YDA-6166: experimental support for NFS resources

UtrechtUniversity · Feb 26, 2025 · 16577f2 · 16577f2
1 parent 97b18c1
commit 16577f2
Show file tree

Hide file tree

Showing 12 changed files with 194 additions and 3 deletions.
diff --git a/environments/development/allinone/group_vars/allinone.yml b/environments/development/allinone/group_vars/allinone.yml
@@ -98,13 +98,13 @@ irods_enable_gocommands: false
 irods_resources:
   - name: dev001_1
     host: "{{ irods_icat_fqdn }}"
-    vault_path: /var/lib/irods/Vault1_1
+    vault_path: /nfs/Vault1_1
     resource_type: unixfilesystem
 
   - name: dev001_2
     resource_type: unixfilesystem
     host: "{{ irods_icat_fqdn }}"
-    vault_path: /var/lib/irods/Vault1_2
+    vault_path: /nfs/Vault1_2
 
   - name: dev001_p1
     resource_type: passthru
@@ -130,7 +130,7 @@ irods_resources:
   - name: dev002_1
     resource_type: unixfilesystem
     host: "{{ irods_resource_fqdn }}"
-    vault_path: /var/lib/irods/Vault2_1
+    vault_path: /nfs/Vault2_1
 
   - name: dev002_p1
     resource_type: passthru
@@ -187,6 +187,16 @@ s3_access_key: minioadmin
 s3_secret_key: minioadmin
 s3_hostname: localhost:9000
 
+# NFS configuration
+enable_nfs_resource: true
+nfs_mounts:
+  - src: "{{ ansible_host }}:/var/nfs/Vault1_1"
+    path: "/nfs/Vault1_1"
+  - src: "{{ ansible_host }}:/var/nfs/Vault1_2"
+    path: "/nfs/Vault1_2"
+  - src: "{{ ansible_host }}:/var/nfs/Vault2_1"
+    path: "/nfs/Vault2_1"
+
 # Mail notifications
 send_notifications: 1                         # Enable notifications: yes (1) or no (0)
 notifications_sender_email: noreply@yoda.test # Notifications sender email address

diff --git a/playbook.yml b/playbook.yml
@@ -122,6 +122,10 @@
       when: enable_s3_resource
     - role: minio
       when: enable_s3_resource and yoda_environment == "development"
+    - role: nfs_server
+      when: enable_nfs_resource and yoda_environment == "development"
+    - role: nfs_client
+      when: enable_nfs_resource
     - irods_microservices
     - irods_completion
     - irods_rodsadmin
@@ -164,6 +168,8 @@
     - irods_resource
     - role: irods_resource_plugin_s3
       when: enable_s3_resource
+    - role: nfs_client
+      when: enable_nfs_resource
     - irods_runtime
     - irods_microservices
     - irods_completion

diff --git a/roles/nfs_client/defaults/main.yml b/roles/nfs_client/defaults/main.yml
@@ -0,0 +1,13 @@
+---
+# copyright Utrecht University
+
+nfs_mounts:
+
+# Example configuration for development environment.
+# nfs_mounts:
+#   - src: "{{ ansible_host }}:/var/nfs/Vault1_1"
+#    path: "/nfs/Vault1_1"
+#  - src: "{{ ansible_host }}:/var/nfs/Vault1_2"
+#    path: "/nfs/Vault1_2"
+#  - src: "{{ ansible_host }}:/var/nfs/Vault2_1"
+#    path: "/nfs/Vault2_1"
diff --git a/roles/nfs_client/meta/main.yml b/roles/nfs_client/meta/main.yml
@@ -0,0 +1,13 @@
+---
+# copyright Utrecht University
+
+galaxy_info:
+  author: Leonidas Triantafyllou
+  description: Install NFS client
+  license: GPLv3
+  min_ansible_version: '2.16'
+  platforms:
+    - name: EL
+      version: 9
+    - name: Ubuntu
+      version: noble
diff --git a/roles/nfs_client/tasks/main.yml b/roles/nfs_client/tasks/main.yml
@@ -0,0 +1,37 @@
+---
+# copyright Utrecht University
+
+- name: Ensure NFS utilities are installed (Debian)
+  ansible.builtin.package:
+    name: nfs-common
+    state: present
+  when: ansible_os_family == 'Debian'
+
+
+- name: Ensure NFS utilities are installed (RedHat)
+  ansible.builtin.package:
+    name: nfs-utils
+    state: present
+  when: ansible_os_family == 'RedHat'
+
+
+- name: Ensure NFS mount points exist
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    owner: irods
+    group: irods
+    mode: '0755'
+  loop: "{{ nfs_mounts if nfs_mounts is iterable else [] }}"
+
+
+- name: Ensure NFS shares are mounted and present in /etc/fstab
+  ansible.posix.mount:
+    path: "{{ item.path }}"
+    src: "{{ item.src }}"
+    fstype: nfs
+    opts: rw,sync,hard,intr
+    state: mounted
+    dump: 0
+    passno: 0
+  loop: "{{ nfs_mounts if nfs_mounts is iterable else [] }}"
diff --git a/roles/nfs_server/defaults/main.yml b/roles/nfs_server/defaults/main.yml
@@ -0,0 +1,10 @@
+---
+# copyright Utrecht University
+
+nfs_export_base: "/var/nfs"
+
+# NFS exports for development environment.
+nfs_exports:
+  - "{{ nfs_export_base }}/Vault1_1"
+  - "{{ nfs_export_base }}/Vault1_2"
+  - "{{ nfs_export_base }}/Vault2_1"
diff --git a/roles/nfs_server/handlers/main.yml b/roles/nfs_server/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+# copyright Utrecht University
+
+- name: Reload NFS
+  ansible.builtin.command: 'exportfs -ra'
+  changed_when: false
+  when: nfs_exports | length > 0
diff --git a/roles/nfs_server/meta/main.yml b/roles/nfs_server/meta/main.yml
@@ -0,0 +1,13 @@
+---
+# copyright Utrecht University
+
+galaxy_info:
+  author: Leonidas Triantafyllou
+  description: Install NFS server
+  license: GPLv3
+  min_ansible_version: '2.16'
+  platforms:
+    - name: EL
+      version: 9
+    - name: Ubuntu
+      version: noble
diff --git a/roles/nfs_server/tasks/main.yml b/roles/nfs_server/tasks/main.yml
@@ -0,0 +1,61 @@
+---
+# copyright Utrecht University
+
+- name: Include OS-specific variables
+  ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
+
+
+- name: Ensure NFS server is installed (Debian)
+  ansible.builtin.package:
+    name: nfs-kernel-server
+    state: present
+  when: ansible_os_family == 'Debian'
+
+
+- name: Ensure NFS utilities are installed (RedHat)
+  ansible.builtin.package:
+    name: nfs-utils
+    state: present
+  when: ansible_os_family == 'RedHat'
+
+
+- name: Ensure NFS share directories exist
+  ansible.builtin.file:
+    path: /var/nfs
+    state: directory
+    owner: irods
+    group: irods
+    mode: '0755'
+
+
+- name: Ensure NFS share directories exist
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: irods
+    group: irods
+    mode: '0755'
+  loop: "{{ nfs_exports if nfs_exports is iterable else [] }}"
+
+
+- name: Ensure NFS exports are configured
+  ansible.builtin.template:
+    src: exports.j2
+    dest: /etc/exports
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Reload NFS
+  when: nfs_exports is iterable
+
+
+- name: Ensure NFS deamon is running
+  ansible.builtin.service:
+    name: "{{ nfs_server_daemon }}"
+    state: started
+    enabled: true
+  when: nfs_exports is iterable
+
+
+- name: Flush handlers to apply NFS exports
+  ansible.builtin.meta: flush_handlers
diff --git a/roles/nfs_server/templates/exports.j2 b/roles/nfs_server/templates/exports.j2
@@ -0,0 +1,13 @@
+# /etc/exports: the access control list for filesystems which may be exported
+#   to NFS clients.  See exports(5).
+#
+# Example for NFSv2 and NFSv3:
+# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
+#
+# Example for NFSv4:
+# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
+# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
+#
+{% for export in nfs_exports %}
+{{ export }}  *(rw,sync,no_subtree_check)
+{% endfor %}
diff --git a/roles/nfs_server/vars/Debian.yml b/roles/nfs_server/vars/Debian.yml
@@ -0,0 +1,4 @@
+---
+# copyright Utrecht University
+
+nfs_server_daemon: nfs-kernel-server
diff --git a/roles/nfs_server/vars/RedHat.yml b/roles/nfs_server/vars/RedHat.yml
@@ -0,0 +1,4 @@
+---
+# copyright Utrecht University
+
+nfs_server_daemon: nfs-server