "polkit"'
# notify: reload libvirtd # notify: reload libvirtd
- name: Configure pam_mount for VM bind mounts # - name: Use umount script for proper cleanup
ansible.builtin.blockinfile: # ansible.builtin.blockinfile:
dest: /etc/security/pam_mount.conf.xml # dest: /etc/security/pam_mount.conf.xml
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (bind mounts for VMs) -->" # marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (umount script needed for bind mounts ordering) -->"
block: | # block: |
<!-- bind mounts for the VMs, setting gid here does not work --> # <!-- Provide special umount script here to handle bind mounts and proper ordering -->
<volume # <umount>/usr/local/sbin/pam-umount.sh %(USER) %(USERUID) %(MNTPT)</umount>
path="~" # insertafter: '^<mntoptions.*'
mountpoint="/lmn/media/%(USER)/home"
options="bind"
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
</volume>
<volume
path="/srv/samba/schools/default-school/share"
mountpoint="/lmn/media/%(USER)/share"
options="bind"
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
</volume>
<volume
path="/srv/samba/schools/default-school"
mountpoint="/lmn/media/%(USER)/school"
options="bind"
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
</volume>
insertafter: "<!-- END ANSIBLE MANAGED BLOCK .* -->"
- name: Use umount script for proper cleanup # - name: Prepare umount script
ansible.builtin.blockinfile: # ansible.builtin.copy:
dest: /etc/security/pam_mount.conf.xml # src: pam-umount.sh
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (umount script needed for bind mounts ordering) -->" # dest: /usr/local/sbin/pam-umount.sh
block: | # mode: '0755'
<!-- Provide special umount script here to handle bind mounts and proper ordering -->
<umount>/usr/local/sbin/pam-umount.sh %(USER) %(USERUID) %(MNTPT)</umount>
insertafter: '^<mntoptions.*'
- name: Prepare umount script
ansible.builtin.copy:
src: pam-umount.sh
dest: /usr/local/sbin/pam-umount.sh
mode: '0755'
- name: Insert domain in default-network - name: Insert domain in default-network
ansible.builtin.lineinfile: ansible.builtin.lineinfile: