mod

2023-09-13 09:29:36 +03:00 · 2023-09-13 09:29:36 +03:00 · d9879d8e57
parent 7b892cbeb2
commit d9879d8e57
5 changed files with 96 additions and 25 deletions
--- a/ansible/08_3_nas_nfs.yml
+++ b/ansible/08_3_nas_nfs.yml
@ -0,0 +1,46 @@
+---
+
+- name: Создание NFS сервера
+  hosts: nastest
+
+  tasks:
+  - name: Установка пакетов {{ nas_nfs_server_pkgs }}
+    apt_rpm:
+      package: "{{ item }}"
+      state: present
+      update_cache: yes
+    loop: "{{ nas_nfs_server_pkgs }}"
+
+  - name: Переключение службы rpcbind для прослушивания внешних адресов
+    ansible.builtin.command:
+      cmd: "control rpcbind server"
+
+  - name: Включение SECURE_NFS
+    ansible.builtin.lineinfile:
+      path: /etc/sysconfig/nfs
+      create: true
+      line: SECURE_NFS=yes
+
+  - name: Создание разделяемого ресурса NFS
+    ansible.builtin.file:
+      path: "{{ nfs_share }}"
+      state: directory
+      mode: '0770'
+      group: "{{ nfs_share_grp }}"
+  
+  - name: Настройка файла экспорта для {{ nfs_share }}
+    ansible.builtin.lineinfile:
+      path: /etc/exports
+      line: "{{ nfs_share }} *(rw,no_subtree_check,sec=krb5:krb5i:krb5p)"
+
+  - name: Обновление данных экспорта
+    ansible.builtin.command:
+      cmd: exportfs -ar
+
+  - name: Перезапуск служб {{ nas_nfs_service }}
+    ansible.builtin.systemd:
+      name: "{{ item }}"
+      enabled: true
+      state: restarted
+      masked: false
+    loop: "{{ nas_nfs_service }}"
--- a/ansible/08_4_nas_clients.yml
+++ b/ansible/08_4_nas_clients.yml
@ -0,0 +1,18 @@
+---
+
+- name: Настройка клиентов NFS
+  hosts: testws
+
+  tasks:
+  - name: Установка пакетов {{ nas_nfs_client_pkgs }}
+    apt_rpm:
+      package: "{{ item }}"
+      state: present
+      update_cache: yes
+    loop: "{{ nas_nfs_client_pkgs }}"
+
+  - name: Запуск nfs-client.target
+    ansible.builtin.systemd:
+      name: nfs-client.target
+      enabled: true
+      state: restarted
--- a/ansible/group_vars/all/mutable_vars.yml
+++ b/ansible/group_vars/all/mutable_vars.yml
@ -15,4 +15,9 @@ dc_details:
  domain_suffix: lan
  admin: Administrator
  adminpass: P@ssw0rd
-  dns_forwarder: 77.88.8.8
+  dns_forwarder: 77.88.8.8
+
+# NFS
+nas_nfs_client_pkgs:
+  - nfs-utils
+  - nfs-clients
--- a/ansible/group_vars/nas/nas_vars.yml
+++ b/ansible/group_vars/nas/nas_vars.yml
@ -1,5 +1,6 @@
 # Переменные для настройки файлового сервера

+# переменные SMB
 nas_samba_pkg: samba

 nas_samba_service:
@ -8,4 +9,18 @@ nas_samba_service:

 smb_share: /share/sambashare
 smb_share_grp: "domain users"
-smb_conf_file: /etc/samba/smb.conf
+smb_conf_file: /etc/samba/smb.conf
+
+# переменные NFS
+nas_nfs_server_pkgs:
+  - nfs-server
+  - rpcbind
+  - nfs-clients
+
+nas_nfs_service:
+  - nfs-server
+  - rpcbind
+
+nfs_share: /share/nfsshare
+nfs_share_grp: "domain users"
+
--- a/ansible/roles/deploy_nas/README.md
+++ b/ansible/roles/deploy_nas/README.md
@ -1,38 +1,25 @@
-Role Name
+Deploy NAS
 =========

-A brief description of the role goes here.
+Роль разворачивает файловый сервер SMB, NFS с авторизацией Kerberos Samba DC.

-Requirements
+Требования
 ------------

-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+Поддерживается исключительно ОС Альт.
+Работоспособность проверена на Альт Сервер 10.1 x86-64.

-Role Variables
+Переменные
 --------------

-A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+Все переменные вынесены за пределы роли и расположены во внешней директории `group_vars`

-Dependencies
------------
-
-A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
-
-Example Playbook
----------------
-
-Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
-
-    - hosts: servers
-      roles:
-         - { role: username.rolename, x: 42 }
-
-License
+Лицензия
 -------

 BSD

-Author Information
+Автор
 ------------------

-An optional section for the role authors to include contact information, or a website (HTML is not allowed).
+Артём Долгий, [artem@da2001.ru](mailto:artem@da2001.ru)