Version information
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
- Puppet >= 6.21.0 < 9.0.0
- , , ,
Start using this module
Add this module to your Puppetfile:
mod 'jcpunk-nfs', '0.3.2'
Learn more about managing modules with a PuppetfileDocumentation
nfs
Manage NFS client/server elements with modern nfs-utils.
Table of Contents
- Description
- Setup - The basics of getting started with nfs
- Usage - Configuration options and additional functionality
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Description
The nfs-utils version 2 utilities can take most of their settings from the
/etc/nfs.conf
. This module attempts to make setting those options easier.
Similiarly, mount.nfs
can get options from /etc/nfsmount.conf
.
Additionally, an easy way to populate /etc/idmapd.conf
is provided.
This module also provides an interface to setup NFS exports.
Folks wanting to mount NFS shares should use the mount
type. Possibly via stdlib::manage
in hiera.
Setup
What nfs affects
This module will manage the NFS packages, configs, exports, and services.
Setup Requirements
See the metadata.json
for module requirements.
Beginning with nfs
By default this module will disable client and server elements. You'll need to decide which bits you want enabled on what hosts.
This module should work well with hiera or a feature rich ENC.
Usage
Setup a client permitting NFSv3 and NFSv4 along with Kerberos security:
class {'nfs':
client => true,
client_nfsv3_support => true,
client_nfsv4_support => true,
client_kerberos_support => true,
}
or hiera
nfs::client: true
nfs::client_nfsv3_support: true
nfs::client_nfsv4_support: true
nfs::client_kerberos_support: true
Setup host as a client and a server:
class {'nfs':
client => true,
server => true,
}
or hiera
nfs::client: true
nfs::server: true
Setup a server permitting NFSv3 and NFSv4 along with Kerberos security and GSSProxy.
Also setup two exports, but leave any unmanaged files in /etc/exports.d/
NOTE: if you drop your own files in /etc/exports.d/
you should notify
one of: Class['nfs']
Class['nfs::service']
Class['nfs::service::exportfs']
class {'nfs':
use_gssproxy => true,
server => true,
server_nfsv3_support => true,
server_nfsv4_support => true,
server_kerberos_support => true,
exportfs_arguments => [ '-a', ],
purge_unmanaged_exports => false,
exports => {
'/export/path' => {
'clients' => {
'127.0.0.1' => ['rw', 'no_subtree_check'],
'*.example.com' => ['rw', 'sec=krb5', 'no_subtree_check'],
}
},
'Detailed Example' => {
'export_path' => '/my/nfs/path',
'config_file' => '/etc/exports.d/puppet.exports',
'comment' => "Some Optional Free Text",
'clients' => {
'127.0.0.1' => ['rw', 'no_subtree_check'],
'*.example.com' => ['rw', 'sec=krb5', 'no_subtree_check'],
}
}
}
}
or hiera
nfs::use_gssproxy: true
nfs::server: true
nfs::server_nfsv3_support: true
nfs::server_nfsv4_support: true
nfs::server_kerberos_support: true
nfs::purge_unmanaged_exports: false
nfs::exportfs_arguments: [ '-a' ]
# setup merge so we can extend this at another level
lookup_options:
nfs::exports:
merge:
strategy: deep
nfs::exports:
'/export/path':
clients:
'127.0.0.1':
- rw
- no_subtree_check
'*.example.com':
- rw
- 'sec=krb5'
- no_subtree_check
'Detailed Example':
export_path: /my/nfs/path
config_file: /etc/exports.d/puppet.exports
comment: Some Optional Free Text
clients:
'127.0.0.1':
- rw
-no_subtree_check
'*.example.com':
- rw
- 'sec=krb5'
- no_subtree_check
Set specific config settings for individual services
NOTE: if you drop your own files in /etc/nfs.conf.d/
you should notify
one of: Class['nfs']
Class['nfs::service']
NOTE: if you drop your own files in /etc/nfsmount.conf.d/
you should notify
any relevant NFS mounts you've specified.
class {'nfs':
client => true,
server => true,
rpcbind_config_opt_values => ['-a', '-s', '-l'],
idmapd_config_hash => {
'General' => {
'Domain' => 'something',
'Reformat-Group' => 'both',
},
'Mapping' => {
'Nobody-User' => 'nouser',
},
},
nfs_conf_hash => {
'lockd' => {
'port' => 32803,
'udp-port' => 32769
},
'mountd' => {
'port' => 892
},
'statd' => {
'port' => 662,
'outgoing-port' => 2020
},
},
nfsmount_conf_hash => {
'hostname.example.com' => {
'Defaultvers' => 4,
},
'/my/mnt/point' => {
'Defaultvers' => 4,
},
}
}
or hiera
nfs::client: true
nfs::server: true
nfs::rpcbind_config_opt_values:
- '-a'
- '-s'
- '-l'
# setup merge so we can extend this at another level
lookup_options:
nfs::idmapd_config_hash:
merge:
strategy: deep
nfs::nfs_conf_hash:
merge:
strategy: deep
nfs::nfsmount_conf_hash:
merge:
strategy: deep
nfs::idmapd_config_hash:
General:
Domain: something
Reformat-Group: both
Mapping:
Nobody-User: nouser
nfs::nfs_conf_hash:
lockd:
port: 32803
udp-port: 32769
mountd:
port: 982
statd:
port: 662
outgoing-port: 2020
nfs::nfsmount_conf_hash:
hostname.example.com:
Defaultvers: 4
'/my/mnt/point':
Defaultvers: 4
Additional examples are provided in the examples directory.
Limitations
This primarily targeted at RHEL compatible systems with nfs-utils version 2. Limited support for RHEL7 and Debian style systems are provided.
Development
This project uses pdk and is hosted at the listed repo.
Reference
Table of Contents
Classes
Public Classes
nfs
: The toplevel of the NFS class
Private Classes
nfs::config
: Configure the requested servicesnfs::config::exports
: Setup any requested NFS exportsnfs::config::gssproxy
: Write out the gssproxy config (and start gssproxy)nfs::config::idmapd
: Configure idmapd for NFSv4nfs::config::nfs_conf
: Write out the nfs services config for client and servernfs::config::nfsmount_conf
: Setup nfsmount.conf and nfsmount.conf.d/ elementsnfs::config::rpcbind
: Configure NFSv3 rpcbindnfs::install
: Determine which nfs packages we need and install themnfs::service
: Configure the NFS services we requestednfs::service::client
: Overrides only work with inheritancenfs::service::exportfs
: A simple wrapper around exportfsnfs::service::server
: Overrides only work with inheritancenfs::service::start
: Overrides only work with inheritance
Classes
nfs
This class is the toplevel of the NFS class. It mostly just includes other private classes to try and keep the behavior self contained
Parameters
The following parameters are available in the nfs
class:
client
client_nfsv3_support
client_nfsv4_support
client_kerberos_support
manage_client_packages
client_packages
manage_services
client_services
client_v3_helper_services
client_v4_helper_services
client_kerberos_services
server
server_nfsv3_support
server_nfsv4_support
server_kerberos_support
manage_server_packages
server_packages
server_services
server_v3_helper_services
server_v4_helper_services
server_kerberos_services
use_gssproxy
gssproxy_services
rpcbind_config_opt_file
rpcbind_config_opt_key
rpcbind_config_opt_values
exportfs
exportfs_arguments
exports_file
exports_d
purge_unmanaged_exports
exports
idmapd_config_file
idmapd_config_hash
vendor_idmapd_config_hash
nfs_conf_file
nfs_conf_d
purge_unmanaged_nfs_conf_d
nfs_conf_hash
vendor_nfs_conf_hash
nfsmount_conf_file
nfsmount_conf_d
purge_unmanaged_nfsmount_conf_d
nfsmount_conf_hash
vendor_nfsmount_conf_hash
client
Data type: Boolean
Boolean, should this host be an NFS client
client_nfsv3_support
Data type: Boolean
Boolean, should NFS client have NFSv3 support
client_nfsv4_support
Data type: Boolean
Boolean, should NFS client have NFSv4 support
client_kerberos_support
Data type: Boolean
Boolean, should NFS client have kerberos support
manage_client_packages
Data type: Boolean
Boolean, should this module manage the NFS client packages
client_packages
Data type: Array[String[1]]
Array of packages for NFS clients
manage_services
Data type: Boolean
Boolean, should this module manage the NFS services
client_services
Data type: Array[Systemd::Unit]
Array of services for any type of NFS client
client_v3_helper_services
Data type: Array[Systemd::Unit]
Array of services for NFSv3 clients
client_v4_helper_services
Data type: Array[Systemd::Unit]
Array of services for NFSv4 clients
client_kerberos_services
Data type: Array[Systemd::Unit]
Array of services for NFS kerberos clients
server
Data type: Boolean
Boolean, should this host be an NFS server
server_nfsv3_support
Data type: Boolean
Boolean, should NFS server have NFSv3 support
server_nfsv4_support
Data type: Boolean
Boolean, should NFS server have NFSv4 support
server_kerberos_support
Data type: Boolean
Boolean, should NFS server have kerberos support
manage_server_packages
Data type: Boolean
Boolean, should this module manage the NFS server packages
server_packages
Data type: Array[String[1]]
Array of packages for NFS servers
server_services
Data type: Array[Systemd::Unit]
Array of services for any type of NFS server
server_v3_helper_services
Data type: Array[Systemd::Unit]
Array of services for NFSv3 servers
server_v4_helper_services
Data type: Array[Systemd::Unit]
Array of services for NFSv4 servers
server_kerberos_services
Data type: Array[Systemd::Unit]
Array of services for NFS kerberos servers
use_gssproxy
Data type: Boolean
Boolean, should GSSProxy be configured (via the gssproxy module)
gssproxy_services
Data type: Hash[String, Variant[Data, Array[String[1]], Undef]]
Hash of GSSProxy services to define
rpcbind_config_opt_file
Data type: Stdlib::Absolutepath
Path to file sourced by the rpcbind.service
rpcbind_config_opt_key
Data type: String
String listing the Env Var used by rpcbind.service to set options
rpcbind_config_opt_values
Data type: Array
Array of arguments to set on rpcbind
exportfs
Data type: Stdlib::Absolutepath
Path to the exportfs command
exportfs_arguments
Data type: Array[String]
Array of arguments to use with exportfs
exports_file
Data type: Stdlib::Absolutepath
Full path to your /etc/exports
exports_d
Data type: Stdlib::Absolutepath
Full path to your /etc/exports.d/
purge_unmanaged_exports
Data type: Boolean
Boolean, Should unmanaged files in /etc/exports.d/ be removed?
exports
Data type: Hash[String, Hash[Enum['export_path', 'config_file', 'comment', 'clients'], Variant[String[1], Hash[String, Array[String[1], 1]]]]]
Hash of NFS exports to create, see examples for structure
idmapd_config_file
Data type: Stdlib::Absolutepath
Path to your /etc/idmapd.conf
idmapd_config_hash
Data type: Hash[String, Hash[String, Data]]
Hash of settings you want in /etc/idmapd.conf
vendor_idmapd_config_hash
Data type: Hash[String, Hash[String, Data]]
Hash of vendor default settings in /etc/idmapd.conf
nfs_conf_file
Data type: Stdlib::Absolutepath
Path to your /etc/nfs.conf
nfs_conf_d
Data type: Stdlib::Absolutepath
Path to your /etc/nfs.conf.d
purge_unmanaged_nfs_conf_d
Data type: Boolean
Boolean, remove any unmanaged files in /etc/nfs.conf.d
nfs_conf_hash
Data type: Hash[String, Hash[String, Data]]
Hash of settings you want in /etc/nfs.conf
vendor_nfs_conf_hash
Data type: Hash[String, Hash[String, Data]]
Hash of vendor default settings in /etc/nfs.conf
nfsmount_conf_file
Data type: Stdlib::Absolutepath
Path to your /etc/nfsmount.conf
nfsmount_conf_d
Data type: Stdlib::Absolutepath
Path to your /etc/nfsmount.conf.d
purge_unmanaged_nfsmount_conf_d
Data type: Boolean
Boolean, remove any unmanaged files in /etc/nfsmount.conf.d
nfsmount_conf_hash
Data type: Hash[String, Variant[Hash[String, Data], Undef]]
Hash of settings you want in /etc/nfsmount.conf
vendor_nfsmount_conf_hash
Data type: Hash[String, Hash[String, Data]]
Hash of vendor default settings in /etc/nfsmount.conf
Changelog
All notable changes to this project will be documented in this file.
Release 0.3.2
Features
Update module compat list
Release 0.3.1
Bugfixes
Fix flapping rpc-statd-notify.service
Features
Update module compat list
Release 0.3.0
Bugfixes
Correct missing \n at end of exports
Remove incorrect list of support for RHEL7, it is nfsutils v1
Features
Add Ubuntu support
Note Almalinux support
Release 0.2.1
Bugfixes
Use non-legacy fact for domain
Release 0.2.0
Bugfixes
Fix incorrect default NFSv3 client helper services
Features
Stubs for nfsrahead service
Release 0.1.3
Bugfixes
Fix incorrect default for RHEL systems
Release 0.1.2
Features
Note compatibility with puppet/systemd 4.x.x
Release 0.1.1
Bugfixes
Several systemd targets enable rpcbind automatically. So don't disable it.
Known Issues
rpcbind is no longer halted when v3 support is not required.
Release 0.1.0
Features
Bugfixes
Known Issues
Dependencies
- puppetlabs/concat (>= 4.2.0 < 10.0.0)
- jcpunk/gssproxy (>= 0.1.1 < 0.2.0)