Timo Makinen
da2440a2af
Use static ip for lan network for now to get NFS access to home directories. Still require kerberos for role directories.
46 lines
1.2 KiB
YAML
46 lines
1.2 KiB
YAML
---
|
|
- import_playbook: "include/deploy-kvm-guest.yml myhosts=nas"
|
|
|
|
- name: configure instance
|
|
hosts: nas
|
|
user: root
|
|
gather_facts: true
|
|
|
|
vars_files:
|
|
- "{{ ansible_private }}/vars.yml"
|
|
pre_tasks:
|
|
- name: mount /export
|
|
mount:
|
|
name: /export
|
|
src: LABEL=/export
|
|
fstype: xfs
|
|
opts: noatime
|
|
passno: "0"
|
|
dump: "0"
|
|
state: mounted
|
|
|
|
roles:
|
|
- base
|
|
- kerberos/client
|
|
- ldap/client
|
|
- ldap/nss
|
|
- nfs-server
|
|
- role: kerberos/keytab
|
|
principals: "nfs/{{ inventory_hostname }}@FOO.SH"
|
|
|
|
tasks:
|
|
- name: copy exports file
|
|
copy:
|
|
dest: /etc/exports
|
|
content: |
|
|
/export/home 172.20.30.22/32(rw,root_squash,secure) \
|
|
172.20.30.0/24(rw,root_squash,secure,sec=krb5p) \
|
|
@nfsclients-rw(rw,root_squash,secure) \
|
|
@nfsclients-ro(ro,root_squash,secure)
|
|
/export/roles 172.20.30.0/24(rw,root_squash,secure,sec=krb5p) \
|
|
@nfsclients-rw(rw,root_squash,secure) \
|
|
@nfsclients-ro(ro,root_squash,secure)
|
|
mode: 0644
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
notify: restart nfs-server
|