feat: configuration for nfs server

environments/development/allinone/group_vars/allinone.yml

@@ -87,13 +87,13 @@ irods_enable_gocommands: false
 irods_resources:
   - name: dev001_1
     host: "{{ irods_icat_fqdn }}"
-    vault_path: /var/lib/irods/Vault1_1
+    vault_path: /mnt/nfs/irods/Vault1_1
     resource_type: unixfilesystem
 
   - name: dev001_2
     resource_type: unixfilesystem
     host: "{{ irods_icat_fqdn }}"
-    vault_path: /var/lib/irods/Vault1_2
+    vault_path: /mnt/nfs/irods/Vault1_2
 
   - name: dev001_p1
     resource_type: passthru
@@ -119,7 +119,7 @@ irods_resources:
   - name: dev002_1
     resource_type: unixfilesystem
     host: "{{ irods_resource_fqdn }}"
-    vault_path: /var/lib/irods/Vault2_1
+    vault_path: /mnt/nfs/irods/Vault2_1
 
   - name: dev002_p1
     resource_type: passthru
@@ -177,6 +177,9 @@ s3_access_key: minioadmin
 s3_secret_key: minioadmin
 s3_hostname: localhost:9000
 
+# NFS server configuration
+enable_nfs_server: true
+
 # Mail notifications
 send_notifications: 1                         # Enable notifications: yes (1) or no (0)
 notifications_sender_email: [email protected] # Notifications sender email address

playbook.yml

@@ -122,6 +122,8 @@
       when: enable_s3_resource
     - role: minio
       when: enable_s3_resource and yoda_environment == "development"
+    - role: nfs_server
+      when: enable_nfs_server and yoda_environment == "development"
     - irods_microservices
     - irods_completion
     - irods_rodsadmin

roles/nfs_server/defaults/main.yml

@@ -0,0 +1,7 @@
+---
+# copyright Utrecht University
+
+nfs_exports: []
+
+nfs_rpcbind_state: started
+nfs_rpcbind_enabled: true

roles/nfs_server/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+# copyright Utrecht University
+
+- name: reload nfs
+  command: 'exportfs -ra'

roles/nfs_server/meta/main.yml

@@ -0,0 +1,25 @@
+---
+# copyright Utrecht University
+
+dependencies: []
+
+galaxy_info:
+  role_name: nfs
+  author: Leonidas Triantafyllou
+  description: NFS installation for Linux.
+  license: "license (BSD, MIT)"
+  min_ansible_version: 2.10
+  platforms:
+    - name: Debian
+      versions:
+        - all
+    - name: Ubuntu
+      versions:
+        - all
+  galaxy_tags:
+    - system
+    - nfs
+    - filesystem
+    - share
+    - nfsv4
+    - efs

roles/nfs_server/tasks/debian.yml

@@ -0,0 +1,9 @@
+---
+# copyright Utrecht University
+
+- name: Ensure NFS utilities are installed.
+  apt:
+    name:
+      - nfs-common
+      - nfs-kernel-server
+    state: present

roles/nfs_server/tasks/main.yml

@@ -0,0 +1,32 @@
+---
+# copyright Utrecht University
+
+- name: Include OS-specific variables.
+  include_vars: "{{ ansible_os_family | lower }}.yml"
+
+
+- name: Ensure setup/install tasks
+  include_tasks: "{{ ansible_os_family | lower }}.yml"
+
+
+- name: Extract vault paths for NFS exports, excluding /yoda and filtering by Vault and unixfilesystem
+  set_fact:
+    nfs_exports: "{{ irods_resources | selectattr('vault_path', 'defined') | selectattr('resource_type', 'equalto', 'unixfilesystem') | selectattr('vault_path', 'search', '^/mnt/nfs/irods/Vault') | map(attribute='vault_path') | list }}"
+
+
+- name: Copy exports file.
+  template:
+    src: exports.j2
+    dest: /etc/exports
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload nfs
+
+
+- name: Ensure NFS is running.
+  service:
+    name: "{{ nfs_server_daemon }}"
+    state: started
+    enabled: yes
+  when: nfs_exports | length > 0

roles/nfs_server/tasks/redhat.yml

@@ -0,0 +1,12 @@
+---
+# copyright Utrecht University
+
+- name: Ensure NFS utilities are installed.
+  package: name=nfs-utils state=present
+
+
+- name: Ensure rpcbind is running as configured.
+  service:
+    name: rpcbind
+    state: "{{ nfs_rpcbind_state }}"
+    enabled: "{{ nfs_rpcbind_enabled }}"

roles/nfs_server/templates/exports.j2

@@ -0,0 +1,13 @@
+# /etc/exports: the access control list for filesystems which may be exported
+#   to NFS clients.  See exports(5).
+#
+# Example for NFSv2 and NFSv3:
+# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
+#
+# Example for NFSv4:
+# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
+# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
+#
+{% for export in nfs_exports %}
+{{ export }}  *(rw,sync,no_subtree_check)
+{% endfor %}

roles/nfs_server/vars/debian.yml

@@ -0,0 +1,4 @@
+---
+# copyright Utrecht University
+
+nfs_server_daemon: nfs-kernel-server

roles/nfs_server/vars/redhat.yml

@@ -0,0 +1,4 @@
+---
+# copyright Utrecht University
+
+nfs_server_daemon: nfs-server