provision-nfs.yml

- name: "Enroll in IPA server"
  hosts: nfs
  roles:
    - role: freeipa-client
      vars:
        realm: VM.NETSOC.CO
        domain: vm.netsoc.co
        server_hostname: ipa.vm.netsoc.co
        client_hostname: "{{ inventory_hostname }}"
        client_ip_address: "{{ ansible_ens18.ipv4.address }}"
        ds_password: "{{ freeipa_ds_password }}"
        admin_password: "{{ freeipa_admin_password }}"
  vars_files:
    - "vars/freeipa.yml"
    - "vars/secrets.yml"

- name: "Setup NFS keytab"
  become: yes
  hosts: nfs
  tasks:
    - shell: |
        echo '{{ freeipa_admin_password }}' | kinit admin -l 0h1m
        ipa service-del nfs/{{ inventory_hostname }} || True
        ipa service-add nfs/{{ inventory_hostname }}
        ipa-getkeytab -s ipa.vm.netsoc.co -p nfs/{{ inventory_hostname }} -k /tmp/nfs.keytab
        chmod 700 /tmp/nfs.keytab
        (echo rkt /tmp/nfs.keytab; echo wkt /etc/krb5.keytab) | ktutil
      register: result
    - debug:
        msg: "{{result.stdout}}"
    - debug:
        msg: "{{result.stderr}}"
  vars_files:
    - "vars/freeipa.yml"
    - "vars/secrets.yml"

- name: "Ensure data disk made"
  hosts: nfs
  become: yes
  roles:
    - role: simple-disk
      vars:
        device: "/dev/vdb"
        partition_size: "100%"
        fstype: "ext4"
        mount_path: "/mnt/nfs-data-disk"
        mount_opts: "rw"

- name: "Ensure nfs directories"
  hosts: nfs
  become: yes
  tasks:
    - file:
        path: "/mnt/nfs-data-disk/{{ item }}"
        state: directory
        recurse: yes
      with_items:
        - "docker/"
        - "docker/traefik/dynamic_config/"

- name: "Ensure server"
  hosts: nfs
  become: yes
  roles:
    - role: nfs-server-docker-krb5
      vars:
        hostname: "nfs.vm.netsoc.co"
        krb5_keytab: "/etc/krb5.keytab"
        krb5_conf: "/etc/krb5.conf"
        nfs_mount: "/mnt/nfs-data-disk"
        # /nfs/ is the root of nfs_disk
        exports: |
          /nfs      {{ ip_allocation.infra }}(rw,sync,no_root_squash,sec=krb5p:krb5i:krb5:sys)
  vars_files:
    - vars/ip_allocation.yml