[ansible] sync nfs-clients
by Nicolas Chauvet
commit 19c7a35f8b5adcd70f80c357da6c4462857a6e9a
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Aug 1 10:53:16 2019 +0200
sync nfs-clients
roles/nfs/client/files/idmapd.conf | 114 ++++++++++++++++++++++++++++++++++++
roles/nfs/client/tasks/main.yml | 52 ++++++++---------
2 files changed, 138 insertions(+), 28 deletions(-)
---
diff --git a/roles/nfs/client/files/idmapd.conf b/roles/nfs/client/files/idmapd.conf
new file mode 100644
index 0000000..ef75455
--- /dev/null
+++ b/roles/nfs/client/files/idmapd.conf
@@ -0,0 +1,114 @@
+[General]
+#Verbosity = 0
+# The following should be set to the local NFSv4 domain name
+# The default is the host's DNS domain name.
+Domain = rpmfusion.org
+
+# The following is a comma-separated list of Kerberos realm
+# names that should be considered to be equivalent to the
+# local realm, such that <user>@REALM.A can be assumed to
+# be the same user as <user>@REALM.B
+# If not specified, the default local realm is the domain name,
+# which defaults to the host's DNS domain name,
+# translated to upper-case.
+# Note that if this value is specified, the local realm name
+# must be included in the list!
+#Local-Realms =
+
+[Mapping]
+
+#Nobody-User = nobody
+#Nobody-Group = nobody
+
+[Translation]
+
+# Translation Method is an comma-separated, ordered list of
+# translation methods that can be used. Distributed methods
+# include "nsswitch", "umich_ldap", and "static". Each method
+# is a dynamically loadable plugin library.
+# New methods may be defined and inserted in the list.
+# The default is "nsswitch".
+Method = static
+
+# Optional. This is a comma-separated, ordered list of
+# translation methods to be used for translating GSS
+# authenticated names to ids.
+# If this option is omitted, the same methods as those
+# specified in "Method" are used.
+#GSS-Methods = <alternate method list for translating GSS names>
+
+#-------------------------------------------------------------------#
+# The following are used only for the "static" Translation Method.
+#-------------------------------------------------------------------#
+[Static]
+
+# A "static" list of GSS-Authenticated names to
+# local user name mappings
+
+#someuser@REALM = localuser
+root(a)REDHAT.COM = root
+
+#-------------------------------------------------------------------#
+# The following are used only for the "umich_ldap" Translation Method.
+#-------------------------------------------------------------------#
+
+[UMICH_SCHEMA]
+
+# server information (REQUIRED)
+LDAP_server = ldap-server.local.domain.edu
+
+# the default search base (REQUIRED)
+LDAP_base = dc=local,dc=domain,dc=edu
+
+#-----------------------------------------------------------#
+# The remaining options have defaults (as shown)
+# and are therefore not required.
+#-----------------------------------------------------------#
+
+# whether or not to perform canonicalization on the
+# name given as LDAP_server
+#LDAP_canonicalize_name = true
+
+# absolute search base for (people) accounts
+#LDAP_people_base = <LDAP_base>
+
+# absolute search base for groups
+#LDAP_group_base = <LDAP_base>
+
+# Set to true to enable SSL - anything else is not enabled
+#LDAP_use_ssl = false
+
+# You must specify a CA certificate location if you enable SSL
+#LDAP_ca_cert = /etc/ldapca.cert
+
+# Objectclass mapping information
+
+# Mapping for the person (account) object class
+#NFSv4_person_objectclass = NFSv4RemotePerson
+
+# Mapping for the nfsv4name attribute the person object
+#NFSv4_name_attr = NFSv4Name
+
+# Mapping for the UID number
+#NFSv4_uid_attr = UIDNumber
+
+# Mapping for the GSSAPI Principal name
+#GSS_principal_attr = GSSAuthName
+
+# Mapping for the account name attribute (usually uid)
+# The value for this attribute must match the value of
+# the group member attribute - NFSv4_member_attr
+#NFSv4_acctname_attr = uid
+
+# Mapping for the group object class
+#NFSv4_group_objectclass = NFSv4RemoteGroup
+
+# Mapping for the GID attribute
+#NFSv4_gid_attr = GIDNumber
+
+# Mapping for the Group NFSv4 name
+#NFSv4_group_attr = NFSv4Name
+
+# Mapping for the Group member attribute (usually memberUID)
+# The value of this attribute must match the value of NFSv4_acctname_attr
+#NFSv4_member_attr = memberUID
diff --git a/roles/nfs/client/tasks/main.yml b/roles/nfs/client/tasks/main.yml
index 8117496..17826c1 100644
--- a/roles/nfs/client/tasks/main.yml
+++ b/roles/nfs/client/tasks/main.yml
@@ -1,39 +1,35 @@
-#
-# Install needed packages
-#
-- name: Install needed nfs packages
- yum: pkg={{ item }} state=present
- with_items:
- - nfs-utils
- - rpcbind
+- name: install network-scripts package
+ package: name=network-scripts state=installed
+ when: ansible_distribution_major_version|int >= 29
tags:
- nfs/client
- when: ansible_distribution_major_version|int < 22
-#
-- name: Install needed nfs packages
- dnf: pkg={{ item }} state=present
- with_items:
- - nfs-utils
- - rpcbind
+
+# Setup our idmapd.conf file. It should be loaded automagically.
+- name: idmapd.conf
+ copy: src=idmapd.conf dest=/etc/idmapd.conf
tags:
- nfs/client
- when: ansible_distribution_major_version|int > 21
+ notify:
+ - restart idmapd
-- name: enable nfs-related services and run them (fedora20 only)
- service: name={{ item }} enabled=true state=started
- with_items:
- - rpcbind
- - nfs-lock
- when: ansible_distribution == 'Fedora' and ansible_distribution_major_version|int == 20
+#
+# Install needed packages
+#
+- name: Install needed nfs packages
+ package:
+ name:
+ - nfs-utils
+ - rpcbind
+ state: present
tags:
- nfs/client
-- name: enable nfs-related services and run them (rhel7)
+- name: enable nfs-related services and run them (rhel 7 and Fedora)
service: name={{ item }} enabled=true state=started
with_items:
- rpcbind
- nfs-lock
- when: is_rhel is defined and ansible_distribution_major_version|int == 7
+ when: ansible_distribution_major_version|int == 7
tags:
- nfs/client
@@ -44,17 +40,17 @@
- rpcbind
- nfs
- nfslock
- when: is_rhel is defined and ansible_distribution_major_version|int == 6
+ when: ansible_distribution_major_version|int == 6
tags:
- nfs/client
- name: nfs mount points (online)
mount: >
- name={{ mnt_dir }}
+ name={{ mnt_dir }}
src=nfs-server:/srv/nfs/{{ nfs_src_dir }}
- fstype=nfs
+ fstype=nfs
opts={{nfs_mount_opts}}
- passno=0
+ passno=0
dump=0
state=mounted
tags:
5 years, 5 months