From 81ec6f92f400f667c2ce9d879396bfff00ec5bb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Sun, 15 Jul 2018 11:25:27 +0200 Subject: Add file store role --- modules/role/manifests/file_store.pp | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 modules/role/manifests/file_store.pp (limited to 'modules/role') diff --git a/modules/role/manifests/file_store.pp b/modules/role/manifests/file_store.pp new file mode 100644 index 0000000..1d3ee49 --- /dev/null +++ b/modules/role/manifests/file_store.pp @@ -0,0 +1,36 @@ +class role::file_store ( + Optional[Array] $nfs_mounts = ["cardano"], + Optional[String] $mountpoint = "/fichiers1", +) { + include "base_installation" + + include "profile::fstab" + include "profile::tools" + include "profile::monitoring" + + unless empty($mountpoint) { + class { "::nfs": + server_enabled => true, + nfs_v4 => true, + nfs_v4_export_root => '/exports', + nfs_v4_export_root_clients => 'localhost(rw)', + require => Mount[$mountpoint], + } + + $nfs_mounts.each |$nfs_mount| { + file { "$mountpoint/$nfs_mount": + ensure => "directory", + mode => "0755", + owner => "nobody", + group => "nobody", + require => Mount[$mountpoint], + } -> + nfs::server::export { "$mountpoint/$nfs_mount": + owner => "nobody", + group => "nobody", + ensure => "present", + clients => "immae.eu(rw,secure,sync,all_squash,sec=krb5p)", + } + } + } +} -- cgit v1.2.3 From 9fcc3f8faac4a24fb97fff87a4a49bf362967fa2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Mon, 13 Aug 2018 01:12:20 +0200 Subject: Add kerberos client profile --- modules/role/manifests/file_store.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'modules/role') diff --git a/modules/role/manifests/file_store.pp b/modules/role/manifests/file_store.pp index 1d3ee49..ec12d75 100644 --- a/modules/role/manifests/file_store.pp +++ b/modules/role/manifests/file_store.pp @@ -7,6 +7,7 @@ class role::file_store ( include "profile::fstab" include "profile::tools" include "profile::monitoring" + include "profile::kerberos::client" unless empty($mountpoint) { class { "::nfs": -- cgit v1.2.3 From 7f8c632757246813c0a9fdbf0c26ef036ff396be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Tue, 14 Aug 2018 19:23:47 +0200 Subject: Add wireguard profile --- modules/role/manifests/file_store.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'modules/role') diff --git a/modules/role/manifests/file_store.pp b/modules/role/manifests/file_store.pp index ec12d75..bf4afe7 100644 --- a/modules/role/manifests/file_store.pp +++ b/modules/role/manifests/file_store.pp @@ -8,6 +8,7 @@ class role::file_store ( include "profile::tools" include "profile::monitoring" include "profile::kerberos::client" + include "profile::wireguard" unless empty($mountpoint) { class { "::nfs": -- cgit v1.2.3 From 7d8c507fd252d822cc92ca2168d71f97805cc30a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Fri, 17 Aug 2018 17:40:59 +0200 Subject: Make mountpoints configurable --- modules/role/manifests/file_store.pp | 42 ++++++++++++++++++++++++++++-------- 1 file changed, 33 insertions(+), 9 deletions(-) (limited to 'modules/role') diff --git a/modules/role/manifests/file_store.pp b/modules/role/manifests/file_store.pp index bf4afe7..d1f6a67 100644 --- a/modules/role/manifests/file_store.pp +++ b/modules/role/manifests/file_store.pp @@ -1,5 +1,5 @@ class role::file_store ( - Optional[Array] $nfs_mounts = ["cardano"], + Optional[Hash] $nfs_mounts = {}, Optional[String] $mountpoint = "/fichiers1", ) { include "base_installation" @@ -7,7 +7,6 @@ class role::file_store ( include "profile::fstab" include "profile::tools" include "profile::monitoring" - include "profile::kerberos::client" include "profile::wireguard" unless empty($mountpoint) { @@ -19,19 +18,44 @@ class role::file_store ( require => Mount[$mountpoint], } - $nfs_mounts.each |$nfs_mount| { + $nfs_mounts.each |$nfs_mount, $hosts| { file { "$mountpoint/$nfs_mount": ensure => "directory", mode => "0755", owner => "nobody", group => "nobody", require => Mount[$mountpoint], - } -> - nfs::server::export { "$mountpoint/$nfs_mount": - owner => "nobody", - group => "nobody", - ensure => "present", - clients => "immae.eu(rw,secure,sync,all_squash,sec=krb5p)", + } + + $hosts.each |$host_cn| { + $host = find_host($facts["ldapvar"]["other"], $host_cn) + if empty($host) { + fail("No host found for nfs") + } elsif has_key($host["vars"], "wireguard_ip") { + $clients = sprintf("%s%s", + join($host["vars"]["wireguard_ip"], "(rw,secure,sync,all_squash) "), + "(rw,secure,sync,all_squash)") + nfs::server::export { "$mountpoint/$nfs_mount": + owner => "nobody", + group => "nobody", + ensure => "present", + clients => $clients, + } + } elsif has_key($host["vars"], "host") { + nfs::server::export { "$mountpoint/$nfs_mount": + owner => "nobody", + group => "nobody", + ensure => "present", + clients => "${host[vars][host][0]}(rw,secure,sync,all_squash)", + } + } else { + nfs::server::export { "$mountpoint/$nfs_mount": + owner => "nobody", + group => "nobody", + ensure => "present", + clients => "${host[vars][real_hostname][0]}(rw,secure,sync,all_squash)", + } + } } } } -- cgit v1.2.3