diff --git a/installNFS.yml b/installNFS.yml
index 8752a25e72d51d928f79ff71e6616dcd08cc61f2..33ab1e51b91ca39be42d4b87ffe5d2e1e96279ea 100644
--- a/installNFS.yml
+++ b/installNFS.yml
@@ -11,9 +11,6 @@
- nfs-server
sudo: true
vars:
- ansible_ssh_private_key_file: "/home/sgeadmin/.ssh/shahaan.pem"
- ansible_ssh_user: "ec2-user"
- nfs_network: "10.8.0.0/16"
x509_ca_server: vm-118-138-240-224.erc.monash.edu.au
-
hosts: openvpn-clients
@@ -23,12 +20,10 @@
- easy-rsa-certificate
- OpenVPN-Client
- nfs-common
+ - { role: syncExports, group_list:['openvpn-clients'], interface_list: ['eth0','tun0'] }
- nfs-client
sudo: true
vars:
- ansible_ssh_private_key_file: "/home/sgeadmin/.ssh/shahaan.pem"
- ansible_ssh_user: "ec2-user"
x509_ca_server: vm-118-138-240-224.erc.monash.edu.au
openvpn_servers: ['vm-118-138-240-224.erc.monash.edu.au']
- server: vm-118-138-240-224.erc.monash.edu.au
- nfs_server: "10.8.0.1"
+ nfs_server: "vm-118-138-240-224.erc.monash.edu.au"
diff --git a/roles/OpenVPN-Server/templates/server.conf.j2 b/roles/OpenVPN-Server/templates/server.conf.j2
index 9d9d5fef88145687378d9e307d5adad91166b364..5ba9060993fcf9f26c181c458071dcfcc9fdc6b2 100644
--- a/roles/OpenVPN-Server/templates/server.conf.j2
+++ b/roles/OpenVPN-Server/templates/server.conf.j2
@@ -93,7 +93,7 @@ dh {{ dhparms_file }}
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
-server 10.8.0.0 255.255.255.0
+server {{ server_network }} {{ server_netmask }}
# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
diff --git a/roles/OpenVPN-Server/vars/main.yml b/roles/OpenVPN-Server/vars/main.yml
index 0118883ff89c549e9482c6c75e34aa36ade35715..ae69f9692b264b7b03980e14253c31ea3298b723 100644
--- a/roles/OpenVPN-Server/vars/main.yml
+++ b/roles/OpenVPN-Server/vars/main.yml
@@ -5,3 +5,5 @@ x509_key_file: "/etc/openvpn/private/server.key"
x509_cert_file: "/etc/openvpn/certs/server.crt"
x509_common_name: "{{ ansible_fqdn }}_OpenVPN_Server"
dhparms_file: "/etc/openvpn/private/dh.pem"
+server_network: "10.8.0.0"
+server_netmask: "255.255.255.0"
diff --git a/roles/easy-rsa-certificate/tasks/buildCert.yml b/roles/easy-rsa-certificate/tasks/buildCert.yml
index ee22f077b354dbfd53a82106e1babdeb32e852e8..1e587882433e739fd9e18d35c6579bfcf4a790af 100644
--- a/roles/easy-rsa-certificate/tasks/buildCert.yml
+++ b/roles/easy-rsa-certificate/tasks/buildCert.yml
@@ -27,7 +27,13 @@
- name: "set needcert if cert is missing"
set_fact: needcert=True
- when: cert.stat.exists == false
+ when: cert.stat.exists == false and cert.stat.size == 0
+
+- name: "Delete Zero Sized Ceritificates"
+ remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
+ delegate_to: "{{ x509_ca_server }}"
+ shell: rm -rf /etc/easy-rsa/2.0/keys/{{ x509_common_name }}.*
+ when: cert.stat.size == 0
- name: "set needcert if cert doesn't match key"
set_fact: needcert=True
diff --git a/roles/nfs-client/defaults/main.yml b/roles/nfs-client/defaults/main.yml
index 60ca9c1121024edab84bedf7029f8a54423cb685..2c6b83527ec4617bfb43c276595554e67b761703 100644
--- a/roles/nfs-client/defaults/main.yml
+++ b/roles/nfs-client/defaults/main.yml
@@ -1,4 +1,3 @@
---
-nfs_server: "nfsserver.edu"
nfs_type: "nfs"
nfs_options: "vers=3,noatime,rsize=16384,wsize=16384,hard,intr,tcp,nolock"
diff --git a/roles/nfs-client/tasks/mountFileSystem.yml b/roles/nfs-client/tasks/mountFileSystem.yml
index 7944c079ce1786a48ca21514985f77e1043e8ed7..27b2328ca2ef3f12e8d49452d99b976dc9d3d57a 100644
--- a/roles/nfs-client/tasks/mountFileSystem.yml
+++ b/roles/nfs-client/tasks/mountFileSystem.yml
@@ -1,12 +1,14 @@
---
+-
+ name: "Get the NFS Network"
+ setup: filter="ansible_tun0"
+ register: nfsServer
+ run_once: true
+ delegate_to: "{{ nfs_server }}"
-
- mount: "name={{ item.0 }} src={{ nfs_server }}:{{ item.1 }} fstype={{ nfs_type }} opts={{ nfs_options }} state=mounted"
+ mount: "name={{ item.name }} src={{ nfsServer['ansible_facts']['ansible_tun0']['ipv4']['address'] }}:{{ item.src }} fstype={{ item.fstype }} opts={{ item.opts }} state=mounted"
name: "Mounting NFS mounts"
- with_together:
- - destDir
- - srcDir
+ with_items: exportList
notify: "restart authentication"
notify: "restart idmap"
sudo: true
-
-
diff --git a/roles/nfs-client/vars/main.yml b/roles/nfs-client/vars/main.yml
index 2a7137f29478b7cdbedecceda8e1ccfaa2e57565..6d9a86f91a6b348ba960d11a2ccce99d29c219df 100644
--- a/roles/nfs-client/vars/main.yml
+++ b/roles/nfs-client/vars/main.yml
@@ -1,3 +1,4 @@
---
-srcDir: ['/mnt']
-destDir: ['/mnt/test-nfs']
+# This is a list of exports, individual entry for each mount.
+exportList:
+ - { name : '/mnt/test-nfs', src : '/mnt',fstype : 'nfs', opts : 'vers=3,noatime,rsize=16384,wsize=16384,hard,intr,tcp,nolock' }
diff --git a/roles/nfs-server/tasks/startServer.yml b/roles/nfs-server/tasks/startServer.yml
index 4821a0a95f38173d08926bd230a7cb27bc7087ae..17211aff0bab88c5d6d1ff05f2ed9046aea03f19 100644
--- a/roles/nfs-server/tasks/startServer.yml
+++ b/roles/nfs-server/tasks/startServer.yml
@@ -2,9 +2,6 @@
-
name: "Starting rpcbind"
service: "name=rpcbind state=started"
--
- name: "Copying /etc/exports template"
- template: "src=exports.j2 dest=/etc/exports mode=0644 owner=root"
-
name: "Start the Server"
service: "name=nfs state=started"
diff --git a/roles/nfs-server/templates/exports.j2 b/roles/nfs-server/templates/exports.j2
deleted file mode 100644
index bada393e107f6e35645d8d9ca5bcfde2af8bcab8..0000000000000000000000000000000000000000
--- a/roles/nfs-server/templates/exports.j2
+++ /dev/null
@@ -1 +0,0 @@
-{{ srcDir }} {{ nfs_network }}(rw,sync,root_squash)
diff --git a/roles/nfs-server/vars/main.yml b/roles/nfs-server/vars/main.yml
deleted file mode 100644
index 1091b61454355f091358785c0275b100f518c9a6..0000000000000000000000000000000000000000
--- a/roles/nfs-server/vars/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-srcDir: '/mnt'
diff --git a/roles/syncExports/tasks/addExports.yml b/roles/syncExports/tasks/addExports.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d5bb11156e61d4b921a8420abc2f746f4d6338a7
--- /dev/null
+++ b/roles/syncExports/tasks/addExports.yml
@@ -0,0 +1,11 @@
+---
+-
+ name: "Templating /etc/exports"
+ template: src=exports.j2 dest=/etc/exports owner=root group=root mode=644
+ delegate_to: "{{ nfs_server }}"
+ run_once: true
+-
+ name : Restart the NFS Server
+ service: name=nfs state=restarted
+ delegate_to: "{{ nfs_server }}"
+ run_once: true
diff --git a/roles/syncExports/tasks/main.yml b/roles/syncExports/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..087f43771a0a0b53c17afdae456a2dea4dd21958
--- /dev/null
+++ b/roles/syncExports/tasks/main.yml
@@ -0,0 +1,2 @@
+---
+- include : addExports.yml
diff --git a/roles/syncExports/templates/exports.j2 b/roles/syncExports/templates/exports.j2
new file mode 100644
index 0000000000000000000000000000000000000000..ab59cf68ff309ec2044754ea43b19cf87cabef7d
--- /dev/null
+++ b/roles/syncExports/templates/exports.j2
@@ -0,0 +1,4 @@
+{% for export in exportList %}
+{{ export.src }} {% for group_name in group_list %}{% for node in groups[group_name] %}{% for interface_name in interface_list %}{{ hostvars[node]['ansible_'+interface_name]['ipv4']['address'] }}(rw,sync,root_squash) {% endfor %}{% endfor %}{% endfor %}
+
+{% endfor %}
diff --git a/syncNFS.yml b/syncNFS.yml
new file mode 100644
index 0000000000000000000000000000000000000000..294ed1a2cd01c938a5b9e69b6ededf6cbaeaba77
--- /dev/null
+++ b/syncNFS.yml
@@ -0,0 +1,14 @@
+---
+-
+ hosts: openvpn-clients
+ remote_user: ec2-user
+ roles:
+ - { role: syncExports, group_list:['openvpn-clients'], interface_list: ['eth0','tun0'] }
+ - nfs-client
+ sudo: true
+ vars:
+ nfs_server: "vm-118-138-240-224.erc.monash.edu.au"
+ openvpn_servers:
+ - vm-118-138-240-224.erc.monash.edu.au
+ x509_ca_server: vm-118-138-240-224.erc.monash.edu.au
+