From 16577f2437979b017f5aec7b0fc912eeadb1c434 Mon Sep 17 00:00:00 2001 From: leonidastri Date: Mon, 17 Feb 2025 11:29:35 +0100 Subject: [PATCH 1/2] YDA-6166: experimental support for NFS resources --- .../allinone/group_vars/allinone.yml | 16 ++++- playbook.yml | 6 ++ roles/nfs_client/defaults/main.yml | 13 ++++ roles/nfs_client/meta/main.yml | 13 ++++ roles/nfs_client/tasks/main.yml | 37 +++++++++++ roles/nfs_server/defaults/main.yml | 10 +++ roles/nfs_server/handlers/main.yml | 7 +++ roles/nfs_server/meta/main.yml | 13 ++++ roles/nfs_server/tasks/main.yml | 61 +++++++++++++++++++ roles/nfs_server/templates/exports.j2 | 13 ++++ roles/nfs_server/vars/Debian.yml | 4 ++ roles/nfs_server/vars/RedHat.yml | 4 ++ 12 files changed, 194 insertions(+), 3 deletions(-) create mode 100644 roles/nfs_client/defaults/main.yml create mode 100644 roles/nfs_client/meta/main.yml create mode 100644 roles/nfs_client/tasks/main.yml create mode 100644 roles/nfs_server/defaults/main.yml create mode 100644 roles/nfs_server/handlers/main.yml create mode 100644 roles/nfs_server/meta/main.yml create mode 100644 roles/nfs_server/tasks/main.yml create mode 100644 roles/nfs_server/templates/exports.j2 create mode 100644 roles/nfs_server/vars/Debian.yml create mode 100644 roles/nfs_server/vars/RedHat.yml diff --git a/environments/development/allinone/group_vars/allinone.yml b/environments/development/allinone/group_vars/allinone.yml index a1966d19d..8ab08f2be 100644 --- a/environments/development/allinone/group_vars/allinone.yml +++ b/environments/development/allinone/group_vars/allinone.yml @@ -98,13 +98,13 @@ irods_enable_gocommands: false irods_resources: - name: dev001_1 host: "{{ irods_icat_fqdn }}" - vault_path: /var/lib/irods/Vault1_1 + vault_path: /nfs/Vault1_1 resource_type: unixfilesystem - name: dev001_2 resource_type: unixfilesystem host: "{{ irods_icat_fqdn }}" - vault_path: /var/lib/irods/Vault1_2 + vault_path: /nfs/Vault1_2 - name: dev001_p1 resource_type: passthru @@ -130,7 +130,7 @@ irods_resources: - name: dev002_1 resource_type: unixfilesystem host: "{{ irods_resource_fqdn }}" - vault_path: /var/lib/irods/Vault2_1 + vault_path: /nfs/Vault2_1 - name: dev002_p1 resource_type: passthru @@ -187,6 +187,16 @@ s3_access_key: minioadmin s3_secret_key: minioadmin s3_hostname: localhost:9000 +# NFS configuration +enable_nfs_resource: true +nfs_mounts: + - src: "{{ ansible_host }}:/var/nfs/Vault1_1" + path: "/nfs/Vault1_1" + - src: "{{ ansible_host }}:/var/nfs/Vault1_2" + path: "/nfs/Vault1_2" + - src: "{{ ansible_host }}:/var/nfs/Vault2_1" + path: "/nfs/Vault2_1" + # Mail notifications send_notifications: 1 # Enable notifications: yes (1) or no (0) notifications_sender_email: noreply@yoda.test # Notifications sender email address diff --git a/playbook.yml b/playbook.yml index 9904b97a9..073265f69 100644 --- a/playbook.yml +++ b/playbook.yml @@ -122,6 +122,10 @@ when: enable_s3_resource - role: minio when: enable_s3_resource and yoda_environment == "development" + - role: nfs_server + when: enable_nfs_resource and yoda_environment == "development" + - role: nfs_client + when: enable_nfs_resource - irods_microservices - irods_completion - irods_rodsadmin @@ -164,6 +168,8 @@ - irods_resource - role: irods_resource_plugin_s3 when: enable_s3_resource + - role: nfs_client + when: enable_nfs_resource - irods_runtime - irods_microservices - irods_completion diff --git a/roles/nfs_client/defaults/main.yml b/roles/nfs_client/defaults/main.yml new file mode 100644 index 000000000..5f7f47e1e --- /dev/null +++ b/roles/nfs_client/defaults/main.yml @@ -0,0 +1,13 @@ +--- +# copyright Utrecht University + +nfs_mounts: + +# Example configuration for development environment. +# nfs_mounts: +# - src: "{{ ansible_host }}:/var/nfs/Vault1_1" +# path: "/nfs/Vault1_1" +# - src: "{{ ansible_host }}:/var/nfs/Vault1_2" +# path: "/nfs/Vault1_2" +# - src: "{{ ansible_host }}:/var/nfs/Vault2_1" +# path: "/nfs/Vault2_1" diff --git a/roles/nfs_client/meta/main.yml b/roles/nfs_client/meta/main.yml new file mode 100644 index 000000000..bc81d4d66 --- /dev/null +++ b/roles/nfs_client/meta/main.yml @@ -0,0 +1,13 @@ +--- +# copyright Utrecht University + +galaxy_info: + author: Leonidas Triantafyllou + description: Install NFS client + license: GPLv3 + min_ansible_version: '2.16' + platforms: + - name: EL + version: 9 + - name: Ubuntu + version: noble diff --git a/roles/nfs_client/tasks/main.yml b/roles/nfs_client/tasks/main.yml new file mode 100644 index 000000000..f30a1bd16 --- /dev/null +++ b/roles/nfs_client/tasks/main.yml @@ -0,0 +1,37 @@ +--- +# copyright Utrecht University + +- name: Ensure NFS utilities are installed (Debian) + ansible.builtin.package: + name: nfs-common + state: present + when: ansible_os_family == 'Debian' + + +- name: Ensure NFS utilities are installed (RedHat) + ansible.builtin.package: + name: nfs-utils + state: present + when: ansible_os_family == 'RedHat' + + +- name: Ensure NFS mount points exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + owner: irods + group: irods + mode: '0755' + loop: "{{ nfs_mounts if nfs_mounts is iterable else [] }}" + + +- name: Ensure NFS shares are mounted and present in /etc/fstab + ansible.posix.mount: + path: "{{ item.path }}" + src: "{{ item.src }}" + fstype: nfs + opts: rw,sync,hard,intr + state: mounted + dump: 0 + passno: 0 + loop: "{{ nfs_mounts if nfs_mounts is iterable else [] }}" diff --git a/roles/nfs_server/defaults/main.yml b/roles/nfs_server/defaults/main.yml new file mode 100644 index 000000000..930378ea1 --- /dev/null +++ b/roles/nfs_server/defaults/main.yml @@ -0,0 +1,10 @@ +--- +# copyright Utrecht University + +nfs_export_base: "/var/nfs" + +# NFS exports for development environment. +nfs_exports: + - "{{ nfs_export_base }}/Vault1_1" + - "{{ nfs_export_base }}/Vault1_2" + - "{{ nfs_export_base }}/Vault2_1" diff --git a/roles/nfs_server/handlers/main.yml b/roles/nfs_server/handlers/main.yml new file mode 100644 index 000000000..1a002e9c8 --- /dev/null +++ b/roles/nfs_server/handlers/main.yml @@ -0,0 +1,7 @@ +--- +# copyright Utrecht University + +- name: Reload NFS + ansible.builtin.command: 'exportfs -ra' + changed_when: false + when: nfs_exports | length > 0 diff --git a/roles/nfs_server/meta/main.yml b/roles/nfs_server/meta/main.yml new file mode 100644 index 000000000..473da19a9 --- /dev/null +++ b/roles/nfs_server/meta/main.yml @@ -0,0 +1,13 @@ +--- +# copyright Utrecht University + +galaxy_info: + author: Leonidas Triantafyllou + description: Install NFS server + license: GPLv3 + min_ansible_version: '2.16' + platforms: + - name: EL + version: 9 + - name: Ubuntu + version: noble diff --git a/roles/nfs_server/tasks/main.yml b/roles/nfs_server/tasks/main.yml new file mode 100644 index 000000000..8e49d898f --- /dev/null +++ b/roles/nfs_server/tasks/main.yml @@ -0,0 +1,61 @@ +--- +# copyright Utrecht University + +- name: Include OS-specific variables + ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" + + +- name: Ensure NFS server is installed (Debian) + ansible.builtin.package: + name: nfs-kernel-server + state: present + when: ansible_os_family == 'Debian' + + +- name: Ensure NFS utilities are installed (RedHat) + ansible.builtin.package: + name: nfs-utils + state: present + when: ansible_os_family == 'RedHat' + + +- name: Ensure NFS share directories exist + ansible.builtin.file: + path: /var/nfs + state: directory + owner: irods + group: irods + mode: '0755' + + +- name: Ensure NFS share directories exist + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: irods + group: irods + mode: '0755' + loop: "{{ nfs_exports if nfs_exports is iterable else [] }}" + + +- name: Ensure NFS exports are configured + ansible.builtin.template: + src: exports.j2 + dest: /etc/exports + owner: root + group: root + mode: '0644' + notify: Reload NFS + when: nfs_exports is iterable + + +- name: Ensure NFS deamon is running + ansible.builtin.service: + name: "{{ nfs_server_daemon }}" + state: started + enabled: true + when: nfs_exports is iterable + + +- name: Flush handlers to apply NFS exports + ansible.builtin.meta: flush_handlers diff --git a/roles/nfs_server/templates/exports.j2 b/roles/nfs_server/templates/exports.j2 new file mode 100644 index 000000000..3dd67f868 --- /dev/null +++ b/roles/nfs_server/templates/exports.j2 @@ -0,0 +1,13 @@ +# /etc/exports: the access control list for filesystems which may be exported +# to NFS clients. See exports(5). +# +# Example for NFSv2 and NFSv3: +# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check) +# +# Example for NFSv4: +# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check) +# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check) +# +{% for export in nfs_exports %} +{{ export }} *(rw,sync,no_subtree_check) +{% endfor %} diff --git a/roles/nfs_server/vars/Debian.yml b/roles/nfs_server/vars/Debian.yml new file mode 100644 index 000000000..9c01b2b70 --- /dev/null +++ b/roles/nfs_server/vars/Debian.yml @@ -0,0 +1,4 @@ +--- +# copyright Utrecht University + +nfs_server_daemon: nfs-kernel-server diff --git a/roles/nfs_server/vars/RedHat.yml b/roles/nfs_server/vars/RedHat.yml new file mode 100644 index 000000000..dff7f0086 --- /dev/null +++ b/roles/nfs_server/vars/RedHat.yml @@ -0,0 +1,4 @@ +--- +# copyright Utrecht University + +nfs_server_daemon: nfs-server From c073860700f8ae0d76a1bb0d1828191b6a110ace Mon Sep 17 00:00:00 2001 From: Lazlo Westerhof Date: Fri, 28 Feb 2025 09:14:06 +0100 Subject: [PATCH 2/2] YDA-6166: only mount NFS shares if host matches --- .../development/allinone/group_vars/allinone.yml | 9 ++++++--- roles/nfs_client/defaults/main.yml | 9 ++++++--- roles/nfs_client/tasks/main.yml | 2 ++ 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/environments/development/allinone/group_vars/allinone.yml b/environments/development/allinone/group_vars/allinone.yml index 8ab08f2be..c46ad4230 100644 --- a/environments/development/allinone/group_vars/allinone.yml +++ b/environments/development/allinone/group_vars/allinone.yml @@ -190,11 +190,14 @@ s3_hostname: localhost:9000 # NFS configuration enable_nfs_resource: true nfs_mounts: - - src: "{{ ansible_host }}:/var/nfs/Vault1_1" + - host: combined.yoda.test + src: "{{ ansible_host }}:/var/nfs/Vault1_1" path: "/nfs/Vault1_1" - - src: "{{ ansible_host }}:/var/nfs/Vault1_2" + - host: combined.yoda.test + src: "{{ ansible_host }}:/var/nfs/Vault1_2" path: "/nfs/Vault1_2" - - src: "{{ ansible_host }}:/var/nfs/Vault2_1" + - host: combined.yoda.test + src: "{{ ansible_host }}:/var/nfs/Vault2_1" path: "/nfs/Vault2_1" # Mail notifications diff --git a/roles/nfs_client/defaults/main.yml b/roles/nfs_client/defaults/main.yml index 5f7f47e1e..3e7e22676 100644 --- a/roles/nfs_client/defaults/main.yml +++ b/roles/nfs_client/defaults/main.yml @@ -5,9 +5,12 @@ nfs_mounts: # Example configuration for development environment. # nfs_mounts: -# - src: "{{ ansible_host }}:/var/nfs/Vault1_1" +# - host: combined.yoda.test +# src: "{{ ansible_host }}:/var/nfs/Vault1_1" # path: "/nfs/Vault1_1" -# - src: "{{ ansible_host }}:/var/nfs/Vault1_2" +# - host: combined.yoda.test +# src: "{{ ansible_host }}:/var/nfs/Vault1_2" # path: "/nfs/Vault1_2" -# - src: "{{ ansible_host }}:/var/nfs/Vault2_1" +# - host: combined.yoda.test +# src: "{{ ansible_host }}:/var/nfs/Vault2_1" # path: "/nfs/Vault2_1" diff --git a/roles/nfs_client/tasks/main.yml b/roles/nfs_client/tasks/main.yml index f30a1bd16..3f16ff129 100644 --- a/roles/nfs_client/tasks/main.yml +++ b/roles/nfs_client/tasks/main.yml @@ -23,6 +23,7 @@ group: irods mode: '0755' loop: "{{ nfs_mounts if nfs_mounts is iterable else [] }}" + when: item.host == ansible_fqdn - name: Ensure NFS shares are mounted and present in /etc/fstab @@ -35,3 +36,4 @@ dump: 0 passno: 0 loop: "{{ nfs_mounts if nfs_mounts is iterable else [] }}" + when: item.host == ansible_fqdn