From 9a3d6df2c937d531483ccaf8d155c9113425db18 Mon Sep 17 00:00:00 2001 From: Joel Koglin Date: Tue, 19 May 2015 13:02:51 -0700 Subject: [PATCH 1/4] Adding nfs::export resource to manage lines in the /etc/exports file for the nfs server --- README.md | 28 ++++++++++++++++++++++++++++ README.rdoc | 28 ++++++++++++++++++++++++++++ manifests/export.pp | 27 +++++++++++++++++++++++++++ manifests/init.pp | 6 +----- manifests/params.pp | 3 ++- manifests/server.pp | 27 ++++++++++++++------------- templates/export.erb | 1 + 7 files changed, 101 insertions(+), 19 deletions(-) create mode 100644 manifests/export.pp create mode 100644 templates/export.erb diff --git a/README.md b/README.md index 0d9876c..2edce0e 100644 --- a/README.md +++ b/README.md @@ -74,6 +74,34 @@ For detailed info about the logic and usage patterns of Example42 modules check 'client_options' is a passthrough to the [mount type options attribute] (https://docs.puppetlabs.com/references/latest/type.html#mount-attribute-options). If the mountpoint directory does not exist it will be created along with any parent directories that don't exist, essentially 'mkdir -p $mountpoint'. +* Exporting NFS shares (server only) + + nfs::export { '/var/log': + hosts => [{ # Hosts must be wrapped in [] even if it is a single entry + 'host' => '*', # Host can be '*', IP, IP w/ netmask, or hostname + 'options' => 'ro,fsid=0' # Host specific nfs options + }, + order => 10 # Optional, order to arrange export entries. Defaults to 100 + }] + +* Another example with multiple access control entries + + nfs::export { '/opt/tomcat/webapps': + hosts => [ + { + 'host' => 'host.example.com', + 'options' => 'rw' + }, + { + 'host' => '192.168.56.0/24', + 'options' => 'rw,sync' + }, + { + 'host' => '*', + 'options' => 'ro,fsid=0' + } + ] + } ## USAGE - Overrides and Customizations * Use custom sources for main config file diff --git a/README.rdoc b/README.rdoc index e511bb3..0b072e0 100644 --- a/README.rdoc +++ b/README.rdoc @@ -64,6 +64,34 @@ For detailed info about the logic and usage patterns of Example42 modules check 'client_options' is a passthrough to the {mount type options attribute}[https://docs.puppetlabs.com/references/latest/type.html#mount-attribute-options]. If the mountpoint directory does not exist it will be created along with any parent directories that don't exist, essentially 'mkdir -p $mountpoint'. +* Exporting NFS shares (server only) + + nfs::export { '/var/log': + hosts => [{ # Hosts must be wrapped in [] even if it is a single entry + 'host' => '*', # Host can be '*', IP, IP w/ netmask, or hostname + 'options' => 'ro,fsid=0' # Host specific nfs options + }, + order => 10 # Optional, order to arrange export entries. Defaults to 100 + }] + +* Another example with multiple access control entries + + nfs::export { '/opt/tomcat/webapps': + hosts => [ + { + 'host' => 'host.example.com', + 'options' => 'rw' + }, + { + 'host' => '192.168.56.0/24', + 'options' => 'rw,sync' + }, + { + 'host' => '*', + 'options' => 'ro,fsid=0' + } + ] + } == USAGE - Overrides and Customizations * Use custom sources for main config file diff --git a/manifests/export.pp b/manifests/export.pp new file mode 100644 index 0000000..192b99c --- /dev/null +++ b/manifests/export.pp @@ -0,0 +1,27 @@ +# This resource manages an individual export rule in /etc/exports +define nfs::export( + $mount_point = $name, + $hosts, + $order = '100', +) { + include nfs + include nfs::params + + if $nfs::manage_file == false { + warn('nfs::manage_config_file has been disabled. This resource is now unused!') + } else { + validate_absolute_path($mount_point) + validate_array($hosts) + # FIXME: Add validation of hash values for host and options + # host: one of '*', IP, IP w/ netmask, or a hostname + # options: any of 'ro','rw','sync',wdelay... + validate_numeric($order) + + # Create an exports fragment + concat::fragment { "nfs_cfg_${name}": + target => $nfs::config_file, + content => template($nfs::template), + order => $order, + } + } +} diff --git a/manifests/init.pp b/manifests/init.pp index 1ddc864..96920b8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -242,6 +242,7 @@ $config_file_owner = params_lookup( 'config_file_owner' ), $config_file_group = params_lookup( 'config_file_group' ), $config_file_init = params_lookup( 'config_file_init' ), + $manage_config_file = params_lookup( 'manage_config_file' ), $pid_file = params_lookup( 'pid_file' ), $data_dir = params_lookup( 'data_dir' ), $log_dir = params_lookup( 'log_dir' ), @@ -327,11 +328,6 @@ default => $nfs::source, } - $manage_file_content = $nfs::template ? { - '' => undef, - default => template($nfs::template), - } - include nfs::client if $nfs::mode == 'server' { diff --git a/manifests/params.pp b/manifests/params.pp index 8ca49e1..2912821 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -100,7 +100,8 @@ $source = '' $source_dir = '' $source_dir_purge = false - $template = '' + $manage_config_file = true + $template = 'nfs/export.erb' $options = '' $service_autorestart = true $version = 'present' diff --git a/manifests/server.pp b/manifests/server.pp index 4d14f53..38f1781 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -23,19 +23,20 @@ noop => $nfs::noops, } - file { 'nfs.conf': - ensure => $nfs::manage_file, - path => $nfs::config_file, - mode => $nfs::config_file_mode, - owner => $nfs::config_file_owner, - group => $nfs::config_file_group, - require => Package[$nfs::package], - notify => $nfs::manage_service_autorestart, - source => $nfs::manage_file_source, - content => $nfs::manage_file_content, - replace => $nfs::manage_file_replace, - audit => $nfs::manage_audit, - noop => $nfs::noops, + if $nfs::manage_config_file { + concat { $nfs::config_file: + ensure => $nfs::manage_file, + mode => $nfs::config_file_mode, + owner => $nfs::config_file_owner, + group => $nfs::config_file_group, + require => Package[$nfs::package], + notify => $nfs::manage_service_autorestart, + warn => true, + order => numeric, + replace => $nfs::manage_file_replace, + audit => $nfs::manage_audit, + noop => $nfs::noops, + } } # The whole nfs configuration directory can be recursively overriden diff --git a/templates/export.erb b/templates/export.erb new file mode 100644 index 0000000..cdd373e --- /dev/null +++ b/templates/export.erb @@ -0,0 +1 @@ +<%= "#{mount_point}" %><% hosts.each { |host| %><%= " #{host['host']}" %><% unless host['options'].nil? || host['options'].empty? %><%= "(#{host['options']})" %><% end %><% } %> From 535d2ab4945c448b516d851efff750c66a471d9b Mon Sep 17 00:00:00 2001 From: Chris O'Brian Date: Wed, 20 May 2015 14:45:47 -0700 Subject: [PATCH 2/4] Corrected a misplaced [ bracket in the "Exporting NFS shares (server only)" section of the README files --- README.md | 4 ++-- README.rdoc | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2edce0e..71ed417 100644 --- a/README.md +++ b/README.md @@ -80,9 +80,9 @@ If the mountpoint directory does not exist it will be created along with any par hosts => [{ # Hosts must be wrapped in [] even if it is a single entry 'host' => '*', # Host can be '*', IP, IP w/ netmask, or hostname 'options' => 'ro,fsid=0' # Host specific nfs options - }, + }], order => 10 # Optional, order to arrange export entries. Defaults to 100 - }] + } * Another example with multiple access control entries diff --git a/README.rdoc b/README.rdoc index 0b072e0..e818c48 100644 --- a/README.rdoc +++ b/README.rdoc @@ -70,9 +70,9 @@ If the mountpoint directory does not exist it will be created along with any par hosts => [{ # Hosts must be wrapped in [] even if it is a single entry 'host' => '*', # Host can be '*', IP, IP w/ netmask, or hostname 'options' => 'ro,fsid=0' # Host specific nfs options - }, + }], order => 10 # Optional, order to arrange export entries. Defaults to 100 - }] + } * Another example with multiple access control entries From a6a1dbdf8c9ff78452a049c10ff1edff6dfad628 Mon Sep 17 00:00:00 2001 From: Chris O'Brian Date: Thu, 21 May 2015 10:47:36 -0700 Subject: [PATCH 3/4] corrected the name of an nfs parameter in export.pp "manage_file" to "manage_config_file" --- manifests/export.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/export.pp b/manifests/export.pp index 192b99c..8445e86 100644 --- a/manifests/export.pp +++ b/manifests/export.pp @@ -7,7 +7,7 @@ include nfs include nfs::params - if $nfs::manage_file == false { + if $nfs::manage_config_file == false { warn('nfs::manage_config_file has been disabled. This resource is now unused!') } else { validate_absolute_path($mount_point) From ceaa57a324c6714c969049a3e67bf65be5f8fc7d Mon Sep 17 00:00:00 2001 From: Chris O'Brian Date: Fri, 22 May 2015 09:59:28 -0700 Subject: [PATCH 4/4] Updated the params.pp and server.pp to include an option for not aggregating nfs config file for backwards compatibility --- manifests/params.pp | 1 + manifests/server.pp | 20 +++++++++++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index 2912821..df80ba4 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -109,6 +109,7 @@ $disable = false $disableboot = false $mounts = {} + $aggregate = false # controls concatination of the nfs_cfg file ### General module variables that can have a site or per module default $monitor = false diff --git a/manifests/server.pp b/manifests/server.pp index 38f1781..2d3dfc1 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -23,7 +23,8 @@ noop => $nfs::noops, } - if $nfs::manage_config_file { + if $nfs::manage_config_file + and $nfs::aggregate { concat { $nfs::config_file: ensure => $nfs::manage_file, mode => $nfs::config_file_mode, @@ -38,6 +39,23 @@ noop => $nfs::noops, } } + else { + file { $nfs::config_file: + ensure => $nfs::manage_file, + path => $nfs::config_file, + mode => $nfs::config_file_mode, + owner => $nfs::config_file_owner, + group => $nfs::config_file_group, + require => Package[$nfs::package], + notify => $nfs::manage_service_autorestart, + source => $nfs::manage_file_source, + content => $nfs::manage_file_content, + replace => $nfs::manage_file_replace, + audit => $nfs::manage_audit, + noop => $nfs::noops, + } + } + # The whole nfs configuration directory can be recursively overriden if $nfs::source_dir