foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nfs_server: Rename role

Browse source
This commit is contained in:
Timo Makinen 2022-02-25 00:41:47 +00:00
parent 4433eced1e
commit 26c6aca8f7
6 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

95
roles/nfs_server/files/mknfshomedir.sh Executable file
View file

@ -0,0 +1,95 @@
#!/bin/bash
set -e
LOCKFILE="/run/$(basename "$0").pid"
STATEFILE="/run/$(basename "$0").state"
_basedn="$(awk '{ if ($1 == "BASE") print $2 }' /etc/openldap/ldap.conf)"
if [ -z "$_basedn" ]; then
logger -i -t "$(basename "$0")" -p user.error -s \
"ERROR: Failed to get LDAP basedn" 1>&2
exit 1
fi
if [ $# -eq 1 ]; then
_filter="(&(automountKey=$1)(objectClass=automount))"
elif [ $# -eq 0 ]; then
_filter="(objectClass=automount)"
else
echo "Usage: $(basename "$0") [username]" 1>&2
exit 1
fi
if [ -f "$LOCKFILE" ]; then
if kill -0 "$(cat "${LOCKFILE}")" ; then
_started=" ($(stat --format='%y' "$LOCKFILE"))"
logger -i -t "$(basename "$0")" -p user.notice -s \
"ERROR: Lockfile exists${_started}"
exit 1
else
logger -i -t "$(basename "$0")" -p user.notice -s \
"WARN: Removing stale lock file"
fi
fi
trap 'rm -f ${LOCKFILE}' INT TERM EXIT
echo "$$" > "$LOCKFILE"
_state="$(
ldapsearch -Q -LLL -s base contextCSN | awk '
BEGIN { csn=0 }
{
if ($1 == "contextCSN:") {
val=substr($2, 0, 21);
if (val > csn) {
csn = val
}
}
}
END { print csn }
'
)"
if [ -f "$STATEFILE" ]; then
if [ "$_state" == "$(cat "$STATEFILE")" ]; then
exit 0
fi
fi
ldapsearch -Q -LLL -b "ou=People,${_basedn}" "$_filter" automountInformation | \
awk -v_hostname="$(hostname -f)" '{
if ($1 == "automountInformation:") {
split($2, _, ":");
if (_[1] == _hostname) {
print _[2];
}
}
}' | while read -r _target ; do
_user="$(basename "$_target")"
_basedir="$(dirname "$_target")"
[ -d "$_target" ] && continue
if ! getent passwd "$_user" > /dev/null 2>&1 ; then
logger -i -t "$(basename "$0")" -p user.error -s \
"ERROR: Cannot find user '${_user}'" 1>&2
continue
fi
if ! getent group "$_user" > /dev/null 2>&1 ; then
logger -i -t "$(basename "$0")" -p user.error -s \
"ERROR: Cannot find group '${_user}'" 1>&2
continue
fi
if [ ! -d "$_basedir" ]; then
logger -i -t "$(basename "$0")" -p user.error -s \
"ERROR: Cannot find base direcory '${_basedir}'"
continue
fi
logger -i -t "$(basename "$0")" -p user.info \
"Creating home directory '${_target}' for user '${_user}'"
install -d -o "$_user" -g "$_user" -m 0700 "$_target"
su "$_user" -s /bin/bash -c "umask 077 ; cp -r /etc/skel/. '${_target}'"
done
echo "$_state" > "$STATEFILE"

93
roles/nfs_server/files/mknfsroledir.sh Executable file
View file

@ -0,0 +1,93 @@
#!/bin/bash
set -e
LOCKFILE="/run/$(basename "$0").pid"
STATEFILE="/run/$(basename "$0").state"
_basedn="$(awk '{ if ($1 == "BASE") print $2 }' /etc/openldap/ldap.conf)"
if [ -z "$_basedn" ]; then
logger -i -t "$(basename "$0")" -p user.error -s \
"ERROR: Failed to get LDAP basedn" 1>&2
exit 1
fi
if [ $# -eq 1 ]; then
_filter="(&(automountKey=$1)(objectClass=automount))"
elif [ $# -eq 0 ]; then
_filter="(objectClass=automount)"
else
echo "Usage: $(basename "$0") [role]" 1>&2
exit 1
fi
if [ -f "$LOCKFILE" ]; then
if kill -0 "$(cat "${LOCKFILE}")" ; then
_started=" ($(stat --format='%y' "$LOCKFILE"))"
logger -i -t "$(basename "$0")" -p user.notice -s \
"ERROR: Lockfile exists${_started}"
exit 1
else
logger -i -t "$(basename "$0")" -p user.notice -s \
"WARN: Removing stale lock file"
fi
fi
trap 'rm -f ${LOCKFILE}' INT TERM EXIT
echo "$$" > "$LOCKFILE"
_state="$(
ldapsearch -Q -LLL -s base contextCSN | awk '
BEGIN { csn=0 }
{
if ($1 == "contextCSN:") {
val=substr($2, 0, 21);
if (val > csn) {
csn = val
}
}
}
END { print csn }
'
)"
if [ -f "$STATEFILE" ]; then
if [ "$_state" == "$(cat "$STATEFILE")" ]; then
exit 0
fi
fi
ldapsearch -Q -LLL -b "ou=Groups,${_basedn}" "$_filter" automountInformation | \
awk -v_hostname="$(hostname -f)" '{
if ($1 == "automountInformation:") {
split($2, _, ":");
if (_[1] == _hostname) {
print _[2];
}
}
}' | while read -r _target ; do
_role="$(basename "$_target")"
_basedir="$(dirname "$_target")"
[ -d "$_target" ] && continue
if ! getent group "$_role" > /dev/null 2>&1 ; then
logger -i -t "$(basename "$0")" -p user.error -s \
"ERROR: Cannot find group '${_role}'" 1>&2
continue
fi
if [ ! -d "$_basedir" ]; then
logger -i -t "$(basename "$0")" -p user.error -s \
"ERROR: Cannot find base direcory '${_basedir}'"
continue
fi
logger -i -t "$(basename "$0")" -p user.info \
"Creating role directory '${_target}' for role '${_role}'"
install -d -o root -g "$_role" -m 2751 "$_target"
install -d -o root -g "$_role" -m 2770 "${_target}/development"
install -d -o root -g "$_role" -m 2770 "${_target}/external"
install -d -o root -g "$_role" -m 2770 "${_target}/library"
install -d -o root -g "$_role" -m 2775 "${_target}/public"
done
echo "$_state" > "$STATEFILE"

5
roles/nfs_server/handlers/main.yml Normal file
View file

@ -0,0 +1,5 @@
---
- name: restart nfs-server
service:
name: nfs-server
state: restarted

3
roles/nfs_server/meta/main.yml Normal file
View file

@ -0,0 +1,3 @@
---
dependencies:
- {role: nfs-client}

44
roles/nfs_server/tasks/main.yml Normal file
View file

@ -0,0 +1,44 @@
---
- name: disable nfs versions 2 and 3
lineinfile:
path: /etc/nfs.conf
line: "{{ item }}=n"
regexp: '^(#\s*)?{{ item }}=.*'
with_items:
- vers2
- vers3
notify: restart nfs-server
- name: disable nfs over udp
lineinfile:
path: /etc/nfs.conf
line: "udp=n"
regexp: '^(#\s*)?udp=.*'
insertbefore: vers2=n
notify: restart nfs-server
- name: install home/role autocreate scripts
copy:
dest: "/usr/local/sbin/{{ item }}"
src: "{{ item }}.sh"
mode: 0755
owner: root
group: "{{ ansible_wheel }}"
with_items:
- mknfshomedir
- mknfsroledir
- name: add home/role autocreate cron jobs
cron:
name: "{{ item }}"
user: root
job: "/usr/local/sbin/{{ item }}"
with_items:
- mknfshomedir
- mknfsroledir
- name: enable nfs server services
service:
name: nfs-server
state: started
enabled: true