Implement NFS4 server role.
This commit is contained in:
Andreas B. Mundt
parent
7e1332ee46
commit
ece5bca5b5
4 changed files with 104 additions and 0 deletions
4
roles/nfs-server/defaults/main.yml
Normal file
4
roles/nfs-server/defaults/main.yml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
export_root: /srv/nfs4
|
||||
export_dir: /home/lan
|
||||
ldap_domain: "{{ ansible_domain | default('intern', true) }}"
|
||||
basedn: "{{ 'dc=' + ( ldap_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}"
|
||||
11
roles/nfs-server/handlers/main.yml
Normal file
11
roles/nfs-server/handlers/main.yml
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
- name: restart nfs-kernel-server
|
||||
service: name=nfs-kernel-server state=restarted enabled=yes
|
||||
listen: "restart nfs-kernel-server"
|
||||
|
||||
- name: restart rpc-svcgssd
|
||||
service: name=rpc-svcgssd state=restarted enabled=yes
|
||||
listen: "restart rpc-svcgssd"
|
||||
|
||||
- name: restart sssd
|
||||
service: name=sssd state=restarted enabled=yes
|
||||
listen: "restart sssd"
|
||||
65
roles/nfs-server/tasks/main.yml
Normal file
65
roles/nfs-server/tasks/main.yml
Normal file
|
|
@ -0,0 +1,65 @@
|
|||
## Install and configure nfs-server
|
||||
---
|
||||
- name: check if there are installing
|
||||
stat: path=/etc/exports
|
||||
register: exports
|
||||
|
||||
- name: install nfs-kernel-server
|
||||
apt:
|
||||
name:
|
||||
- nfs-kernel-server
|
||||
state: latest
|
||||
|
||||
- name: make sure the export exists
|
||||
file: path={{ export_root }}/home/ state=directory recurse=yes
|
||||
|
||||
- name: make sure the export exists
|
||||
file: path={{ export_dir }} state=directory recurse=yes
|
||||
|
||||
- name: bind mount exported dir
|
||||
mount:
|
||||
path: "{{ export_root }}/home/"
|
||||
src: "{{ export_dir }}"
|
||||
fstype: none
|
||||
state: mounted
|
||||
opts: bind
|
||||
|
||||
- name: configure exports
|
||||
blockinfile:
|
||||
dest: /etc/exports
|
||||
insertbefore: EOF
|
||||
block: |
|
||||
{{ export_root }} *(sec=krb5p:krb5i:krb5:sys,rw,fsid=0,crossmnt,no_subtree_check)
|
||||
{{ export_root }}/home/ *(sec=krb5p:krb5i,rw,no_subtree_check)
|
||||
notify: "restart nfs-kernel-server"
|
||||
|
||||
|
||||
|
||||
- name: check if there is a local kadmin
|
||||
stat: path=/usr/sbin/kadmin.local
|
||||
register: kadmin
|
||||
|
||||
- name: create machine principal
|
||||
command: kadmin.local -q "addprinc -randkey nfs/{{ ansible_hostname }}.{{ ansible_domain }}"
|
||||
when: kadmin.stat.exists and not exports.stat.exists
|
||||
|
||||
- name: add principal to the keytab
|
||||
command: kadmin.local -q "ktadd nfs/{{ ansible_hostname }}.{{ ansible_domain }}"
|
||||
notify: "restart rpc-svcgssd"
|
||||
when: kadmin.stat.exists and not exports.stat.exists
|
||||
|
||||
- name: install sssd-krb5
|
||||
apt:
|
||||
name:
|
||||
- sssd-krb5
|
||||
- sssd-ldap
|
||||
state: latest
|
||||
when: kadmin.stat.exists
|
||||
|
||||
- name: provide identities from directory
|
||||
template:
|
||||
src: sssd.conf.j2
|
||||
dest: /etc/sssd/sssd.conf
|
||||
mode: 0600
|
||||
notify: restart sssd
|
||||
when: kadmin.stat.exists
|
||||
24
roles/nfs-server/templates/sssd.conf.j2
Normal file
24
roles/nfs-server/templates/sssd.conf.j2
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
[sssd]
|
||||
domains = LDAP
|
||||
services = nss, pam
|
||||
config_file_version = 2
|
||||
|
||||
[nss]
|
||||
filter_groups = root
|
||||
filter_users = root
|
||||
|
||||
[pam]
|
||||
|
||||
[domain/LDAP]
|
||||
id_provider = ldap
|
||||
ldap_uri = ldap://{{ ansible_hostname }}/
|
||||
ldap_search_base = {{ basedn }}
|
||||
|
||||
auth_provider = krb5
|
||||
krb5_server = {{ ansible_hostname }}
|
||||
krb5_realm = {{ ldap_domain | upper }}
|
||||
cache_credentials = false
|
||||
|
||||
min_id = 10000
|
||||
max_id = 20000
|
||||
enumerate = False
|
||||
Loading…
Add table
Reference in a new issue