Add tasks that configure NFS ganesha.

README.md

@@ -1,4 +1,4 @@
-Role Name
+basic-system-setup
 =========
 
 This role runs a set of tasks that perform some basic systems configurations
@@ -6,7 +6,9 @@ This role runs a set of tasks that perform some basic systems configurations
 Role Variables
 --------------
 
-timezone: 'Europe/Rome'
+```yaml
+See the `defaults/main.yml` file
+```
 
 License
 -------
@@ -16,4 +18,4 @@ EUPL-1.2
 Author Information
 ------------------
 
-An optional section for the role authors to include contact information, or a website (HTML is not allowed).
+Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>

defaults/main.yml

@@ -43,6 +43,48 @@ autofs_packages_el:
 autofs_maps: []
 #  - { map_name: 'data', mountpoint_prefix: '/', path: 'data', nfs_server: 'nfs.example.com', remote_export: '/export', is_home: False }
 
+nfs_server_enabled: False
+nfs_server_ganesha_enabled: '{{ nfs_server }}'
+
+nfs_server_ganesha_el_repos:
+  - centos-release-nfs-ganesha28
+  - centos-release-ceph-nautilus
+nfs_server_ganesha_el_pkgs:
+  - nfs-utils
+  - nfs4-acl-tools
+  - nfs-ganesha
+  - nfs-ganesha-vfs
+  - librados2
+
+nfs_server_ganesha_deb_pkgs:
+  - 'nfs-ganesha'
+  - 'nfs-ganesha-vfs'
+  - 'nfs-ganesha-xfs'
+
+#Protocols = 3,4,9P;
+nfs_server_ganesha_server_protocols: '4'
+nfs_server_ganesha_path_pseudo: False
+nfs_server_ganesha_mdcache: False
+nfs_server_ganesha_mdcache_hwmark: 100000
+nfs_server_ganesha_exports: []
+# name, id, path, pseudo_path, access_type (RW, RO), protocols (global), squash (true,false), disable_actl (true,false), sectype, fsal (VFS, XFS), clients
+# (*) indicate an optional parameter
+# - name: export_filename
+#   id: 1
+#   path: /export
+#   pseudo: /nfs_export
+#   access_type(*): 'RW'
+#   protocols(*): '{{ nfs_server_ganesha_server_protocols }}'
+#   squash(*): 'root_squash'
+#   disable_acl(*): 'false'
+#   sectype(*): 'sys'
+#   nfs_commit(*): 'false'
+#   delegations(*): 'none'
+#   fsal: 'VFS'
+#   clients:
+#     - host1
+#     - hostN
+
 # tmpreaper
 tmpreaper_install: False
 tmpreaper_protect_extra: ''

tasks/ganesha-nfs.yml

@@ -0,0 +1,73 @@
+---
+- name: Create the export directory trees
+  block:
+    - name: Create the directory of the nextcloud NFS export
+      ansible.builtin.file:
+        dest: '{{ san_nextcloud_data_directory_for_export }}'
+        state: directory
+        owner: root
+        group: root
+        mode: 0755
+
+  tags: [ 'san', 'nfs', 'storage', 'ganesha', 'ganesha_export' ]
+
+- name: Repositories and packages on EL
+  block:
+    - name: Install storage SIG repositories
+      ansible.builtin.yum:
+        name: '{{ nfs_server_ganesha_el_repos }}'
+        state: present
+
+    - name: Install the SAN NFS packages
+      ansible.builtin.yum:
+        name: '{{ san_nfs_packages }}'
+        state: present
+
+    - name: Install the files needed to produce a SELinux policy for ganesha
+      ansible.builtin.copy:
+        src: '{{ item }}'
+        dest: '/usr/local/lib/{{ item }}'
+        owner: root
+        group: root
+        mode: 0600
+      loop:
+        - ganesha_selinux.pp
+        - ganesha_selinux.te
+      register: ganesha_selinux_policy
+
+    - name: Generate the SELinux policy module
+      ansible.builtin.shell: semodule -i /usr/local/lib/ganesha_selinux.pp && touch /usr/local/lib/.ganesha_selinux
+      when: ganesha_selinux_policy is changed
+
+  when: ansible_distribution_file_variety == "RedHat"
+
+- name: Repositories and packages on Ubuntu/Debian
+  block:
+  - name: Install the nfs ganesha packages on deb systems
+    ansible.builtin.apt:
+      pkg: '{{ nfs_server_ganesha_deb_pkgs }}'
+      state: present
+      cache_valid_time: 1800
+
+  when: ansible_distribution_file_variety == "Debian"
+
+- name: Install and configure ganesha exports using the VFS backend 
+  block:
+    - name: Install the ganesha configuration files
+      template: src={{ item }}.j2 dest=/etc/ganesha/{{ item }} owner=root group=root mode=0644
+      loop: '{{ san_ganesha_conf_files }}'
+      register: ganesha_conf_files
+
+    - name: Install the ganesha export files
+      template: src={{ item }}.j2 dest=/etc/ganesha/{{ item }} owner=root group=root mode=0644
+      loop: '{{ san_ganesha_export_files }}'
+      register: ganesha_conf_files
+
+    - name: Ensure that ganesha is started and enabled
+      service: name=nfs-ganesha state=started enabled=yes
+
+    - name: Reload ganesha after a reconfiguration
+      service: name=nfs-ganesha state=reloaded
+      when: ganesha_conf_files is changed
+
+  tags: [ 'san', 'nfs', 'storage', 'ganesha', 'ganesha_conf' ]

tasks/main.yml

@@ -9,4 +9,5 @@
   when: autofs_client_mountpoint
 - import_tasks: tmpreaper.yml
 - import_tasks: trusted_ca.yml
-
+- ansible.builtin.import_tasks: ganesha-nfs.yml
+  when: nfs_server_ganesha_enabled

templates/ganesha-export.conf.j2

@@ -0,0 +1,40 @@
+EXPORT
+{
+        # Export Id (mandatory, each EXPORT must have a unique Export_Id)
+        Export_Id = {{ item.id }};
+
+        # Exported path (mandatory)
+        Path = {{ item.path }};
+
+        # Pseudo Path (required for NFS v4)
+        Pseudo = {{ item.pseudo }};
+
+        # Required for access (default is None)
+        # Could use CLIENT blocks instead
+        Access_Type = {{ item.access_type | default('RW') }};
+
+        ## Restrict the protocols that may use this export.  This cannot allow
+        ## access that is denied in NFS_CORE_PARAM.
+        Protocols = {{ nfs_server_ganesha_server_protocols | default('4') }};
+
+        ## Whether to squash various users.
+        Squash = {{ item.squash | default('root_squash') }};
+
+        NFS_Commit = {{ item.nfs_commit | default('false') }};
+
+        Delegations= {{ item.delegations | default('None') }};
+
+        Disable_ACL = {{ item.disable_acl | default('false') }};
+        ## Allowed security types for this export
+        Sectype = {{ item.sectype | default('sys') }};
+
+        # Exporting FSAL
+        FSAL {
+                Name = {{ item.fsal }};
+        }
+    CLIENT
+    {
+        Clients = {% for nfs_client in item.clients %}{{ nfs_client }}{% if not loop.last %},{% endif %}{% endfor %};
+        Access_Type = {{ item.access_type }};
+    }
+}

templates/ganesha.conf.j2

@@ -0,0 +1,26 @@
+## These are core parameters that affect Ganesha as a whole.
+NFS_CORE_PARAM {
+        {% if nfs_server_ganesha_path_pseudo %}
+        ## Allow NFSv3 to mount paths with the Pseudo path, the same as NFSv4,
+        ## instead of using the physical paths.
+        mount_path_pseudo = true;
+        {% endif %}
+
+        ## Configure the protocols that Ganesha will listen for.  This is a hard
+        ## limit, as this list determines which sockets are opened.  This list
+        ## can be restricted per export, but cannot be expanded.
+        #Protocols = 3,4,9P;
+        Protocols = {{ nfs_server_ganesha_server_protocols }};
+}
+
+{% if nfs_server_ganesha_mdcache %}
+## Configure settings for the object handle cache
+MDCACHE {
+        ## The point at which object cache entries will start being reused.
+        Entries_HWMark = {{ nfs_server_ganesha_mdcache_hwmark }};
+}
+{% endif %}
+
+{% for export_file in nfs_server_ganesha_exports %}
+%include "{{ export_file.name }}.conf"
+{% endfor %}