diff options
-rw-r--r-- | chaos-at-home/ch-prometheus.yml | 2 | ||||
-rw-r--r-- | inventory/host_vars/ch-prometheus.yml | 32 | ||||
-rw-r--r-- | roles/chaos-at-home/fileserver/defaults/main.yml | 37 | ||||
-rw-r--r-- | roles/chaos-at-home/fileserver/handlers/main.yml | 5 | ||||
-rw-r--r-- | roles/chaos-at-home/fileserver/tasks/main.yml | 64 |
5 files changed, 140 insertions, 0 deletions
diff --git a/chaos-at-home/ch-prometheus.yml b/chaos-at-home/ch-prometheus.yml index 756722dd..1cfa59c1 100644 --- a/chaos-at-home/ch-prometheus.yml +++ b/chaos-at-home/ch-prometheus.yml @@ -11,6 +11,7 @@ - role: zfs/base - role: apt-repo/spreadspace - role: zfs/sanoid + - role: chaos-at-home/fileserver - role: vm/host/base - role: vm/host/network - role: installer/debian/base @@ -37,3 +38,4 @@ sleep 2 systemctl restart libvirtd.service + systemctl restart nfs-kernel-server diff --git a/inventory/host_vars/ch-prometheus.yml b/inventory/host_vars/ch-prometheus.yml index 425411df..f06ecb85 100644 --- a/inventory/host_vars/ch-prometheus.yml +++ b/inventory/host_vars/ch-prometheus.yml @@ -86,3 +86,35 @@ zfs_sanoid_modules: use_template: production recursive: yes process_children_only: yes + + +fileserver_zfs_default_pool: storage +fileserver_zfs_filesystems: + archiv: + properties: + quota: 1T + buffer: + properties: + quota: 50G + home: + properties: + quota: 500G + export: no + movies: + properties: + quota: 1T + music: + properties: + quota: 500G + series: + properties: + quota: 4T + +fileserver_nfs_root: /srv/_nfs4_root_ +fileserver_nfs_default_options: + - rw + - sync + - root_squash + - no_subtree_check +fileserver_nfs_default_destinations: + - dest: "{{ network_zones.lan.prefix }}" diff --git a/roles/chaos-at-home/fileserver/defaults/main.yml b/roles/chaos-at-home/fileserver/defaults/main.yml new file mode 100644 index 00000000..8a4452ce --- /dev/null +++ b/roles/chaos-at-home/fileserver/defaults/main.yml @@ -0,0 +1,37 @@ +--- +# fileserver_zfs_default_pool: tank +# fileserver_zfs_filesystems: +# foo: +# pool: bar +# properties: +# quota: 100G +# export_as: bar +# export_to: +# - dest: 192.0.2.3/32 +# opts: +# - ro +# - async +# private: +# properties: +# quota: 100G +# export: no +# public: +# properties: +# quota: 100G + +fileserver_zfs_common_properties: + snapdir: visible + compression: lz4 + +# fileserver_nfs_root: /srv/exports +# fileserver_nfs_default_options: +# - ro +# - sync +# - root_squash +# fileserver_nfs_default_destinations: +# - dest: 192.0.2.0/24 +# - dest: 192.0.2.128/29 +# opts: +# - rw +# - sync +# - root_squash diff --git a/roles/chaos-at-home/fileserver/handlers/main.yml b/roles/chaos-at-home/fileserver/handlers/main.yml new file mode 100644 index 00000000..3ec0aded --- /dev/null +++ b/roles/chaos-at-home/fileserver/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart nfs-server + service: + name: nfs-kernel-server + state: restarted diff --git a/roles/chaos-at-home/fileserver/tasks/main.yml b/roles/chaos-at-home/fileserver/tasks/main.yml new file mode 100644 index 00000000..9cc20853 --- /dev/null +++ b/roles/chaos-at-home/fileserver/tasks/main.yml @@ -0,0 +1,64 @@ +--- +- name: create zfs filesystems + loop: "{{ fileserver_zfs_filesystems | dict2items }}" + loop_control: + label: "{{ item.value.pool | default(fileserver_zfs_default_pool) }}/{{ item.key }}" + zfs: + name: "{{ item.value.pool | default(fileserver_zfs_default_pool) }}/{{ item.key }}" + state: present + extra_zfs_properties: "{{ fileserver_zfs_common_properties | combine(item.value.properties | default({})) }}" + +- name: install nfs-server + apt: + name: nfs-kernel-server + state: present + + # rpc.statd is only needed for NFSv2 and NFSv3 +- name: disable rpc.statd + lineinfile: + path: /etc/default/nfs-common + regexp: '^NEED_STATD=' + line: 'NEED_STATD=no' + notify: restart nfs-server + +- name: disable NFSv2 and NFSv3 + lineinfile: + path: /etc/default/nfs-kernel-server + regexp: '^RPCMOUNTDOPTS="(.*?) ?(--no-nfs-version 2 --no-nfs-version 3)?"' + backrefs: yes + line: 'RPCMOUNTDOPTS="\1 --no-nfs-version 2 --no-nfs-version 3"' + notify: restart nfs-server + +- name: create export root directory + file: + path: "{{ fileserver_nfs_root }}" + state: directory + +- name: create bind mounts for all filesystems to be exported + loop: "{{ fileserver_zfs_filesystems | dict2items }}" + loop_control: + label: "{{ item.value.export_as | default(item.key) }}" + when: (item.value.export is not defined) or (item.value.export | bool) + mount: + src: "{{ zfs_zpools[(item.value.pool | default(fileserver_zfs_default_pool))].mountpoint }}/{{ item.key }}" + path: "{{ fileserver_nfs_root }}/{{ item.value.export_as | default(item.key) }}" + fstype: none + opts: defaults,bind,x-systemd.automount,nofail + state: mounted + notify: restart nfs-server + +- name: generate list of all export destinations + set_fact: + filesearver_nfs_all_destinations: "{{ fileserver_nfs_default_destinations | map(attribute='dest') | list | union(fileserver_zfs_filesystems | dict2items | selectattr('value.export_to', 'defined') | map(attribute='value.export_to') | flatten | map(attribute='dest') | list) | cidr_merge }}" + +- name: export filesystems + blockinfile: + path: /etc/exports + block: | + {{ fileserver_nfs_root }} {% for dest in filesearver_nfs_all_destinations %} {{ dest }}(ro,fsid=0,sync){% endfor %}{{ '' }} + {% for fs in (fileserver_zfs_filesystems | dict2items) %} + {% if (fs.value.export is not defined) or (fs.value.export | bool) %} + {{ fileserver_nfs_root }}/{{ fs.value.export_as | default(fs.key) }} {% for d in fs.value.export_to | default(fileserver_nfs_default_destinations) %} {{ d.dest }}({{ d.opts | default(fileserver_nfs_default_options) | join(',') }}){% endfor %}{{ '' }} + {% endif %} + {% endfor %} + notify: restart nfs-server |