NFS Server - Export an NFS Share in RedHat-like systems: RHEL, CentOS, CentOS Stream, Fedora - Ansible modules yum, file, lineinfile, command, firewalld, service

How to automate the configuration of an NFS Server with Ansible in six tasks: install packages, create the NFS share directory, add share in the config, export shares, restart NFS service and enable on boot, and open firewall service ports on boot in a RedHat-like Linux target system: RedHat Enterprise Linux, CentOS, CentOS Stream, Fedora, ClearOS, Oracle Linux, EuroLinux, Fermi Linux, EulerOS, ROSA Linux, Springdale Linux, Asianux

November 29, 2021

Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons

#ansible #server #linux #nfs #network-file-system #exports #rhel #centos #centos-stream #fedora

I’m going to show you a live demo with some simple Ansible code. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.

install packages => ansible.builtin.yum
create directory => ansible.builtin.file
share in config => ansible.builtin.lineinfile
export shares => ansible.builtin.command
restart service => ansible.builtin.service
open firewall => ansible.posix.firewalld

Today we’re talking about how to export an NFS Share in RedHat-like Linux systems. The full process requires six steps that you could automate with six different Ansible modules. Firstly you need to install the nfs-utils package and dependency using the ansible.builtin.yum Ansible module. Secondly, you need to create the share directory and assign the permission using the ansible.builtin.file Ansible module. Thirdly you need to add the share in the /etc/exports config file using the ansible.builtin.lineinfile Ansible module to add text lines in files. Fourthly you need to export shares executing the exportfs command line utility via ansible.builtin.command Ansible module, unfortunately there is not a specific module, yet. Fifthly you need to restart the nfs-server service and all the dependant using the ansible.builtin.service Ansible module. Sixthly you need to open the relevant firewall service-related ports using the ansible.posix.firewalld Ansible module.

The Best Resources For Ansible

Video Course

Learn Ansible Automation in 200+examples & practical lessons: Learn Ansible with some real-life examples of how to use the most common modules and Ansible Playbook

Books

demo

Export NFS Share in RedHat-like systems with Ansible Playbook.

code

nfs_server_redhat.yml

---
- name: nfs service demo
  hosts: all
  become: true
  vars:
    share: "/nfs/share"
    options: "192.168.0.0/24(rw,sync,root_squash)"
    permission: '0777'
  tasks:
    - name: NFS server installed
      ansible.builtin.yum:
        name:
          - nfs-utils
          - nfs4-acl-tools
        state: present

    - name: share directory exists
      ansible.builtin.file:
        path: "{{ share }}"
        state: directory
        mode: "{{ permission }}"
        owner: root
        group: root

    - name: share in /etc/exports file
      ansible.builtin.lineinfile:
        path: /etc/exports
        state: present
        line: '{{ share }} {{ options }}'
      notify: restart NFS server

    - name: export share
      ansible.builtin.command: "exportfs -rav"

    - name: firewall enabled
      ansible.posix.firewalld:
        service: "{{ item }}"
        state: enabled
        permanent: true
        immediate: true
      with_items:
        - nfs
        - rpc-bind
        - mountd

  handlers:
    - name: restart NFS server
      ansible.builtin.service:
        name: nfs-server
        state: restarted
        enabled: true

execution

$ ansible-playbook -i virtualmachines/demo/inventory services/nfs_redhat.yml
PLAY [nfs service demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [NFS server installed] ***********************************************************************
changed: [demo.example.com]
TASK [share directory exists] *********************************************************************
changed: [demo.example.com]
TASK [share in /etc/exports file] *****************************************************************
changed: [demo.example.com]
TASK [export share] *******************************************************************************
changed: [demo.example.com]
TASK [firewall enabled] ***************************************************************************
changed: [demo.example.com] => (item=nfs)
changed: [demo.example.com] => (item=rpc-bind)
changed: [demo.example.com] => (item=mountd)
RUNNING HANDLER [restart NFS server] **************************************************************
changed: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com           : ok=7    changed=6    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

before execution

$ ssh [email protected]
[[email protected] ~]$ sudo su
[[email protected] devops]# cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.4 (Ootpa)
[[email protected] devops]# rpm -qa | grep nfs-utils
[[email protected] devops]# systemctl status nfs-server.service
Unit nfs-server.service could not be found.
[[email protected] devops]# exportfs -s
bash: exportfs: command not found
[[email protected] devops]# cat /etc/exports
[[email protected] devops]# ls -al /etc/exports
-rw-r--r--. 1 root root 0 Sep 10  2018 /etc/exports
[[email protected] devops]# ls -al /nfs/share
ls: cannot access '/nfs/share': No such file or directory
[[email protected] devops]# firewall-cmd --state
running
[[email protected] devops]# firewall-cmd --list-services
cockpit dhcpv6-client ssh
[[email protected] devops]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0 eth1
  sources: 
  services: cockpit dhcpv6-client ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
[[email protected] devops]#

after execution

$ ssh [email protected]
Last login: Sun Nov 28 16:52:14 2021 from 192.168.0.103
[[email protected] ~]$ sudo su
[[email protected] devops]# rpm -qa | grep nfs-utils
nfs-utils-2.3.3-46.el8.x86_64
[[email protected] devops]# systemctl status nfs-server.service
● nfs-server.service - NFS server and services
   Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; vendor preset: disabled)
  Drop-In: /run/systemd/generator/nfs-server.service.d
           └─order-with-mounts.conf
   Active: active (exited) since Sun 2021-11-28 16:51:39 UTC; 1min 22s ago
  Process: 7484 ExecStart=/bin/sh -c if systemctl -q is-active gssproxy; then systemctl reload gss>
  Process: 7472 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS)
  Process: 7471 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
 Main PID: 7484 (code=exited, status=0/SUCCESS)
Nov 28 16:51:39 demo.example.com systemd[1]: Starting NFS server and services...
Nov 28 16:51:39 demo.example.com systemd[1]: Started NFS server and services.
[[email protected] devops]# exportfs -s
/nfs/share  192.168.0.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
[[email protected] devops]# cat /etc/exports
/nfs/share 192.168.0.0/24(rw,sync,root_squash)
[[email protected] devops]# ls -al /nfs/share
total 0
drwxrwxrwx. 2 root root  6 Nov 28 16:51 .
drwxrwxrwx. 3 root root 19 Nov 28 16:51 ..
[[email protected] devops]# firewall-cmd --state
running
[[email protected] devops]# firewall-cmd --list-services
cockpit dhcpv6-client mountd nfs rpc-bind ssh
[[email protected] devops]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0 eth1
  sources: 
  services: cockpit dhcpv6-client mountd nfs rpc-bind ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
[[email protected] devops]#

code with ❤️ in GitHub

Recap

Now you know how to export NFS Share in RedHat-like Linux systems with Ansible. Subscribe to the YouTube channel, Medium, Website, Twitter, and Substack to not miss the next episode of the Ansible Pilot.