Merge pull request #1 from shahaan/mcc-nectar

MCC NecTAR proposed nfs-client and syncExports fixes

Merge pull request #1 from shahaan/mcc-nectar
MCC NecTAR proposed nfs-client and syncExports fixes
b7408fa0 · Shahaan Ayyub · 0f4892ce · cfba0c0d · b7408fa0 · b7408fa0
Commit b7408fa0 authored 10 years ago by Shahaan Ayyub
--- a/installNFS.yml
+++ b/installNFS.yml
@@ -11,9 +11,6 @@
    - nfs-server
  sudo: true
  vars: 
-    ansible_ssh_private_key_file: "/home/sgeadmin/.ssh/shahaan.pem"
-    ansible_ssh_user: "ec2-user"
-    nfs_network: "10.8.0.0/16"
    x509_ca_server: vm-118-138-240-224.erc.monash.edu.au
 - 
  hosts: openvpn-clients
@@ -23,12 +20,10 @@
    - easy-rsa-certificate 
    - OpenVPN-Client
    - nfs-common
+    - { role: syncExports, group_list:['openvpn-clients'], interface_list: ['eth0','tun0'] }
    - nfs-client
  sudo: true
  vars: 
-    ansible_ssh_private_key_file: "/home/sgeadmin/.ssh/shahaan.pem"
-    ansible_ssh_user: "ec2-user"
    x509_ca_server: vm-118-138-240-224.erc.monash.edu.au
    openvpn_servers: ['vm-118-138-240-224.erc.monash.edu.au']
-    server: vm-118-138-240-224.erc.monash.edu.au
+    nfs_server: "vm-118-138-240-224.erc.monash.edu.au"
-    nfs_server: "10.8.0.1"
--- a/roles/OpenVPN-Server/templates/server.conf.j2
+++ b/roles/OpenVPN-Server/templates/server.conf.j2
@@ -93,7 +93,7 @@ dh {{ dhparms_file }}
 # Each client will be able to reach the server
 # on 10.8.0.1. Comment this line out if you are
 # ethernet bridging. See the man page for more info.
-server 10.8.0.0 255.255.255.0
+server {{ server_network }} {{ server_netmask }}
 # Maintain a record of client <-> virtual IP address
 # associations in this file.  If OpenVPN goes down or

--- a/roles/OpenVPN-Server/vars/main.yml
+++ b/roles/OpenVPN-Server/vars/main.yml
@@ -5,3 +5,5 @@ x509_key_file: "/etc/openvpn/private/server.key"
 x509_cert_file: "/etc/openvpn/certs/server.crt"
 x509_common_name: "{{ ansible_fqdn }}_OpenVPN_Server"
 dhparms_file: "/etc/openvpn/private/dh.pem"
+server_network: "10.8.0.0"
+server_netmask: "255.255.255.0"
--- a/roles/easy-rsa-certificate/tasks/buildCert.yml
+++ b/roles/easy-rsa-certificate/tasks/buildCert.yml
@@ -27,7 +27,13 @@
 - name: "set needcert if cert is missing"
  set_fact: needcert=True
-  when: cert.stat.exists == false
+  when: cert.stat.exists == false and cert.stat.size == 0
+- name: "Delete Zero Sized Ceritificates"
+  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
+  delegate_to: "{{ x509_ca_server }}"
+  shell: rm -rf /etc/easy-rsa/2.0/keys/{{ x509_common_name }}.*
+  when: cert.stat.size == 0
 - name: "set needcert if cert doesn't match key"
  set_fact: needcert=True

--- a/roles/nfs-client/defaults/main.yml
+++ b/roles/nfs-client/defaults/main.yml
 ---
-nfs_server: "nfsserver.edu" 
 nfs_type: "nfs"
 nfs_options: "vers=3,noatime,rsize=16384,wsize=16384,hard,intr,tcp,nolock"
--- a/roles/nfs-client/tasks/mountFileSystem.yml
+++ b/roles/nfs-client/tasks/mountFileSystem.yml
 --- 
+-
+ name: "Get the NFS Network"
+ setup: filter="ansible_tun0"
+ register: nfsServer
+ run_once: true
+ delegate_to: "{{ nfs_server }}"
 - 
-  mount: "name={{ item.0 }} src={{ nfs_server }}:{{ item.1 }} fstype={{ nfs_type }} opts={{ nfs_options }} state=mounted"
+  mount: "name={{ item.name }} src={{ nfsServer['ansible_facts']['ansible_tun0']['ipv4']['address'] }}:{{ item.src }} fstype={{ item.fstype }} opts={{ item.opts }} state=mounted"
  name: "Mounting NFS mounts"
-  with_together: 
+  with_items: exportList 
-    - destDir
-    - srcDir
  notify: "restart authentication"
  notify: "restart idmap"
  sudo: true 
--- a/roles/nfs-client/vars/main.yml
+++ b/roles/nfs-client/vars/main.yml
 ---
-srcDir: ['/mnt']
+# This is a list of exports, individual entry for each mount.
-destDir: ['/mnt/test-nfs']
+exportList:
+ - { name : '/mnt/test-nfs', src : '/mnt',fstype : 'nfs', opts : 'vers=3,noatime,rsize=16384,wsize=16384,hard,intr,tcp,nolock' }
--- a/roles/nfs-server/tasks/startServer.yml
+++ b/roles/nfs-server/tasks/startServer.yml
@@ -2,9 +2,6 @@
 - 
  name: "Starting rpcbind"
  service: "name=rpcbind state=started"
- 
-  name: "Copying /etc/exports template"
-  template: "src=exports.j2 dest=/etc/exports mode=0644 owner=root"
 - 
  name: "Start the Server"
  service: "name=nfs state=started"
--- a/roles/nfs-server/templates/exports.j2
+++ b/roles/nfs-server/templates/exports.j2
-{{ srcDir }}	{{ nfs_network }}(rw,sync,root_squash)
--- a/roles/nfs-server/vars/main.yml
+++ b/roles/nfs-server/vars/main.yml
---
-srcDir: '/mnt'
--- a/roles/syncExports/tasks/addExports.yml
+++ b/roles/syncExports/tasks/addExports.yml
+---
+-
+  name: "Templating /etc/exports"
+  template: src=exports.j2 dest=/etc/exports owner=root group=root mode=644
+  delegate_to: "{{ nfs_server }}"
+  run_once: true
+-
+  name : Restart the NFS Server
+  service: name=nfs state=restarted
+  delegate_to: "{{ nfs_server }}"
+  run_once: true
--- a/roles/syncExports/tasks/main.yml
+++ b/roles/syncExports/tasks/main.yml
+---
+- include : addExports.yml
--- a/roles/syncExports/templates/exports.j2
+++ b/roles/syncExports/templates/exports.j2
+{% for export in exportList %}
+{{ export.src }} {% for group_name in group_list %}{% for node in  groups[group_name] %}{% for interface_name in interface_list %}{{ hostvars[node]['ansible_'+interface_name]['ipv4']['address'] }}(rw,sync,root_squash) {% endfor %}{% endfor %}{% endfor %}
+{% endfor %}
--- a/syncNFS.yml
+++ b/syncNFS.yml
+--- 
+- 
+  hosts: openvpn-clients
+  remote_user: ec2-user
+  roles:
+    - { role: syncExports, group_list:['openvpn-clients'], interface_list: ['eth0','tun0'] }
+    - nfs-client
+  sudo: true
+  vars: 
+    nfs_server: "vm-118-138-240-224.erc.monash.edu.au"
+    openvpn_servers: 
+      - vm-118-138-240-224.erc.monash.edu.au
+    x509_ca_server: vm-118-138-240-224.erc.monash.edu.au