From 8e10c53974b4b87e483ed0dfec3946383aa071c7 Mon Sep 17 00:00:00 2001 From: Tim Bielawa Date: Fri, 15 Sep 2017 17:18:22 -0400 Subject: Import upstream templates. Do the work. Validate parameters. --- roles/openshift_nfs/README.md | 17 ++++++++++++ roles/openshift_nfs/defaults/main.yml | 8 ++++++ roles/openshift_nfs/meta/main.yml | 16 ++++++++++++ roles/openshift_nfs/tasks/create_export.yml | 34 ++++++++++++++++++++++++ roles/openshift_nfs/tasks/firewall.yml | 40 +++++++++++++++++++++++++++++ roles/openshift_nfs/tasks/setup.yml | 29 +++++++++++++++++++++ 6 files changed, 144 insertions(+) create mode 100644 roles/openshift_nfs/README.md create mode 100644 roles/openshift_nfs/defaults/main.yml create mode 100644 roles/openshift_nfs/meta/main.yml create mode 100644 roles/openshift_nfs/tasks/create_export.yml create mode 100644 roles/openshift_nfs/tasks/firewall.yml create mode 100644 roles/openshift_nfs/tasks/setup.yml (limited to 'roles/openshift_nfs') diff --git a/roles/openshift_nfs/README.md b/roles/openshift_nfs/README.md new file mode 100644 index 000000000..36ea36385 --- /dev/null +++ b/roles/openshift_nfs/README.md @@ -0,0 +1,17 @@ +OpenShift NFS +============= + +Sets up basic NFS services on a cluster host. + +See [tasks/create_export.yml](tasks/create_export.yml) for +instructions on using the export creation tasks file. + +License +------- + +Apache License, Version 2.0 + +Author Information +------------------ + +Tim Bielawa (tbielawa@redhat.com) diff --git a/roles/openshift_nfs/defaults/main.yml b/roles/openshift_nfs/defaults/main.yml new file mode 100644 index 000000000..ee94c7c57 --- /dev/null +++ b/roles/openshift_nfs/defaults/main.yml @@ -0,0 +1,8 @@ +--- +r_openshift_nfs_firewall_enabled: "{{ os_firewall_enabled | default(True) }}" +r_openshift_nfs_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}" + +r_openshift_nfs_os_firewall_deny: [] +r_openshift_nfs_firewall_allow: +- service: nfs + port: "2049/tcp" diff --git a/roles/openshift_nfs/meta/main.yml b/roles/openshift_nfs/meta/main.yml new file mode 100644 index 000000000..d7b5910f2 --- /dev/null +++ b/roles/openshift_nfs/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Tim Bielawa + description: OpenShift Basic NFS Configuration + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 2.2 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: lib_utils +- role: lib_os_firewall diff --git a/roles/openshift_nfs/tasks/create_export.yml b/roles/openshift_nfs/tasks/create_export.yml new file mode 100644 index 000000000..39323904f --- /dev/null +++ b/roles/openshift_nfs/tasks/create_export.yml @@ -0,0 +1,34 @@ +--- +# Makes a new NFS export +# +# Include signature +# +# include_role: +# role: openshift_nfs +# tasks_from: create_export +# vars: +# l_nfs_base_dir: Base dir to exports +# l_nfs_export_config: Name to prefix the .exports file with +# l_nfs_export_name: Name of sub-directory of the export +# l_nfs_options: Mount Options + +- name: Ensure CFME App NFS export directory exists + file: + path: "{{ l_nfs_base_dir }}/{{ l_nfs_export_name }}" + state: directory + mode: 0777 + owner: nfsnobody + group: nfsnobody + +- name: "Create {{ l_nfs_export_name }} NFS export" + lineinfile: + path: "/etc/exports.d/{{ l_nfs_export_config }}.exports" + create: true + state: present + line: "{{ l_nfs_base_dir }}/{{ l_nfs_export_name }} {{ l_nfs_options }}" + register: created_export + +- name: Re-export NFS filesystems + command: exportfs -ar + when: + - created_export | changed diff --git a/roles/openshift_nfs/tasks/firewall.yml b/roles/openshift_nfs/tasks/firewall.yml new file mode 100644 index 000000000..0898b2b5c --- /dev/null +++ b/roles/openshift_nfs/tasks/firewall.yml @@ -0,0 +1,40 @@ +--- +- when: r_openshift_nfs_firewall_enabled | bool and not r_openshift_nfs_use_firewalld | bool + block: + - name: Add iptables allow rules + os_firewall_manage_iptables: + name: "{{ item.service }}" + action: add + protocol: "{{ item.port.split('/')[1] }}" + port: "{{ item.port.split('/')[0] }}" + when: item.cond | default(True) + with_items: "{{ r_openshift_nfs_firewall_allow }}" + + - name: Remove iptables rules + os_firewall_manage_iptables: + name: "{{ item.service }}" + action: remove + protocol: "{{ item.port.split('/')[1] }}" + port: "{{ item.port.split('/')[0] }}" + when: item.cond | default(True) + with_items: "{{ r_openshift_nfs_os_firewall_deny }}" + +- when: r_openshift_nfs_firewall_enabled | bool and r_openshift_nfs_use_firewalld | bool + block: + - name: Add firewalld allow rules + firewalld: + port: "{{ item.port }}" + permanent: true + immediate: true + state: enabled + when: item.cond | default(True) + with_items: "{{ r_openshift_nfs_firewall_allow }}" + + - name: Remove firewalld allow rules + firewalld: + port: "{{ item.port }}" + permanent: true + immediate: true + state: disabled + when: item.cond | default(True) + with_items: "{{ r_openshift_nfs_os_firewall_deny }}" diff --git a/roles/openshift_nfs/tasks/setup.yml b/roles/openshift_nfs/tasks/setup.yml new file mode 100644 index 000000000..3070de495 --- /dev/null +++ b/roles/openshift_nfs/tasks/setup.yml @@ -0,0 +1,29 @@ +--- +- name: setup firewall + include: firewall.yml + static: yes + +- name: Install nfs-utils + package: name=nfs-utils state=present + +- name: Configure NFS + lineinfile: + dest: /etc/sysconfig/nfs + regexp: '^RPCNFSDARGS=.*$' + line: 'RPCNFSDARGS="-N 2 -N 3"' + register: nfs_config + +- name: Restart nfs-config + systemd: name=nfs-config state=restarted + when: nfs_config | changed + +- name: Ensure exports directory exists + file: + path: "{{ l_nfs_base_dir }}" + state: directory + +- name: Enable and start NFS services + systemd: + name: nfs-server + state: started + enabled: yes -- cgit v1.2.3