NFS Server - Export an NFS Share in RedHat-like systems: RHEL, CentOS, CentOS Stream, Fedora - Ansible modules yum, file, lineinfile, command, firewalld, service

How to automate the configuration of an NFS Server with Ansible in six tasks: install packages, create the NFS share directory, add share in the config, export shares, restart NFS service and enable on boot, and open firewall service ports on boot in a RedHat-like Linux target system: RedHat Enterprise Linux, CentOS, CentOS Stream, Fedora, ClearOS, Oracle Linux, EuroLinux, Fermi Linux, EulerOS, ROSA Linux, Springdale Linux, Asianux

November 29, 2021

Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons

#ansible #server #linux #nfs #network-file-system #exports #rhel #centos #centos-stream #fedora

I’m going to show you a live demo with some simple Ansible code. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.

install packages => ansible.builtin.yum
create directory => ansible.builtin.file
share in config => ansible.builtin.lineinfile
export shares => ansible.builtin.command
restart service => ansible.builtin.service
open firewall => ansible.posix.firewalld

Today we’re talking about how to export an NFS Share in RedHat-like Linux systems. The full process requires six steps that you could automate with six different Ansible modules. Firstly you need to install the nfs-utils package and dependency using the ansible.builtin.yum Ansible module. Secondly, you need to create the share directory and assign the permission using the ansible.builtin.file Ansible module. Thirdly you need to add the share in the /etc/exports config file using the ansible.builtin.lineinfile Ansible module to add text lines in files. Fourthly you need to export shares executing the exportfs command line utility via ansible.builtin.command Ansible module, unfortunately there is not a specific module, yet. Fifthly you need to restart the nfs-server service and all the dependant using the ansible.builtin.service Ansible module. Sixthly you need to open the relevant firewall service-related ports using the ansible.posix.firewalld Ansible module.

The Best Resources For Ansible

Certifications

CYBER DEALS at The Linux Foundation! Up to 65% off, and a FREE GIFT with EVERY PURCHASE! Limited Time, Don't Delay!

Video Course

Udemy: Learn Ansible Automation in 250+examples & practical lessons: Learn Ansible with some real-life examples of how to use the most common modules and Ansible Playbook

Printed Book

eBooks

demo

Export NFS Share in RedHat-like systems with Ansible Playbook.

code

nfs_server_redhat.yml

---
- name: nfs service demo
  hosts: all
  become: true
  vars:
    share: "/nfs/share"
    options: "192.168.0.0/24(rw,sync,root_squash)"
    permission: '0777'
  tasks:
    - name: NFS server installed
      ansible.builtin.yum:
        name:
          - nfs-utils
          - nfs4-acl-tools
        state: present

    - name: share directory exists
      ansible.builtin.file:
        path: "{{ share }}"
        state: directory
        mode: "{{ permission }}"
        owner: root
        group: root

    - name: share in /etc/exports file
      ansible.builtin.lineinfile:
        path: /etc/exports
        state: present
        line: '{{ share }} {{ options }}'
      notify: restart NFS server

    - name: export share
      ansible.builtin.command: "exportfs -rav"

    - name: firewall enabled
      ansible.posix.firewalld:
        service: "{{ item }}"
        state: enabled
        permanent: true
        immediate: true
      with_items:
        - nfs
        - rpc-bind
        - mountd

  handlers:
    - name: restart NFS server
      ansible.builtin.service:
        name: nfs-server
        state: restarted
        enabled: true

execution

$ ansible-playbook -i virtualmachines/demo/inventory services/nfs_redhat.yml
PLAY [nfs service demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [NFS server installed] ***********************************************************************
changed: [demo.example.com]
TASK [share directory exists] *********************************************************************
changed: [demo.example.com]
TASK [share in /etc/exports file] *****************************************************************
changed: [demo.example.com]
TASK [export share] *******************************************************************************
changed: [demo.example.com]
TASK [firewall enabled] ***************************************************************************
changed: [demo.example.com] => (item=nfs)
changed: [demo.example.com] => (item=rpc-bind)
changed: [demo.example.com] => (item=mountd)
RUNNING HANDLER [restart NFS server] **************************************************************
changed: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com           : ok=7    changed=6    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

before execution

$ ssh [email protected]
[devops@demo ~]$ sudo su
[root@demo devops]# cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.4 (Ootpa)
[root@demo devops]# rpm -qa | grep nfs-utils
[root@demo devops]# systemctl status nfs-server.service
Unit nfs-server.service could not be found.
[root@demo devops]# exportfs -s
bash: exportfs: command not found
[root@demo devops]# cat /etc/exports
[root@demo devops]# ls -al /etc/exports
-rw-r--r--. 1 root root 0 Sep 10  2018 /etc/exports
[root@demo devops]# ls -al /nfs/share
ls: cannot access '/nfs/share': No such file or directory
[root@demo devops]# firewall-cmd --state
running
[root@demo devops]# firewall-cmd --list-services
cockpit dhcpv6-client ssh
[root@demo devops]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0 eth1
  sources: 
  services: cockpit dhcpv6-client ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
[root@demo devops]#

after execution

$ ssh [email protected]
Last login: Sun Nov 28 16:52:14 2021 from 192.168.0.103
[devops@demo ~]$ sudo su
[root@demo devops]# rpm -qa | grep nfs-utils
nfs-utils-2.3.3-46.el8.x86_64
[root@demo devops]# systemctl status nfs-server.service
● nfs-server.service - NFS server and services
   Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; vendor preset: disabled)
  Drop-In: /run/systemd/generator/nfs-server.service.d
           └─order-with-mounts.conf
   Active: active (exited) since Sun 2021-11-28 16:51:39 UTC; 1min 22s ago
  Process: 7484 ExecStart=/bin/sh -c if systemctl -q is-active gssproxy; then systemctl reload gss>
  Process: 7472 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS)
  Process: 7471 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
 Main PID: 7484 (code=exited, status=0/SUCCESS)
Nov 28 16:51:39 demo.example.com systemd[1]: Starting NFS server and services...
Nov 28 16:51:39 demo.example.com systemd[1]: Started NFS server and services.
[root@demo devops]# exportfs -s
/nfs/share  192.168.0.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
[root@demo devops]# cat /etc/exports
/nfs/share 192.168.0.0/24(rw,sync,root_squash)
[root@demo devops]# ls -al /nfs/share
total 0
drwxrwxrwx. 2 root root  6 Nov 28 16:51 .
drwxrwxrwx. 3 root root 19 Nov 28 16:51 ..
[root@demo devops]# firewall-cmd --state
running
[root@demo devops]# firewall-cmd --list-services
cockpit dhcpv6-client mountd nfs rpc-bind ssh
[root@demo devops]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0 eth1
  sources: 
  services: cockpit dhcpv6-client mountd nfs rpc-bind ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
[root@demo devops]#

code with ❤️ in GitHub

Recap

Now you know how to export NFS Share in RedHat-like Linux systems with Ansible. Subscribe to the YouTube channel, Medium, Website, Twitter, and Substack to not miss the next episode of the Ansible Pilot.