From 8091ccb8987576e52badb143ca544b8de577d210 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Thu, 1 Aug 2019 17:38:49 +0200
Subject: [PATCH] Autofs

---
 base.yml                                      |  8 +++--
 roles/nfs-autofs/handlers/main.yml            |  5 +++
 roles/nfs-autofs/tasks/main.yml               | 34 +++++++++++++++++++
 .../auto.master.d/home-adh.autofs.j2          |  2 ++
 .../templates/auto.master.d/home-adh.sh.j2    |  3 ++
 roles/nfs-autofs/templates/auto.master.j2     | 29 ++++++++++++++++
 roles/nfs-autofs/templates/default/autofs.j2  | 15 ++++++++
 roles/nfs-common/tasks/main.yml               | 14 ++++++++
 roles/nfs-common/templates/nfs-common.j2      | 20 +++++++++++
 9 files changed, 127 insertions(+), 3 deletions(-)
 create mode 100644 roles/nfs-autofs/handlers/main.yml
 create mode 100644 roles/nfs-autofs/tasks/main.yml
 create mode 100644 roles/nfs-autofs/templates/auto.master.d/home-adh.autofs.j2
 create mode 100755 roles/nfs-autofs/templates/auto.master.d/home-adh.sh.j2
 create mode 100644 roles/nfs-autofs/templates/auto.master.j2
 create mode 100644 roles/nfs-autofs/templates/default/autofs.j2
 create mode 100644 roles/nfs-common/tasks/main.yml
 create mode 100644 roles/nfs-common/templates/nfs-common.j2

diff --git a/base.yml b/base.yml
index db008021..b3374980 100644
--- a/base.yml
+++ b/base.yml
@@ -23,6 +23,7 @@
     - common-tools
     - rsync-client
     - ntp-client
+    - nfs-common
 
 # Plug LDAP on all servers
 - hosts: server
@@ -62,6 +63,7 @@
 - hosts: odlyd.adm.crans.org,soyouz.adm.crans.org,fy.adm.crans.org,thot.adm.crans.org
   roles: []  # TODO
 
-# Playbook to deploy NFS
-- hosts: crans_server,!odlyd.adm.crans.org
-  roles: []  # TODO
+# Playbook to deploy autofs NFS
+- hosts: crans_physical,crans_vm,!odlyd.adm.crans.org,!zamok.adm.crans.org
+  roles:
+    - nfs-autofs
diff --git a/roles/nfs-autofs/handlers/main.yml b/roles/nfs-autofs/handlers/main.yml
new file mode 100644
index 00000000..b075971f
--- /dev/null
+++ b/roles/nfs-autofs/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Restart autofs service
+  service:
+    name: autofs
+    state: restarted
diff --git a/roles/nfs-autofs/tasks/main.yml b/roles/nfs-autofs/tasks/main.yml
new file mode 100644
index 00000000..cd757a83
--- /dev/null
+++ b/roles/nfs-autofs/tasks/main.yml
@@ -0,0 +1,34 @@
+---
+- name: Install autofs
+  apt:
+    update_cache: true
+    name: autofs
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Configure autofs deamon
+  template:
+    src: "{{ item }}.j2"
+    dest: "/etc/{{ item }}"
+    mode: 0644
+  loop:
+    - default/autofs
+    - auto.master
+  notify: Restart autofs service
+
+- name: Configure home-adh autofs
+  template:
+    src: "auto.master.d/{{ item.0 }}.j2"
+    dest: "/etc/auto.master.d/{{ item.0 }}"
+    mode: "{{ item.1 }}"
+  loop:
+    - ["home-adh.autofs", "0644"]
+    - ["home-adh.sh", "0755"]
+  notify: Restart autofs service
+
+- name: Start autofs service
+  systemd:
+    name: autofs
+    enabled: true
+    state: started
diff --git a/roles/nfs-autofs/templates/auto.master.d/home-adh.autofs.j2 b/roles/nfs-autofs/templates/auto.master.d/home-adh.autofs.j2
new file mode 100644
index 00000000..ec7f3673
--- /dev/null
+++ b/roles/nfs-autofs/templates/auto.master.d/home-adh.autofs.j2
@@ -0,0 +1,2 @@
+# {{ ansible_managed }}
+/home /etc/auto.master.d/home-adh.sh -t600
diff --git a/roles/nfs-autofs/templates/auto.master.d/home-adh.sh.j2 b/roles/nfs-autofs/templates/auto.master.d/home-adh.sh.j2
new file mode 100755
index 00000000..1757c7d9
--- /dev/null
+++ b/roles/nfs-autofs/templates/auto.master.d/home-adh.sh.j2
@@ -0,0 +1,3 @@
+#!/bin/sh
+# {{ ansible_managed }}
+exec echo "-fstype=nfs,nosuid nfs.adm.crans.org:/home-adh/$1"
diff --git a/roles/nfs-autofs/templates/auto.master.j2 b/roles/nfs-autofs/templates/auto.master.j2
new file mode 100644
index 00000000..4ff2d9dd
--- /dev/null
+++ b/roles/nfs-autofs/templates/auto.master.j2
@@ -0,0 +1,29 @@
+# {{ ansible_managed }}
+#
+# Sample auto.master file
+# This is a 'master' automounter map and it has the following format:
+# mount-point [map-type[,format]:]map [options]
+# For details of the format look at auto.master(5).
+#
+#/misc	/etc/auto.misc
+#
+# NOTE: mounts done from a hosts map will be mounted with the
+#	"nosuid" and "nodev" options unless the "suid" and "dev"
+#	options are explicitly given.
+#
+#/net	-hosts
+#
+# Include /etc/auto.master.d/*.autofs
+# The included files must conform to the format of this file.
+#
++dir:/etc/auto.master.d
+#
+# Include central master map if it can be found using
+# nsswitch sources.
+#
+# Note that if there are entries for /net or /misc (as
+# above) in the included master map any keys that are the
+# same will not be seen as the first read key seen takes
+# precedence.
+#
+#+auto.master
diff --git a/roles/nfs-autofs/templates/default/autofs.j2 b/roles/nfs-autofs/templates/default/autofs.j2
new file mode 100644
index 00000000..4c28d404
--- /dev/null
+++ b/roles/nfs-autofs/templates/default/autofs.j2
@@ -0,0 +1,15 @@
+#
+# Init system options
+# {{ ansible_managed }}
+#
+# If the kernel supports using the autofs miscellanous device
+# and you wish to use it you must set this configuration option
+# to "yes" otherwise it will not be used.
+#
+USE_MISC_DEVICE="yes"
+#
+# Use OPTIONS to add automount(8) command line options that
+# will be used when the daemon is started.
+#
+#OPTIONS=""
+#
diff --git a/roles/nfs-common/tasks/main.yml b/roles/nfs-common/tasks/main.yml
new file mode 100644
index 00000000..0cd35172
--- /dev/null
+++ b/roles/nfs-common/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+- name: Install nfs-common
+  apt:
+    update_cache: true
+    name: nfs-common
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Configure nfs-common
+  template:
+    src: nfs-common.j2
+    dest: /etc/default/nfs-common
+    mode: 0644
diff --git a/roles/nfs-common/templates/nfs-common.j2 b/roles/nfs-common/templates/nfs-common.j2
new file mode 100644
index 00000000..84b23a68
--- /dev/null
+++ b/roles/nfs-common/templates/nfs-common.j2
@@ -0,0 +1,20 @@
+# {{ ansible_managed }}
+# If you do not set values for the NEED_ options, they will be attempted
+# autodetected; this should be sufficient for most people. Valid alternatives
+# for the NEED_ options are "yes" and "no".
+
+# Do you want to start the statd daemon? It is not needed for NFSv4.
+NEED_STATD=
+
+# Options for rpc.statd.
+#   Should rpc.statd listen on a specific port? This is especially useful
+#   when you have a port-based firewall. To use a fixed port, set this
+#   this variable to a statd argument like: "--port 4000 --outgoing-port 4001".
+#   For more information, see rpc.statd(8) or http://wiki.debian.org/SecuringNFS
+STATDOPTS=
+
+# Do you want to start the idmapd daemon? It is only needed for NFSv4.
+NEED_IDMAPD=no
+
+# Do you want to start the gssd daemon? It is required for Kerberos mounts.
+NEED_GSSD=