Default variables

Basic NFS share

nfs_default_path

Export this directory as an NFS share (it will be created automatically)

nfs_default_path: '{{ ansible_local.root.data + "/nfs" }}'
nfs_default_options

Default options for above NFS share, see exports(5) for more details

nfs_default_options: 'rw,sync,subtree_check,root_squash,sec={{ nfs_security }}'
nfs_default_clients

Default NFS share will be exported to specified list of IP addresses or CIDR networks, by default the same that are allowed access to NFS service by the firewall

nfs_default_clients: '{{ nfs_allow }}'

Firewall and host access

Allow these networks and hosts to connect to NFS server

nfs_allow: []
nfs_accept_any

Allow connections from any hosts, enable only if you have authorization in place (for example Kerberos).

nfs_accept_any: False
nfs_protocols

List of protocols to open in the firewall

nfs_protocols: [ 'tcp' ]
nfs_security

List of NFS security flavors enforced on this server.

nfs_security: 'krb5p:krb5i:krb5:sys'

NFS server performance

nfs_threads

Number of nfsd threads to run

nfs_threads: '8'
nfs_priority

Server thread priority, see nice(1) for more details

nfs_priority: '0'

NFS Exports

nfs_exports

List of NFS exports defined as dicts

nfs_exports: [ '{{ nfs_exports_default }}' ]
nfs_exports_default

Default export directory configured in “Basic NFS share” section

nfs_exports_default:
  name: 'default'
  path: '{{ nfs_default_path }}'
  options: '{{ nfs_default_options }}'
nfs_exports_home

Example export of a /home directory. You need to add it to nfs_exports list to enable it.

nfs_exports_home:
  name: 'home'
  path: '/home'
  options: '{{ nfs_export_options }}'
  state: 'present'
nfs_export_options

You can specfy options for each exported directory, or use a variable with defaults, shown here. If item.options are not specified, no options will be added.

nfs_export_options: 'rw,sync,subtree_check,root_squash,sec={{ nfs_security }}'

NFS Access Control

nfs_access_control_lists

List of ACL dicts which define what hosts/networks/client can connect to exports. See exports(5) for more details.

nfs_access_control_lists: [ '{{ nfs_acl_default_clients }}' ]
nfs_acl_default_clients

An access control list for default clients allowed to connect to the server. They will have access to all exported shares, with options defined in each share.

nfs_acl_default_clients:
  exports: '{{ nfs_exports | map(attribute="name") | list }}'
  clients: '{{ nfs_default_clients }}'

NFS service ports

NFS by default uses random ports for its services. To make it work with ip(6)tables firewall, NFS services will be listed in /etc/services and then configured using port numbers specified in sequence. debops.ferm uses service names to configure correct firewall rules.

nfs_service_port

First port number for the NFS services

nfs_service_port: '3550'
nfs_service_ports

Dict with service names mapped to ports

nfs_service_ports:
  'nfs-callback': '{{ (nfs_service_port | int + 0) }}'
  'nfs-lockd':    '{{ (nfs_service_port | int + 1) }}'
  'nfs-mountd':   '{{ (nfs_service_port | int + 2) }}'
  'nfs-statd':    '{{ (nfs_service_port | int + 3) }}'
  'nfs-statd-bc': '{{ (nfs_service_port | int + 4) }}'