-
Notifications
You must be signed in to change notification settings - Fork 0
/
nuc_storage.yml
150 lines (135 loc) · 4.66 KB
/
nuc_storage.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# ansible-galaxy collection install linux_system_roles.storage
# then
# cd ~/.ansible/collections/ansible_collections/fedora/linux_system_roles/requirements.yml
# ansible-galaxy collection install -vv -r requirements.yml
---
- hosts: nuc.lan
#connection: local
become: yes
roles:
- fedora.linux_system_roles.storage
- geerlingguy.nfs
tasks:
- name: Create mount points for media/backups
file:
path: "{{ item }}"
state: directory
mode: '0755'
owner: root
group: root
loop:
- /mnt/sg1
- /mnt/sg2
- /mnt/sg3
tags:
- nfs
- name: Mount the filesystem for media/backups
mount:
path: /mnt/sg2
src: LABEL=SEAGATE2
fstype: ext4
state: mounted
backup: yes
- name: Create mount point for vm_images filesystem
file:
path: /mnt/vm_images
state: directory
mode: '0755'
owner: root
group: root
tags:
- nfs
- name: Mount vm_images filesystem from MicroServer
mount:
src: micro.lan:/mnt/vm_images
path: /mnt/vm_images
opts: x-systemd.after=network-online.target
state: mounted
fstype: nfs
tags:
- nfs
- name: Open the appropriate firewall ports for NFS
firewalld:
zone: FedoraServer
service: '{{ item }}'
permanent: yes
immediate: yes
state: enabled
loop:
- nfs
- nfs3
- mountd
- rpc-bind
tags:
- nfs
- name: What's the user containers directory?
debug:
var: mount_point_user_containers
- name: Configure storage directory for rootless containers
block:
- name: Set correct directory ownership/permissions for rootless container mount point
file:
path: "{{ mount_point_user_containers }}"
state: directory
owner: root
group: root
mode: '0777'
# Fix the SELinux permissions for user container storage as per:
# https://github.com/containers/podman/issues/12812
# https://github.com/containers/podman/issues/3234
# $ sudo semanage fcontext -a -e $HOME/.local/share/containers /mnt/containers
# $ restorecon -R -v /mnt
- name: Allow users to modify files in their local container storage directories
community.general.sefcontext:
#target: '/mnt/containers(/.*)?'
#target: '/mnt/containers'
target: "{{ mount_point_user_containers }}"
# Trying to set seuser is redundant when using SELinux targeted policy
seuser: unconfined_u
setype: data_home_t
state: present
- name: Apply new SELinux file context to filesystem
#ansible.builtin.command: restorecon -irv /mnt/containers
ansible.builtin.command: restorecon -iv {{ mount_point_user_containers }}
# Edit /etc/containers.conf to ensure rootless containers are stored in correct location
# OLD: # rootless_storage_path = "$HOME/.local/share/containers/storage"
# NEW: rootless_storage_path = "/mnt/containers/$USER/storage"
- name: Ensure that rootless container storage is in the correct directory
lineinfile:
path: /usr/share/containers/storage.conf
regexp: '^rootless_storage_path'
insertafter: '^# rootless_storage_path'
line: rootless_storage_path = "{{ mount_point_user_containers }}/$USER/storage"
#owner: root
#group: root
#mode: '0644'
backup: yes
when: mount_point_user_containers is defined
tags:
- podman
- name: Configure storage directory for OpenShift Local
block:
- name: Set correct directory ownership/permissions for CRC mount point
file:
path: "{{ mount_point_crc }}"
state: directory
owner: bblasco
group: bblasco
mode: '0755'
- name: Set correct SELinux permissions for CRC mount point
community.general.sefcontext:
target: "{{ mount_point_crc }}"
# Trying to set seuser is redundant when using SELinux targeted policy
# unconfined_u:object_r:user_home_t:s0
seuser: unconfined_u
setype: user_home_t
state: present
tags:
- selinux
- name: Apply new SELinux file context to filesystem
#ansible.builtin.command: restorecon -irv /mnt/containers
ansible.builtin.command: restorecon -iv {{ mount_point_crc }}
tags:
- selinux
tags:
- crc