Puppet Class: cloudnfs::fileserver::exports

Defined in:
modules/cloudnfs/manifests/fileserver/exports.pp

Overview

sets up NFS exports on a labstore fileserver

Parameters:

  • server_vols (Array[String])
  • cinder_attached (Boolean) (defaults to: true)


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# File 'modules/cloudnfs/manifests/fileserver/exports.pp', line 2

class cloudnfs::fileserver::exports(
    Array[String] $server_vols,
    Boolean $cinder_attached = true,
){
    ensure_packages(['python3-yaml'])

    group { 'nfsmanager':
        ensure => present,
        name   => 'nfsmanager',
        system => true,
    }

    user { 'nfsmanager':
        home       => '/var/lib/nfsmanager',
        shell      => '/bin/bash',
        managehome => true,
        system     => true,
    }

    file { '/etc/exports.d':
        ensure => directory,
        owner  => 'root',
        group  => 'nfsmanager',
        mode   => '2775',
    }

    $safe_mkdir = sudo::safe_wildcard_cmd('/bin/mkdir -p', '/srv/*')
    $safe_rmdir = sudo::safe_wildcard_cmd('/bin/rmdir', '/srv/*')
    $chmod_mountpoints = inline_template("<%= @server_vols.map{|p| '/usr/bin/chmod * /srv/' + p }.join(', ') %>")

    sudo::user { 'nfsmanager':
        privileges => [
            "ALL = NOPASSWD: ${safe_mkdir}",
            "ALL = NOPASSWD: ${safe_rmdir}",
            'ALL = NOPASSWD: /usr/sbin/exportfs',
            "ALL = NOPASSWD: ${chmod_mountpoints}",
        ],
        require    => User['nfsmanager'],
    }

    file { '/etc/nfs-mounts.yaml':
        owner   => 'root',
        group   => 'root',
        mode    => '0444',
        content => template('labstore/nfs-mounts.yaml.erb'),
        require => [Package['python3'], Package['python3-yaml']],
        notify  => Service['nfs-exportd'],
    }

    file { '/usr/local/bin/nfs-exportd':
        owner  => 'root',
        group  => 'root',
        mode   => '0555',
        source => 'puppet:///modules/cloudnfs/nfs-exportd.py',
        notify => Service['nfs-exportd'],
    }

    file { '/etc/exports.bak':
        ensure  => directory,
        owner   => 'nfsmanager',
        group   => 'nfsmanager',
        require => File['/usr/local/bin/nfs-exportd'],
    }

    systemd::timer::job { 'archive_export_d':
        description => 'Regular jobs for archiving exports.d',
        command     => '/bin/cp -Rp /etc/exports.d /etc/exports.bak',
        user        => 'root',
        interval    => {'start' => 'OnCalendar', 'interval' => 'Mon *-*-* 0:00:00'},
        require     => File['/etc/exports.bak'],
    }

    file { '/usr/local/sbin/archive-project-volumes':
        owner  => 'root',
        group  => 'root',
        mode   => '0555',
        source => 'puppet:///modules/cloudnfs/archive-project-volumes.py',
    }



    if $cinder_attached {
        systemd::service { 'nfs-exportd':
            ensure    => 'present',
            content   => systemd_template('nfs-exportd'),
            require   => File['/usr/local/bin/nfs-exportd'],
            subscribe => File['/etc/novaobserver.yaml'],
        }
    } else {
        systemd::service { 'nfs-exportd':
            ensure         => 'present',
            content        => systemd_template('nfs-exportd'),
            require        => File['/usr/local/bin/nfs-exportd'],
            service_params => {
                ensure => 'stopped',
                enable => false,
            }
        }
    }

}