Getting started¶
Default configuration¶
The role by default focuses on the NFSv4 support. The NFSv3 support can be
enabled by setting the nfs_server__v3
variable to True
.
The Kerberos support is not fully implemented at this point.
By default role expects a list of allowed clients in the
nfs_server__allow
variable. Example:
nfs_server__allow: [ '192.0.2.0/24' ]
When this list is not empty and contains IP addresses or CIDR subnets, the role
will allow access to the nfs
service through the firewall and cofigure NFS
exports in the /etc/exports.d/ansible.exports
configuration file. Only the
NFS root pseudo filesystem is defined by default, in the /srv/nfs/
directory. You should define additional exports, for example:
nfs_server__exports:
- path: '/srv/nfs/shared'
acl: '192.0.2.0/24'
options: 'rw,no_subtree_check,no_root_squash'
check the nfs_server__exports documentation for more details.
You can mount the above NFS share on other hosts by using the commands:
mkdir -p /media/nfs/shared
mount -t nfs4 -o proto=tcp,port=2049,_netdev hostname:/shared /media/nfs/shared
You can also add an entry in the /etc/fstab
configuration file:
hostname:/shared /media/nfs/shared nfs4 noatime,nosuid,hard,intr,proto=tcp,port=2049,_netdev 0 0
Refer to the debops.nfs role for information about how to configure NFS shares on other hosts using Ansible.
Example inventory¶
To enable NFS server support on a host, it needs to be included in the Ansible inventory in a specific group:
[debops_service_nfs_server]
hostname
Example playbook¶
If you are using this role without DebOps, here's an example Ansible playbook
that uses the debops.nfs_server
role:
---
- name: Configure NFS Server
collections: [ 'debops.debops', 'debops.roles01',
'debops.roles02', 'debops.roles03' ]
hosts: [ 'debops_service_nfs_server' ]
become: True
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}'
roles:
- role: etc_services
tags: [ 'role::etc_services', 'skip::etc_services', 'role::ferm' ]
etc_services__dependent_list:
- '{{ nfs_server__etc_services__dependent_list }}'
- role: ferm
tags: [ 'role::ferm', 'skip::ferm' ]
ferm__dependent_rules:
- '{{ nfs_server__ferm__dependent_rules }}'
- role: tcpwrappers
tags: [ 'role::tcpwrappers', 'skip::tcpwrappers' ]
tcpwrappers__dependent_allow:
- '{{ nfs_server__tcpwrappers__dependent_allow }}'
- role: nfs_server
tags: [ 'role::nfs_server', 'skip::nfs_server' ]
Ansible tags¶
You can use Ansible --tags
or --skip-tags
parameters to limit what
tasks are performed during Ansible run. This can be used after a host was first
configured to speed up playbook execution, when you are sure that most of the
configuration is already in the desired state.
Available role tags:
role::nfs_server
- Main role tag, should be used in the playbook to execute all of the role tasks as well as role dependencies.