- Overview - What is the nfs module?
- Module Description - What does this module do?
- Setup - The basics of getting started with nfs
- Usage - The classes and defined types available for configuration
- Requirements
- Limitations - OS compatibility, etc.
- Contributing to the graphite module
This module installs, configures and manages everything on NFS clients and servers.
This module can be used to simply mount nfs shares on a client or to configure your nfs servers. It can make use of storeconfigs on the puppetmaster to get its resources.
What nfs affects:
- packages/services/configuration files for NFS usage
- can be used with puppet storage
This example mounts a nfs share on the client, with NFSv3
include '::nfs::client'
::nfs::client::mount { '/mnt/mymountpoint':
server => 'nfsserver.my.domain',
share => '/share/on/server',
options => 'rw',
}
This will export /data/folder on the server and automagically mount it on client. You need storeconfigs/puppetdb for this to work.
node server {
include nfs::server
::nfs::server::export{ '/data_folder':
ensure => 'mounted',
clients => '10.0.0.0/24(rw,insecure,async,no_root_squash) localhost(rw)'
}
}
By default, mounts are mounted in the same folder on the clients as they were exported from on the server.
node client {
include '::nfs::client'
Nfs::Client::Mount <<| |>>
}
node server1 {
include '::nfs::server'
::nfs::server::export{
'/data_folder':
ensure => 'mounted',
clients => '10.0.0.0/24(rw,insecure,async,no_root_squash) localhost(rw)'
# exports /homeexport and mounts them om /srv/home on the clients
'/homeexport':
ensure => 'mounted',
clients => '10.0.0.0/24(rw,insecure,async,root_squash)',
mount => '/srv/home'
}
}
node server2 {
include '::nfs::server'
# ensure is passed to mount, which will make the client not mount it
# the directory automatically, just add it to fstab
::nfs::server::export{
'/media_library':
ensure => 'present',
nfstag => 'media'
clients => '10.0.0.0/24(rw,insecure,async,no_root_squash) localhost(rw)'
}
}
node client {
include '::nfs::client'
Nfs::Client::Mount <<| |>>;
}
# Using a storeconfig override, to change ensure option, so we mount
# all shares
node greedy_client {
include '::nfs::client'
Nfs::Client::Mount <<| |>> {
ensure => 'mounted'
}
}
# only the mount tagged as media
# also override mount point
node media_client {
include '::nfs::client'
Nfs::Client::Mount <<|nfstag == 'media' |>> {
ensure => 'mounted',
mount => '/import/media'
}
}
# All @@nfs::server::mount storeconfigs can be filtered by parameters
# Also all parameters can be overridden (not that it's smart to do
# so).
# Check out the doc on exported resources for more info:
# http://docs.puppetlabs.com/guides/exported_resources.html
node single_server_client {
include '::nfs::client'
Nfs::Client::Mount <<| server == 'server1' |>> {
ensure => 'absent',
}
}
We use the $::domain
fact for the Domain setting in /etc/idmapd.conf
.
For NFSv4 to work this has to be equal on servers and clients
set it manually if unsure.
All nfsv4 exports are bind mounted into /export/$mount_name
and mounted on /srv/$mount_name
on the client.
Both values can be overridden through parameters both globally
and on individual nodes.
node server {
class { 'nfs::server':
nfs_v4 => true,
nfs_v4_export_root_clients =>
'10.0.0.0/24(rw,fsid=root,insecure,no_subtree_check,async,no_root_squash)'
}
nfs::server::export{ '/data_folder':
ensure => 'mounted',
clients => '10.0.0.0/24(rw,insecure,no_subtree_check,async,no_root_squash) localhost(rw)'
}
}
Set ownership and permissions on the folder being exported
node server {
nfs::server::export{ '/data_folder':
ensure => 'mounted',
clients => '10.0.0.0/24(rw,insecure,no_subtree_check,async,no_root_squash) localhost(rw)',
owner => 'root',
group => 'root',
perms => '0755',
}
}
By default, mounts are mounted in the same folder on the clients as they were exported from on the server
node client {
class { 'nfs::client':
nfs_v4 = true,
nfs_v4_export_root_clients =>
'10.0.0.0/24(rw,fsid=root,insecure,no_subtree_check,async,no_root_squash)'
}
Nfs::Client::Mount <<| |>>;
}
We can also mount the NFSv4 Root directly through nfs::client::mount::nfsv4::root. By default /srv will be used for as mount point, but can be overriden through the 'mounted' option.
node client2 {
$server = 'server'
class { '::nfs::client':
nfs_v4 = true,
}
Nfs::Client::Mount::Nfs_v4::Root <<| server == $server |>> {
mount => "/srv/$server",
}
}
Just to show you, how complex we can make things ;-)
# and on individual nodes.
node server {
class { 'nfs::server':
nfs_v4 => true,
# Below are defaults
nfs_v4_idmap_domain => $::domain,
nfs_v4_export_root => '/export',
# Default access settings of /export root
nfs_v4_export_root_clients =>
"*.${::domain}(ro,fsid=root,insecure,no_subtree_check,async,root_squash)"
}
nfs::server::export{ '/data_folder':
# These are the defaults
ensure => 'mounted',
# rbind or bind mounting of folders bindmounted into /export
# google it
bind => 'rbind',
# everything below here is propogated by to storeconfigs
# to clients
#
# Directory where we want export mounted on client
mount => undef,
remounts => false,
atboot => false,
# Don't remove that option, but feel free to add more.
options => '_netdev',
# If set will mount share inside /srv (or overridden mount_root)
# and then bindmount to another directory elsewhere in the fs -
# for fanatics.
bindmount => undef,
# Used to identify a catalog item for filtering by by
# storeconfigs, kick ass.
nfstag => undef,
# copied directly into /etc/exports as a string, for simplicity
clients => '10.0.0.0/24(rw,insecure,no_subtree_check,async,no_root_squash)'
}
node client {
class { 'nfs::client':
nfs_v4 => true,
nfs_v4_idmap_domain => $::domain
nfs_v4_mount_root => '/srv',
}
# We can as you by now know, override options set on the server
# on the client node.
# Be careful. Don't override mount points unless you are sure
# that only one export will match your filter!
Nfs::Client::Mount <<| # filter goes here # |>> {
# Directory where we want export mounted on client
mount => undef,
remounts => false,
atboot => false,
# Don't remove that option, but feel free to add more.
options => '_netdev',
# If set will mount share inside /srv (or overridden mount_root)
# and then bindmount to another directory elsewhere in the fs -
# for fanatics.
bindmount => undef,
}
}
If a server has many clients it's a bit of a mess to put them all in a single 'clients' option for nfs::server::export
. Instead, you can put them in a array or hash and use the mk_client_list
function to generate the clients string.
$nfs_clients = [
'common-*.loc.dom',
'hostb.loc.dom',
'10.0.9.0/24']
nfs::server::export { '/data':
clients => mk_client_list($nfs_clients, {}, "ro"),
# Which will produce:
# 'common-*.loc.dom(ro) hostb.loc.dom(ro) 10.0.9.0/24(ro)'
...
}
In this case mk_client_list generates the string: `
The second option is a hash of client -> options. The third option is the default in case a client doesn't have options specified in the hash. In the above example none of the clients had specific settings, so they were all given the default options of ro
.
$nfs_clients = [
'common-*.loc.dom',
'hostb.loc.dom',
'10.0.9.0/24']
$nfs_client_options = {
'hostb.loc.dom' => 'rw,no_root_squash'}
nfs::server::export {'/data':
# Use the stdlib keys function to get the array of keys from our hash.
clients => mk_client_list($nfs_clients, $nfs_client_options, 'ro'),
# Which will produce:
# 'common-*.loc.dom(ro) hostb.loc.dom(rw,no_root_squash) 10.0.9.0/24(ro)'
...
}
You can also give options to each host in a hash, and then use the stdlib keys() function to extract the client array from the hash: mk_client_list(keys($client_hash), $client_hash, '')
Set up NFS server and exports. NFSv3 and NFSv4 supported.
Parameters within nfs::server
:
Should this class manage the services behind nfs? Set this to false if you are managing the service in another way (e.g. pacemaker).
Allow to update or set to a specific version the nfs server packages.
NFSv4 support. Will set up automatic bind mounts to export root. Disabled by default.
Export root, where we bind mount shares, default /export
Domain setting for idmapd, must be the same across server and clients. Default is to use $domain fact.
If set, this attribute will be used to construct nfs::server::export resources. You can use you ENC or hiera to provide the hash of nfs::server::export resources definitions:
nfs::server::exports:
/mnt/something:
ensure: mounted
clients: '*(fsid=0,ro,insecure,async,all_squash,no_subtree_check,mountpoint=/mnt/something)'
class { '::nfs::server':
nfs_v4 => true,
nfs_v4_export_root_clients => "*.${::domain}(ro,fsid=root,insecure,no_subtree_check,async,root_squash)",
# Generally parameters below have sane defaults.
nfs_v4_export_root => "/export",
nfs_v4_idmap_domain => $::domain,
}
Set up NFS export on the server (and stores data in configstore)
Parameters within nfs::server::export
:
Default is $name
. Usally you do not set it explicit.
Default results from $name
. Usally you do not set it explicit.
Default is 'mounted'
Default is 'rbind'. rbind or bind mounting of folders bindmounted into /export. Google it!
Following parameteres are propogated by to storeconfigs to clients
Default is undef. This means client mount path is the same as server export path. Directory where we want export mounted on client
Default is false.
Default is false.
Default is '_netdev'. Don't remove that option, but feel free to add more.
Default is undef. If set will mount share inside /srv (or overridden mount_root) and then bindmount to another directory elsewhere in the fs - for fanatics.
Default is undef. Used to identify a catalog item for filtering by storeconfigs on clients.
Default is 'localhost(ro)'. Copied directly into /etc/exports as a string, for simplicity.
Default is $::clientcert
. Used to specify a other ip/name for the client to connect to. Usefull in machines with multiple ip addresses or network interfaces
::nfs::server::export { '/media_library':
nfstag => 'media'
clients => '10.0.0.0/24(rw,insecure,async,no_root_squash) localhost(rw)'
}
Set up NFS client and mounts. NFSv3 and NFSv4 supported.
Parameters within nfs::client
:
Allow to update or set to a specific version the nfs client packages.
NFSv4 support. Disabled by default.
Mount root, where we mount shares, default /srv
Domain setting for idmapd, must be the same across server and clients. Default is to use $::domain fact.
If set, this attribute will be used to construct nfs::client::mount resources. You can use you ENC or hiera to provide the hash of nfs::client::mount resources definitions:
nfs::client::mounts:
/mnt/test:
ensure: 'mounted'
server: '192.0.2.100'
share: '/export/data'
class { '::nfs::client':
nfs_v4 => true,
# Generally parameters below have sane defaults.
nfs_v4_mount_root => '/srv',
nfs_v4_idmap_domain => $::domain,
}
Set up NFS mount on client.
Parameters within nfs::client::mount
:
FQDN or IP of the NFS server.
Name of share to be mounted.
Default is 'mounted'.
Default is $title
of defined type. Defines mountpoint of the share on the client.
Default is false.
Default is false.
Default is '_netdev'. Don't remove that option, but feel free to add more.
Default is undef. If set will mount share inside /srv (or overridden mount_root) and then bindmount to another directory elsewhere in the fs - for fanatics.
Default is undef. Used to identify a catalog item for filtering by storeconfigs on clients.
Default is 'root'. Sets owner of mountpoint directory. This is applied to the directory on every run, which means it is used both on the base mountpoint creation when unmounted, and also once mounted on the target NFS server and thus all servers accessing the same share.
Default is root
. Sets group of mountpoint directory. This is applied to the directory on every run, which means it is used both on the base mountpoint creation when unmounted, and also once mounted on the target NFS server and thus all servers accessing the same share.
Default is '0755'. Sets mode of mountpoint directory. This has changed from previous versons which used '0777' (world writable). This is applied to the directory on every run, which means it is used both on the base mountpoint creation when unmounted, and also once mounted on the target NFS server and thus all servers accessing the same share.
If you want to have the full potential of this module its recommend to have storeconfigs enabled.
##Contributing
Echocat modules are open projects. So if you want to make this module even better, you can contribute to this module on Github.
This module is forked/based on Harald Skoglund haraldsk@redpill-linpro.com from https://github.com/haraldsk/puppet-module-nfs/
Please read DEVELOP.md on how to contribute to this module.