Skip to content

Latest commit

 

History

History

nfs_server

Folders and files

NameName
Last commit message
Last commit date

parent directory

..

defaults

defaults

 
 

files/etc/samba

files/etc/samba

 
 

handlers

handlers

 
 

meta

meta

 
 

tasks

tasks

 
 

templates/etc

templates/etc

 
 

vars

vars

 
 

README.md

README.md

 
 

README.md

NFS Server

Description

The nfs_server role creates zfs filesystems, configures NFS and SMB shares, adds autofs entries, and sets POSIX permissions and ACLs on the corresponding directories.

This role also manages home directories, which are considered a special case. Both users and groups can have home directories. User home directories are owned by the user, whereas group home directories are group-owned by the group. In either case, two subdirectories are created: priv and pub.

The priv directory is private to the user or group, while the pub directory is world-readable. Both of directories get added to the automount map auto.nfs_user, but the priv directory is also is automounted as /home/$USER.

This role was written with the assumption that you're using ZFS for the underlying storage.

The lists and mappings for these role variables are somewhat complex. It's probably easiest to start with the example playbook in the Usage section at the bottom of this document.

Variables

This role accepts the following variables:

Variable Default Description
nfs_mountd_port 20048 NFS mountd listening port
nfs_exports [] NFS exports to create (see format below)
smb_shares [] SMB shares to create (see format below)
nfs_homedirs [] Home directories to create (see format below)
nfs_homedir_user_dataset tank/user ZFS dataset for user home directories
nfs_homedir_group_dataset tank/group ZFS dataset for group directories
nfs_homedir_priv_quota 50G Default usage quota for private home/group directories
nfs_homedir_pub_quota 10G Default usage quota for public home/group directories
nfs_homedir_options rw Export options for home/group directories
nfs_homedir_clients [] NFS clients for home/group directories (see format below)

nfs_exports

The nfs_exports variable is used to configure NFS shares. It should contain a list of dictionaries of the following format:

Key Default Description
path   Path of export
dataset   ZFS dataset to export
group   Group owner for directory
mode   Octal permissions for directory
acl [] List of POSIX ACL entries for directory (see format below)
options [] Export options (comma-separated or list, see man 5 exports)
clients [] List of clients (see format below)
automount_map   Automount map name for export
automount_key basename of path Automount key name for export
smb_share   Also create SMB share with given share name

Either path or dataset should be specified, but not both.

acl

The acl key of an nfs_exports list item should contain a list of POSIX ACLS, represented by dictionaries of the following format:

Key Default Description
entity   User or group name
etype   Entity type (either user or group)
permissions   Some combination of r, w, x, or X
default no Apply ACL to all children of directory

See man 5 acl for more details.

clients

The clients key of an nfs_exports list item should contain a list of NFS clients, represented by dictionaries of the following format:

Key Default Description
client   Client CIDR, IP address, or hostname
options   Client-specific export options (comma-separated or list, see man 5 exports)

smb_shares

The smb_shares variable is used to configure SMB shares. It should contain a list of dictionaries of the following format:

Key Default Description
name   Share name
path   Share path

nfs_homedirs

The nfs_homedirs variable is used to configure user and group home directories that should live on the host. It should contain a list of dictionaries of the following format:

Key Default Description
user   User name
group   Group name
priv_quota {{ nfs_homedir_priv_quota }} priv directory quota
pub_quota {{ nfs_homedir_pub_quota }} pub directory quota

Specifying user creates a user home directory. Specifying group creates a group home directory. You should not specify user and group at the same time.

nfs_homedir_clients

The nfs_homedir_clients variable is used to configure client access for home directory exports. It should contain a list of dictionaries of the following format:

Key Default Description
client   Client IP, CIDR, or hostname
options [] Export options (comma-separated or list, see man 5 exports)

Usage

Example playbook:

- name: configure nfs/smb exports
  hosts: nas1
  roles:
    - role: nfs_server
      vars:
        nfs_exports:
          - dataset: tank/media/pictures
            group: role-photo-admin
            mode: 02770
            acl:
              - entity: role-photo-admin
                etype: group
                permissions: rwX
                default: yes
            options: rw,crossmnt
            clients:
              - client: 10.10.10.0/24
                options: sec=krb5p
            automount_map: auto.nfs_media

          - dataset: tank/media/music
            group: role-music-admin
            mode: 02770
            acl:
              - entity: role-music-admin
                etype: group
                permissions: rwX
                default: yes

              - entity: role-music-access
                etype: group
                permissions: rX
                default: yes
            options: rw,crossmnt
            clients:
              - client: 10.10.10.0/24
                options: sec=krb5p
            automount_map: auto.nfs_media

        nfs_homedir_clients:
          - client: 10.10.10.0/24
            options: sec=krb5p

          - client: 10.10.11.0/24
            options: sec=sys

        nfs_homedirs:
          - user: johndoe
            priv_quota: 250G
          - user: janedoe
            priv_quota: 250G
          - group: doefamily
            priv_quota: 500G

        smb_shares:
          - name: media
            path: /tank/media