3 files changed, 103 insertions, 0 deletions

diff --git a/roles/openshift_nfs/tasks/create_export.yml b/roles/openshift_nfs/tasks/create_export.yml
new file mode 100644
index 000000000..39323904f
--- /dev/null
+++ b/roles/openshift_nfs/tasks/create_export.yml
@@ -0,0 +1,34 @@
+---
+# Makes a new NFS export
+#
+# Include signature
+#
+# include_role:
+#   role: openshift_nfs
+#   tasks_from: create_export
+# vars:
+#   l_nfs_base_dir: Base dir to exports
+#   l_nfs_export_config: Name to prefix the .exports file with
+#   l_nfs_export_name: Name of sub-directory of the export
+#   l_nfs_options: Mount Options
+
+- name: Ensure CFME App NFS export directory exists
+  file:
+    path: "{{ l_nfs_base_dir }}/{{ l_nfs_export_name }}"
+    state: directory
+    mode: 0777
+    owner: nfsnobody
+    group: nfsnobody
+
+- name: "Create {{ l_nfs_export_name }} NFS export"
+  lineinfile:
+    path: "/etc/exports.d/{{ l_nfs_export_config }}.exports"
+    create: true
+    state: present
+    line: "{{ l_nfs_base_dir }}/{{ l_nfs_export_name }} {{ l_nfs_options }}"
+  register: created_export
+
+- name: Re-export NFS filesystems
+  command: exportfs -ar
+  when:
+    - created_export | changed
diff --git a/roles/openshift_nfs/tasks/firewall.yml b/roles/openshift_nfs/tasks/firewall.yml
new file mode 100644
index 000000000..0898b2b5c
--- /dev/null
+++ b/roles/openshift_nfs/tasks/firewall.yml
@@ -0,0 +1,40 @@
+---
+- when: r_openshift_nfs_firewall_enabled | bool and not r_openshift_nfs_use_firewalld | bool
+  block:
+  - name: Add iptables allow rules
+    os_firewall_manage_iptables:
+      name: "{{ item.service }}"
+      action: add
+      protocol: "{{ item.port.split('/')[1] }}"
+      port: "{{ item.port.split('/')[0] }}"
+    when: item.cond | default(True)
+    with_items: "{{ r_openshift_nfs_firewall_allow }}"
+
+  - name: Remove iptables rules
+    os_firewall_manage_iptables:
+      name: "{{ item.service }}"
+      action: remove
+      protocol: "{{ item.port.split('/')[1] }}"
+      port: "{{ item.port.split('/')[0] }}"
+    when: item.cond | default(True)
+    with_items: "{{ r_openshift_nfs_os_firewall_deny }}"
+
+- when: r_openshift_nfs_firewall_enabled | bool and r_openshift_nfs_use_firewalld | bool
+  block:
+  - name: Add firewalld allow rules
+    firewalld:
+      port: "{{ item.port }}"
+      permanent: true
+      immediate: true
+      state: enabled
+    when: item.cond | default(True)
+    with_items: "{{ r_openshift_nfs_firewall_allow }}"
+
+  - name: Remove firewalld allow rules
+    firewalld:
+      port: "{{ item.port }}"
+      permanent: true
+      immediate: true
+      state: disabled
+    when: item.cond | default(True)
+    with_items: "{{ r_openshift_nfs_os_firewall_deny }}"
diff --git a/roles/openshift_nfs/tasks/setup.yml b/roles/openshift_nfs/tasks/setup.yml
new file mode 100644
index 000000000..3070de495
--- /dev/null
+++ b/roles/openshift_nfs/tasks/setup.yml
@@ -0,0 +1,29 @@
+---
+- name: setup firewall
+  include: firewall.yml
+  static: yes
+
+- name: Install nfs-utils
+  package: name=nfs-utils state=present
+
+- name: Configure NFS
+  lineinfile:
+    dest: /etc/sysconfig/nfs
+    regexp: '^RPCNFSDARGS=.*$'
+    line: 'RPCNFSDARGS="-N 2 -N 3"'
+  register: nfs_config
+
+- name: Restart nfs-config
+  systemd: name=nfs-config state=restarted
+  when: nfs_config | changed
+
+- name: Ensure exports directory exists
+  file:
+    path: "{{ l_nfs_base_dir }}"
+    state: directory
+
+- name: Enable and start NFS services
+  systemd:
+    name: nfs-server
+    state: started
+    enabled: yes