Getting started
Default configuration
The role by default focuses on the NFSv4 support. The NFSv3 support can be
enabled by setting the nfs_server__v3
variable to True
.
The Kerberos support is not fully implemented at this point.
By default role expects a list of allowed clients in the
nfs_server__allow
variable. Example:
nfs_server__allow: [ '192.0.2.0/24' ]
When this list is not empty and contains IP addresses or CIDR subnets, the role
will allow access to the nfs
service through the firewall and configure NFS
exports in the /etc/exports.d/ansible.exports
configuration file. Only the
NFS root pseudo filesystem is defined by default, in the /srv/nfs/
directory. You should define additional exports, for example:
nfs_server__exports:
- path: '/srv/nfs/shared'
acl: '192.0.2.0/24'
options: 'rw,no_subtree_check,no_root_squash'
check the nfs_server__exports documentation for more details.
You can mount the above NFS share on other hosts by using the commands:
mkdir -p /media/nfs/shared
mount -t nfs4 -o proto=tcp,port=2049,_netdev hostname:/shared /media/nfs/shared
You can also add an entry in the /etc/fstab
configuration file:
hostname:/shared /media/nfs/shared nfs4 noatime,nosuid,hard,intr,proto=tcp,port=2049,_netdev 0 0
Refer to the debops.nfs role for information about how to configure NFS shares on other hosts using Ansible.
Example inventory
To enable NFS server support on a host, it needs to be included in the Ansible inventory in a specific group:
[debops_service_nfs_server]
hostname
Example playbook
If you are using this role without DebOps, here's an example Ansible playbook
that uses the debops.nfs_server
role:
---
- name: Configure NFS Server
collections: [ 'debops.debops', 'debops.roles01',
'debops.roles02', 'debops.roles03' ]
hosts: [ 'debops_service_nfs_server' ]
become: True
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}'
roles:
- role: etc_services
tags: [ 'role::etc_services', 'skip::etc_services', 'role::ferm' ]
etc_services__dependent_list:
- '{{ nfs_server__etc_services__dependent_list }}'
- role: ferm
tags: [ 'role::ferm', 'skip::ferm' ]
ferm__dependent_rules:
- '{{ nfs_server__ferm__dependent_rules }}'
- role: tcpwrappers
tags: [ 'role::tcpwrappers', 'skip::tcpwrappers' ]
tcpwrappers__dependent_allow:
- '{{ nfs_server__tcpwrappers__dependent_allow }}'
- role: nfs_server
tags: [ 'role::nfs_server', 'skip::nfs_server' ]