blob: 0241a6e60e775f589241d1ac969d6c2b6a9eb64c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
- name: create parent zfs datasets for home directories
zfs:
name: '{{ item }}'
state: present
loop:
- '{{ nfs_homedir_user_dataset }}'
- '{{ nfs_homedir_group_dataset }}'
- name: collect zfs mountpoints
shell: "zfs list -Hp -o name,mountpoint | sed 's/\t/: /'"
changed_when: false
register: zfs_list_mountpoints
- name: set zfs_mountpoints fact
set_fact:
zfs_mountpoints: '{{ zfs_list_mountpoints.stdout | from_yaml }}'
- name: set selinux context for home directories
sefcontext:
target: '{{ item }}'
setype: samba_share_t
state: present
loop:
- '{{ zfs_mountpoints[nfs_homedir_group_dataset] }}(/.*)?'
- '{{ zfs_mountpoints[nfs_homedir_user_dataset] }}(/.*)?'
register: nfs_homedir_sefcontext
- name: apply selinux context to home directories
command: 'restorecon -R {{ zfs_mountpoints[nfs_homedir_group_dataset] }} {{ zfs_mountpoints[nfs_homedir_user_dataset] }}'
when: nfs_homedir_sefcontext.changed
- name: check which home directories already exist
stat:
path: '{{ zfs_mountpoints[nfs_homedir_group_dataset if item.group is defined else nfs_homedir_user_dataset] }}/{{ item.group if item.group is defined else item.user }}/priv'
loop: '{{ nfs_homedirs }}'
register: nfs_homedir_stat
- name: create zfs datasets for public home directories
zfs:
name: '{{ nfs_homedir_group_dataset if item.group is defined else nfs_homedir_user_dataset }}/{{ item.group if item.group is defined else item.user }}/pub'
state: present
extra_zfs_properties:
refquota: '{{ item.pub_quota | default(nfs_homedir_pub_quota) }}'
loop: '{{ nfs_homedirs }}'
loop_control:
label: '{{ item }}'
- name: create zfs datasets for private home directories
zfs:
name: '{{ nfs_homedir_group_dataset if item.group is defined else nfs_homedir_user_dataset }}/{{ item.group if item.group is defined else item.user }}/priv'
state: present
extra_zfs_properties:
refquota: '{{ item.priv_quota | default(nfs_homedir_priv_quota) }}'
loop: '{{ nfs_homedirs }}'
loop_control:
label: '{{ item }}'
- name: copy skel files into any newly-created home directories
copy:
src: /etc/skel/
dest: '{{ zfs_mountpoints[nfs_homedir_user_dataset] }}/{{ item.user }}/priv'
remote_src: yes
owner: '{{ item.user }}'
group: '{{ item.user }}'
mode: preserve
when:
- item.user is defined
- not nfs_homedir_stat.results[index].stat.exists
loop: '{{ nfs_homedirs }}'
loop_control:
index_var: index
- name: set directory permissions for user home directories
file:
path: "{{ zfs_mountpoints[nfs_homedir_user_dataset] }}/{{ item.0 }}/{{ item.1.name }}"
state: directory
owner: '{{ item.0 }}'
group: '{{ item.0 }}'
mode: '{{ item.1.mode }}'
setype: _default
loop: "{{ nfs_homedirs | selectattr('user', 'defined') | map(attribute='user') | product(subdirs) }}"
vars:
subdirs:
- { name: pub, mode: '755' }
- { name: priv, mode: '700' }
- name: set directory permissions for group directories
file:
path: "{{ zfs_mountpoints[nfs_homedir_group_dataset] }}/{{ item.0 }}/{{ item.1.name }}"
state: directory
owner: root
group: '{{ item.0 }}'
mode: '{{ item.1.mode }}'
setype: _default
loop: "{{ nfs_homedirs | selectattr('group', 'defined') | map(attribute='group') | product(subdirs) }}"
vars:
subdirs:
- { name: pub, mode: '02775' }
- { name: priv, mode: '02770' }
- name: set directory ACLs for group directories
acl:
path: '{{ zfs_mountpoints[nfs_homedir_group_dataset] }}/{{ item.0 }}/{{ item.1 }}'
default: yes
entity: '{{ item.0 }}'
etype: group
permissions: rwX
recalculate_mask: mask
state: present
loop: "{{ nfs_homedirs | selectattr('group', 'defined') | map(attribute='group') | product(['pub', 'priv']) }}"
loop_control:
label: '{{ item.0 }}: {{ item.1 }}'
|