1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
|
NFS Server
==========
Description
-----------
The `nfs_server` role creates [zfs](../zfs/) filesystems, configures NFS and SMB
shares, adds `autofs` entries, and sets POSIX permissions and ACLs on the
corresponding directories.
This role also manages home directories, which are considered a special case.
Both users and groups can have home directories. User home directories are
owned by the user, whereas group home directories are group-owned by the group.
In either case, two subdirectories are created: `priv` and `pub`.
The `priv` directory is private to the user or group, while the `pub` directory
is world-readable. Both of directories get added to the automount map
`auto.nfs_user`, but the `priv` directory is also is automounted as `/home/$USER`.
This role was written with the assumption that you're using ZFS for the
underlying storage.
The lists and mappings for these role variables are somewhat complex. It's
probably easiest to start with the example playbook in the [Usage](#usage)
section at the bottom of this document.
Variables
---------
This role **accepts** the following variables:
Variable | Default | Description
----------------------------|--------------|------------
`nfs_mountd_port` | `20048` | NFS `mountd` listening port
`nfs_exports` | `[]` | NFS exports to create (see [format](#nfs_exports) below)
`smb_shares` | `[]` | SMB shares to create (see [format](#smb_shares) below)
`nfs_homedirs` | `[]` | Home directories to create (see [format](#nfs_homedirs) below)
`nfs_homedir_user_dataset` | `tank/user` | ZFS dataset for user home directories
`nfs_homedir_group_dataset` | `tank/group` | ZFS dataset for group directories
`nfs_homedir_priv_quota` | `50G` | Default usage quota for private home/group directories
`nfs_homedir_pub_quota` | `10G` | Default usage quota for public home/group directories
`nfs_homedir_options` | `rw` | Export options for home/group directories
`nfs_homedir_clients` | `[]` | NFS clients for home/group directories (see [format](#nfs_homedir_clients) below)
### nfs\_exports
The `nfs_exports` variable is used to configure NFS shares. It
should contain a list of dictionaries of the following format:
Key | Default | Description
----------------|--------------------|-----------
`path` | | Path of export
`dataset` | | ZFS dataset to export
`group` | | Group owner for directory
`mode` | | Octal permissions for directory
`acl` | `[]` | List of POSIX ACL entries for directory (see [format](#acl) below)
`options` | `[]` | Export options (comma-separated or list, see `man 5 exports`)
`clients` | `[]` | List of clients (see [format](#clients) below)
`automount_map` | | Automount map name for export
`automount_key` | basename of `path` | Automount key name for export
`smb_share` | | Also create SMB share with given share name
Either `path` or `dataset` should be specified, but not both.
#### acl
The `acl` key of an `nfs_exports` list item should contain a list of POSIX
ACLS, represented by dictionaries of the following format:
Key | Default | Description
--------------|---------|------------
`entity` | | User or group name
`etype` | | Entity type (either `user` or `group`)
`permissions` | | Some combination of `r`, `w`, `x`, or `X`
`default` | no | Apply ACL to all children of directory
See `man 5 acl` for more details.
#### clients
The `clients` key of an `nfs_exports` list item should contain a list of NFS
clients, represented by dictionaries of the following format:
Key | Default | Description
-----------|---------|------------
`client` | | Client CIDR, IP address, or hostname
`options` | | Client-specific export options (comma-separated or list, see `man 5 exports`)
### smb\_shares
The `smb_shares` variable is used to configure SMB shares. It should contain a
list of dictionaries of the following format:
Key | Default | Description
-----------|---------|------------
`name` | | Share name
`path` | | Share path
### nfs\_homedirs
The `nfs_homedirs` variable is used to configure user and group home
directories that should live on the host. It should contain a list of
dictionaries of the following format:
Key | Default | Description
-------------|--------------------------------|------------
`user` | | User name
`group` | | Group name
`priv_quota` | `{{ nfs_homedir_priv_quota }}` | `priv` directory quota
`pub_quota` | `{{ nfs_homedir_pub_quota }}` | `pub` directory quota
Specifying `user` creates a user home directory. Specifying `group` creates a
group home directory. You should not specify `user` and `group` at the same
time.
### nfs\_homedir\_clients
The `nfs_homedir_clients` variable is used to configure client access for home
directory exports. It should contain a list of dictionaries of the following
format:
Key | Default | Description
----------|------------|------------
`client` | | Client IP, CIDR, or hostname
`options` | `[]` | Export options (comma-separated or list, see `man 5 exports`)
Usage
-----
Example playbook:
````yaml
- hosts: nas1
roles:
- role: nfs_server
vars:
nfs_exports:
- dataset: tank/media/pictures
group: role-photo-admin
mode: 02770
acl:
- entity: role-photo-admin
etype: group
permissions: rwX
default: yes
options: rw,crossmnt
clients:
- client: 10.10.10.0/24
options: sec=krb5p
automount_map: auto.nfs_media
- dataset: tank/media/music
group: role-music-admin
mode: 02770
acl:
- entity: role-music-admin
etype: group
permissions: rwX
default: yes
- entity: role-music-access
etype: group
permissions: rX
default: yes
options: rw,crossmnt
clients:
- client: 10.10.10.0/24
options: sec=krb5p
automount_map: auto.nfs_media
nfs_homedir_clients:
- client: 10.10.10.0/24
options: sec=krb5p
- client: 10.10.11.0/24
options: sec=sys
nfs_homedirs:
- user: johndoe
priv_quota: 250G
- user: janedoe
priv_quota: 250G
- group: doefamily
priv_quota: 500G
smb_shares:
- name: media
path: /tank/media
````
|