Getting started

Default configuration

The role by default focuses on the NFSv4 support. The NFSv3 support can be enabled by setting the nfs_server__v3 variable to True. The Kerberos support is not fully implemented at this point.

By default role expects a list of allowed clients in the nfs_server__allow variable. Example:

nfs_server__allow: [ '192.0.2.0/24' ]

When this list is not empty and contains IP addresses or CIDR subnets, the role will allow access to the nfs service through the firewall and configure NFS exports in the /etc/exports.d/ansible.exports configuration file. Only the NFS root pseudo filesystem is defined by default, in the /srv/nfs/ directory. You should define additional exports, for example:

nfs_server__exports:
  - path: '/srv/nfs/shared'
    acl: '192.0.2.0/24'
    options: 'rw,no_subtree_check,no_root_squash'

check the nfs_server__exports documentation for more details.

You can mount the above NFS share on other hosts by using the commands:

mkdir -p /media/nfs/shared
mount -t nfs4 -o proto=tcp,port=2049,_netdev hostname:/shared /media/nfs/shared

You can also add an entry in the /etc/fstab configuration file:

hostname:/shared   /media/nfs/shared   nfs4   noatime,nosuid,hard,intr,proto=tcp,port=2049,_netdev   0   0

Refer to the debops.nfs role for information about how to configure NFS shares on other hosts using Ansible.

Example inventory

To enable NFS server support on a host, it needs to be included in the Ansible inventory in a specific group:

[debops_service_nfs_server]
hostname

Example playbook

If you are using this role without DebOps, here's an example Ansible playbook that uses the debops.nfs_server role:

---

- name: Configure NFS Server
  collections: [ 'debops.debops', 'debops.roles01',
                 'debops.roles02', 'debops.roles03' ]
  hosts: [ 'debops_service_nfs_server' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  roles:

    - role: etc_services
      tags: [ 'role::etc_services', 'skip::etc_services', 'role::ferm' ]
      etc_services__dependent_list:
        - '{{ nfs_server__etc_services__dependent_list }}'

    - role: ferm
      tags: [ 'role::ferm', 'skip::ferm' ]
      ferm__dependent_rules:
        - '{{ nfs_server__ferm__dependent_rules }}'

    - role: tcpwrappers
      tags: [ 'role::tcpwrappers', 'skip::tcpwrappers' ]
      tcpwrappers__dependent_allow:
        - '{{ nfs_server__tcpwrappers__dependent_allow }}'

    - role: nfs_server
      tags: [ 'role::nfs_server', 'skip::nfs_server' ]

Ansible tags

You can use Ansible --tags or --skip-tags parameters to limit what tasks are performed during Ansible run. This can be used after a host was first configured to speed up playbook execution, when you are sure that most of the configuration is already in the desired state.

Available role tags:

role::nfs_server

Main role tag, should be used in the playbook to execute all of the role tasks as well as role dependencies.