diff options
-rw-r--r-- | inventory/host_vars/ch-prometheus.yml | 68 | ||||
-rw-r--r-- | roles/chaos-at-home/fileserver/defaults/main.yml | 21 | ||||
-rw-r--r-- | roles/chaos-at-home/fileserver/tasks/main.yml | 67 |
3 files changed, 132 insertions, 24 deletions
diff --git a/inventory/host_vars/ch-prometheus.yml b/inventory/host_vars/ch-prometheus.yml index f06ecb85..b79cc586 100644 --- a/inventory/host_vars/ch-prometheus.yml +++ b/inventory/host_vars/ch-prometheus.yml @@ -88,33 +88,87 @@ zfs_sanoid_modules: process_children_only: yes + fileserver_zfs_default_pool: storage fileserver_zfs_filesystems: - archiv: + - name: archiv properties: quota: 1T - buffer: + owner: root + group: users + mode: "02775" + - name: buffer properties: quota: 50G - home: + owner: root + group: users + mode: "02775" + - name: home ## legacy properties: quota: 500G export: no - movies: + owner: root + group: root + mode: "0755" + - name: movies properties: quota: 1T - music: + owner: root + group: users + mode: "02775" + - name: music properties: quota: 500G - series: + owner: root + group: users + mode: "02775" + - name: series properties: quota: 4T + owner: root + group: users + mode: "02775" fileserver_nfs_root: /srv/_nfs4_root_ fileserver_nfs_default_options: - rw - - sync + - async - root_squash - no_subtree_check fileserver_nfs_default_destinations: - dest: "{{ network_zones.lan.prefix }}" + +fileserver_users: + equinox: + id: 1000 + groups: users + amun: + id: 1001 + groups: users + baum: + id: 1002 + groups: users + gimpf: + id: 1003 + groups: users + mel: + id: 1004 + groups: users + otti: + id: 1005 + groups: users + mama: + id: 1006 + groups: users + papa: + id: 1007 + groups: users + thor: + id: 1008 + groups: users + nenzen: + id: 1009 + groups: users + michisix: + id: 1010 + groups: users diff --git a/roles/chaos-at-home/fileserver/defaults/main.yml b/roles/chaos-at-home/fileserver/defaults/main.yml index 8a4452ce..aa9ee94b 100644 --- a/roles/chaos-at-home/fileserver/defaults/main.yml +++ b/roles/chaos-at-home/fileserver/defaults/main.yml @@ -1,21 +1,24 @@ --- # fileserver_zfs_default_pool: tank # fileserver_zfs_filesystems: -# foo: +# - name: foo # pool: bar # properties: # quota: 100G +# owner: root +# group: users +# mode: "02775" # export_as: bar # export_to: # - dest: 192.0.2.3/32 # opts: # - ro # - async -# private: +# - name: private # properties: # quota: 100G # export: no -# public: +# - name: public: # properties: # quota: 100G @@ -28,6 +31,7 @@ fileserver_zfs_common_properties: # - ro # - sync # - root_squash +# - crossmnt # fileserver_nfs_default_destinations: # - dest: 192.0.2.0/24 # - dest: 192.0.2.128/29 @@ -35,3 +39,14 @@ fileserver_zfs_common_properties: # - rw # - sync # - root_squash + +# fileserver_group_ids: +# foo: 10000 + +# fileserver_users: +# hugo: +# id: 1000 +# groups: +# - users +# seppi: +# id: 1001 diff --git a/roles/chaos-at-home/fileserver/tasks/main.yml b/roles/chaos-at-home/fileserver/tasks/main.yml index 9cc20853..2a780d26 100644 --- a/roles/chaos-at-home/fileserver/tasks/main.yml +++ b/roles/chaos-at-home/fileserver/tasks/main.yml @@ -1,12 +1,12 @@ --- - name: create zfs filesystems - loop: "{{ fileserver_zfs_filesystems | dict2items }}" + loop: "{{ fileserver_zfs_filesystems }}" loop_control: - label: "{{ item.value.pool | default(fileserver_zfs_default_pool) }}/{{ item.key }}" + label: "{{ item.pool | default(fileserver_zfs_default_pool) }}/{{ item.name }}" zfs: - name: "{{ item.value.pool | default(fileserver_zfs_default_pool) }}/{{ item.key }}" + name: "{{ item.pool | default(fileserver_zfs_default_pool) }}/{{ item.name }}" state: present - extra_zfs_properties: "{{ fileserver_zfs_common_properties | combine(item.value.properties | default({})) }}" + extra_zfs_properties: "{{ fileserver_zfs_common_properties | combine(item.properties | default({})) }}" - name: install nfs-server apt: @@ -35,13 +35,13 @@ state: directory - name: create bind mounts for all filesystems to be exported - loop: "{{ fileserver_zfs_filesystems | dict2items }}" + loop: "{{ fileserver_zfs_filesystems }}" loop_control: - label: "{{ item.value.export_as | default(item.key) }}" - when: (item.value.export is not defined) or (item.value.export | bool) + label: "{{ item.export_as | default(item.name) }}" + when: (item.export is not defined) or (item.export | bool) mount: - src: "{{ zfs_zpools[(item.value.pool | default(fileserver_zfs_default_pool))].mountpoint }}/{{ item.key }}" - path: "{{ fileserver_nfs_root }}/{{ item.value.export_as | default(item.key) }}" + src: "{{ zfs_zpools[(item.pool | default(fileserver_zfs_default_pool))].mountpoint }}/{{ item.name }}" + path: "{{ fileserver_nfs_root }}/{{ item.export_as | default(item.name) }}" fstype: none opts: defaults,bind,x-systemd.automount,nofail state: mounted @@ -49,16 +49,55 @@ - name: generate list of all export destinations set_fact: - filesearver_nfs_all_destinations: "{{ fileserver_nfs_default_destinations | map(attribute='dest') | list | union(fileserver_zfs_filesystems | dict2items | selectattr('value.export_to', 'defined') | map(attribute='value.export_to') | flatten | map(attribute='dest') | list) | cidr_merge }}" + filesearver_nfs_all_destinations: "{{ fileserver_nfs_default_destinations | map(attribute='dest') | list | union(fileserver_zfs_filesystems | selectattr('export_to', 'defined') | map(attribute='export_to') | flatten | map(attribute='dest') | list) | cidr_merge }}" - name: export filesystems blockinfile: path: /etc/exports block: | - {{ fileserver_nfs_root }} {% for dest in filesearver_nfs_all_destinations %} {{ dest }}(ro,fsid=0,sync){% endfor %}{{ '' }} - {% for fs in (fileserver_zfs_filesystems | dict2items) %} - {% if (fs.value.export is not defined) or (fs.value.export | bool) %} - {{ fileserver_nfs_root }}/{{ fs.value.export_as | default(fs.key) }} {% for d in fs.value.export_to | default(fileserver_nfs_default_destinations) %} {{ d.dest }}({{ d.opts | default(fileserver_nfs_default_options) | join(',') }}){% endfor %}{{ '' }} + {{ fileserver_nfs_root }} {% for dest in filesearver_nfs_all_destinations %} {{ dest }}(ro,fsid=0,sync,crossmnt){% endfor %}{{ '' }} + {% for fs in fileserver_zfs_filesystems %} + {% if (fs.export is not defined) or (fs.export | bool) %} + {{ fileserver_nfs_root }}/{{ fs.export_as | default(fs.name) }} {% for d in fs.export_to | default(fileserver_nfs_default_destinations) %} {{ d.dest }}({{ d.opts | default(fileserver_nfs_default_options) | join(',') }}){% endfor %}{{ '' }} {% endif %} {% endfor %} notify: restart nfs-server + +- name: create fileserver groups + loop: "{{ fileserver_group_ids | default({}) | dict2items }}" + loop_control: + label: "{{ item.key }}" + group: + name: "{{ item.key }}" + gid: "{{ item.value }}" + +- name: create conanical groups for fileserver users + loop: "{{ fileserver_users | default({}) | dict2items }}" + loop_control: + label: "{{ item.key }}" + group: + name: "{{ item.key }}" + gid: "{{ item.value.id | default(omit) }}" + state: present + +- name: create fileserver users + loop: "{{ fileserver_users | default({}) | dict2items }}" + loop_control: + label: "{{ item.key }}" + user: + name: "{{ item.key }}" + uid: "{{ item.value.id | default(omit) }}" + state: present + group: "{{ item.key }}" + groups: "{{ item.value.groups | default(omit) }}" + +- name: set filesystem root-dir permissions + loop: "{{ fileserver_zfs_filesystems }}" + loop_control: + label: "{{ item.pool | default(fileserver_zfs_default_pool) }}/{{ item.name }}" + when: item.owner is defined or item.group is defined or item.mode is defined + file: + path: "{{ zfs_zpools[(item.pool | default(fileserver_zfs_default_pool))].mountpoint }}/{{ item.name }}" + owner: "{{ item.owner | default(omit) }}" + group: "{{ item.group | default(omit) }}" + mode: "{{ item.mode | default(omit) }}" |