├── .editorconfig ├── .envrc ├── .gitattributes ├── .github ├── CODEOWNERS └── workflows │ ├── ci.yml │ └── stale.yml ├── .gitignore ├── .markdownlint-cli2.yaml ├── .mdlrc ├── .overcommit.yml ├── .vscode └── extensions.json ├── .yamllint ├── Berksfile ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── Dangerfile ├── LICENSE ├── README.md ├── Rakefile ├── TESTING.md ├── attributes └── default.rb ├── chefignore ├── documentation └── .gitkeep ├── kitchen.dokken.yml ├── kitchen.yml ├── libraries └── helpers.rb ├── metadata.rb ├── recipes ├── _common.rb ├── _idmap.rb ├── _sysctl.rb ├── client4.rb ├── default.rb ├── server.rb ├── server4.rb └── undo.rb ├── renovate.json ├── resources └── export.rb ├── spec ├── spec_helper.rb └── unit │ ├── recipes │ ├── client4_spec.rb │ ├── common_spec.rb │ ├── default_spec.rb │ ├── idmap_spec.rb │ ├── server4_spec.rb │ └── server_spec.rb │ └── resources │ └── export_spec.rb ├── templates └── default │ ├── exports.erb │ ├── idmapd.conf.erb │ ├── mountd.erb │ ├── nfs-common.erb │ ├── nfs.conf.erb │ └── nfs.erb └── test ├── cookbooks └── nfs_test │ ├── metadata.rb │ └── recipes │ ├── default.rb │ └── issue46.rb └── integration ├── default ├── controls │ └── default_control.rb └── inspec.yml └── server ├── controls └── server_control.rb └── inspec.yml /.editorconfig: -------------------------------------------------------------------------------- 1 | # https://EditorConfig.org 2 | 3 | # top-most EditorConfig file 4 | root=true 5 | 6 | # Unix-style newlines with a newline ending every file 7 | [*] 8 | end_of_line = lf 9 | insert_final_newline = true 10 | 11 | # 2 space indentation 12 | indent_style = space 13 | indent_size = 2 14 | 15 | # Avoid issues parsing cookbook files later 16 | charset = utf-8 17 | 18 | # Avoid cookstyle warnings 19 | trim_trailing_whitespace = true 20 | -------------------------------------------------------------------------------- /.envrc: -------------------------------------------------------------------------------- 1 | use chefworkstation 2 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto eol=lf 2 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @sous-chefs/maintainers 2 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: "Lint & Unit Test" 3 | 4 | "on": 5 | pull_request: 6 | push: 7 | branches: [main] 8 | 9 | jobs: 10 | lint-unit: 11 | uses: sous-chefs/.github/.github/workflows/lint-unit.yml@3.1.1 12 | permissions: 13 | actions: write 14 | checks: write 15 | pull-requests: write 16 | statuses: write 17 | issues: write 18 | 19 | integration: 20 | needs: lint-unit 21 | runs-on: ubuntu-24.04 22 | strategy: 23 | matrix: 24 | os: 25 | - centos-7 26 | - centos-stream-8 27 | - debian-10 28 | - debian-11 29 | - fedora-latest 30 | - ubuntu-1804 31 | - ubuntu-2004 32 | - ubuntu-2204 33 | suite: [default] 34 | fail-fast: false 35 | steps: 36 | - name: Check out code 37 | uses: actions/checkout@v4 38 | - name: Install Chef 39 | uses: actionshub/chef-install@3.0.0 40 | - name: Dokken 41 | uses: actionshub/test-kitchen@3.0.0 42 | env: 43 | CHEF_LICENSE: accept-no-persist 44 | KITCHEN_LOCAL_YAML: kitchen.dokken.yml 45 | with: 46 | suite: ${{ matrix.suite }} 47 | os: ${{ matrix.os }} 48 | - name: Print debug output on failure 49 | if: failure() 50 | run: | 51 | set -x 52 | sudo journalctl -l --since today 53 | sudo docker version 54 | sudo docker info 55 | KITCHEN_LOCAL_YAML=kitchen.dokken.yml /usr/bin/kitchen exec ${{ matrix.suite }}-${{ matrix.os }} -c "journalctl -l" 56 | 57 | # Server suite needs to run on VMs not docker 58 | integration-vagrant: 59 | needs: lint-unit 60 | runs-on: macos-14 # Vagrant is not installed on MacOS 13 61 | strategy: 62 | matrix: 63 | os: 64 | - centos-7 65 | - centos-stream-8 66 | - debian-10 67 | - debian-11 68 | - fedora-latest 69 | - ubuntu-1804 70 | - ubuntu-2004 71 | - ubuntu-2204 72 | suite: [server] 73 | fail-fast: false 74 | steps: 75 | - name: Check out code 76 | uses: actions/checkout@v4 77 | - name: Install Chef 78 | uses: actionshub/chef-install@3.0.0 79 | - name: Dokken 80 | uses: actionshub/test-kitchen@3.0.0 81 | env: 82 | CHEF_LICENSE: accept-no-persist 83 | KITCHEN_LOCAL_YAML: kitchen.platforms.yml 84 | with: 85 | suite: ${{ matrix.suite }} 86 | os: ${{ matrix.os }} 87 | - name: Print debug output on failure 88 | if: failure() 89 | run: | 90 | set -x 91 | /usr/bin/kitchen exec ${{ matrix.suite }}-${{ matrix.os }} -c "journalctl -l" 92 | 93 | final: 94 | runs-on: ubuntu-latest 95 | needs: [integration, integration-vagrant] 96 | steps: 97 | - run: echo ${{needs.integration.outputs}} 98 | - run: echo ${{needs.integration-vagrant.outputs}} 99 | -------------------------------------------------------------------------------- /.github/workflows/stale.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Mark stale issues and pull requests 3 | 4 | "on": 5 | schedule: [cron: "0 0 * * *"] 6 | 7 | jobs: 8 | stale: 9 | runs-on: ubuntu-latest 10 | steps: 11 | - uses: actions/stale@v9 12 | with: 13 | repo-token: ${{ secrets.GITHUB_TOKEN }} 14 | close-issue-message: > 15 | Closing due to inactivity. 16 | If this is still an issue please reopen or open another issue. 17 | Alternatively drop by the #sous-chefs channel on the [Chef Community Slack](http://community-slack.chef.io/) and we'll be happy to help! 18 | Thanks, Sous-Chefs. 19 | days-before-close: 7 20 | days-before-stale: 365 21 | stale-issue-message: > 22 | Marking stale due to inactivity. 23 | Remove stale label or comment or this will be closed in 7 days. 24 | Alternatively drop by the #sous-chefs channel on the [Chef Community Slack](http://community-slack.chef.io/) and we'll be happy to help! 25 | Thanks, Sous-Chefs. 26 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.rbc 2 | .config 3 | InstalledFiles 4 | pkg 5 | test/tmp 6 | test/version_tmp 7 | tmp 8 | _Store 9 | *~ 10 | *# 11 | .#* 12 | \#*# 13 | *.un~ 14 | *.tmp 15 | *.bk 16 | *.bkup 17 | 18 | # editor files 19 | .idea 20 | .*.sw[a-z] 21 | 22 | # ruby/bundler/rspec files 23 | .ruby-version 24 | .ruby-gemset 25 | .rvmrc 26 | Gemfile.lock 27 | .bundle 28 | *.gem 29 | coverage 30 | spec/reports 31 | 32 | # YARD / rdoc artifacts 33 | .yardoc 34 | _yardoc 35 | doc/ 36 | rdoc 37 | 38 | # chef infra stuff 39 | Berksfile.lock 40 | .kitchen 41 | kitchen.local.yml 42 | vendor/ 43 | .coverage/ 44 | .zero-knife.rb 45 | Policyfile.lock.json 46 | 47 | # vagrant stuff 48 | .vagrant/ 49 | .vagrant.d/ 50 | -------------------------------------------------------------------------------- /.markdownlint-cli2.yaml: -------------------------------------------------------------------------------- 1 | config: 2 | ul-indent: false # MD007 3 | line-length: false # MD013 4 | no-duplicate-heading: false # MD024 5 | -------------------------------------------------------------------------------- /.mdlrc: -------------------------------------------------------------------------------- 1 | rules "~MD013", "~MD024", "~MD025", "~MD033" 2 | -------------------------------------------------------------------------------- /.overcommit.yml: -------------------------------------------------------------------------------- 1 | --- 2 | PreCommit: 3 | TrailingWhitespace: 4 | enabled: true 5 | YamlLint: 6 | enabled: true 7 | ChefSpec: 8 | enabled: true 9 | command: ["chef", "exec", "rspec"] 10 | include: ["**/*.rb"] 11 | Cookstyle: 12 | enabled: true 13 | required_executable: "cookstyle" 14 | command: ["cookstyle"] 15 | include: ["**/*.rb"] 16 | MarkdownLint: 17 | enabled: true 18 | command: ["npx", "markdownlint-cli2", "'**/*.md'"] 19 | include: ["**/*.md"] 20 | CommitMsg: 21 | HardTabs: 22 | enabled: true 23 | -------------------------------------------------------------------------------- /.vscode/extensions.json: -------------------------------------------------------------------------------- 1 | { 2 | "recommendations": [ 3 | "chef-software.chef", 4 | "rebornix.ruby", 5 | "editorconfig.editorconfig" 6 | ] 7 | } 8 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | rules: 4 | line-length: 5 | max: 256 6 | level: warning 7 | document-start: disable 8 | braces: 9 | forbid: false 10 | min-spaces-inside: 0 11 | max-spaces-inside: 1 12 | min-spaces-inside-empty: -1 13 | max-spaces-inside-empty: -1 14 | comments: 15 | min-spaces-from-content: 1 16 | -------------------------------------------------------------------------------- /Berksfile: -------------------------------------------------------------------------------- 1 | source 'https://supermarket.chef.io' 2 | 3 | metadata 4 | 5 | cookbook 'nfs_test', path: 'test/cookbooks/nfs_test' 6 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # nfs Cookbook CHANGELOG 2 | 3 | This file is used to list changes made in each version of the nfs cookbook. 4 | 5 | ## Unreleased 6 | 7 | ## 5.1.5 - *2024-10-07* 8 | 9 | ## 5.1.4 - *2024-05-01* 10 | 11 | ## 5.1.3 - *2024-05-01* 12 | 13 | ## 5.1.2 - *2023-09-14* 14 | 15 | - Remove custom Dokken configuration 16 | Fixes CI failures 17 | 18 | ## 5.1.1 - *2023-09-13* 19 | 20 | - Standardise files with files in sous-chefs/repo-management 21 | 22 | ## 5.1.0 - *2023-09-13* 23 | 24 | - Standardise files with files in sous-chefs/repo-management 25 | 26 | ## 5.0.10 - *2023-09-04* 27 | 28 | - Standardise files with files in sous-chefs/repo-management 29 | 30 | ## 5.0.9 - *2023-07-10* 31 | 32 | - Standardise files with files in sous-chefs/repo-management 33 | 34 | ## 5.0.8 - *2023-05-31* 35 | 36 | - Fix changelog and issue a proper release 37 | 38 | ## 5.0.7 - *2023-05-17* 39 | 40 | - Update sous-chefs/.github action to v2.0.4 (#137) 41 | 42 | ## 5.0.6 - *2023-05-03* 43 | 44 | - Update sous-chefs/.github action to v2.0.2 (#136) 45 | 46 | ## 5.0.5 - *2023-04-01* 47 | 48 | - Standardise files with files in sous-chefs/repo-management 49 | 50 | ## 5.0.4 - *2023-02-14* 51 | 52 | - Standardise files with files in sous-chefs/repo-management 53 | 54 | ## 5.0.3 - *2023-02-13* 55 | 56 | - Standardise files with files in sous-chefs/repo-management 57 | 58 | ## 5.0.2 - *2022-12-20* 59 | 60 | - Enable Ubuntu 22.04 server vagrant testing 61 | 62 | ## 5.0.1 - *2022-12-20* 63 | 64 | - Add support for Ubuntu 22.04 65 | - Remove EOL platforms: CentOS 8, Debian 9 66 | - Convert from delivery to newer CI workflow 67 | - MDL fixes 68 | - Switch to using MacOS 12 runners for VM CI tests 69 | 70 | ## 5.0.0 - *2021-11-01* 71 | 72 | - Sous Chefs adoption 73 | - Loosen version pin on line cookbook 74 | - Fix CentOS 8+ and Fedora and properly manage /etc/nfs.conf 75 | - Add `fsid` property to the `nfs_export` resource 76 | - Fix services that are loaded 77 | - Switch to using `kernel_module` resource for lockd module 78 | - Fix idempotency with sysctl resource usage 79 | 80 | ## 4.0.0 - *2021-09-11* 81 | 82 | This release adds support for Chef 17 and modernizes syntax and tooling. 83 | 84 | - **BREAKING** 85 | - Drop support for Chef version < 15.3 86 | - Chef 17 compatibility 87 | - Enable unified_mode for custom resources 88 | - Cookbook Cleanup 89 | - Cookstyle fixes 90 | - LWRP -> custom resource conversion 91 | - Update to new spec test format 92 | - Move test cookbook to standard location 93 | - Move kitchen files to standard location 94 | - Convert integration testing to InSpec 95 | 96 | ## 3.0.0 - *2020-11-04* 97 | 98 | This release unifies systemd based NFS systems. Much of the platform branching has been removed dropping support for System V initialized NFS servers. 99 | 100 | - **BREAKING** 101 | - Added 102 | - Debian 10 103 | - Ubuntu 18.04 104 | - Ubuntu 20.04 105 | - CentOS/RHEL 8 106 | - Dropped 107 | - Debian 8 108 | - Debian 9 109 | - CentOS/RHEL 5 110 | - CentOS/RHEL 6 111 | - Ubuntu 14.04 112 | - Iffy (not supported) 113 | - SUSE 114 | - FreeBSD 115 | 116 | - @rexcsn - corrected nfs-idmap service name 117 | - Set default_env so exportfs can be found under Chef 14.2+ 118 | 119 | ## 2.6.4 - *2020-02-27* 120 | 121 | - @Vancelot11 - added CentOS 8 support 122 | 123 | ## 2.6.3 - *2018-11-07* 124 | 125 | - Small tweak to Chef 13 compatible sysctl resources 126 | 127 | ## 2.6.2 - *2018-08-27* 128 | 129 | - Set lockd ports on Debian 8 and Ubuntu 14.04 via sysctl settings. 130 | 131 | ## 2.6.1 - *2018-08-24* 132 | 133 | - Updated to support Chef 14+ with builtin sysctl resource 134 | - Dropped sysctl cookbook dependency, but maintained backwards compatibility by using file/execute resources for Chef 13 135 | 136 | ## 2.6.0 - *2018-08-23* 137 | 138 | - #107 - Bump line dependency version to 2.x 139 | 140 | ## 2.5.1 - *2018-04-27* 141 | 142 | - Set minimum supported Chef to 13.2.20 143 | - Bump line and sysctl dependency versions 144 | 145 | ## 2.5.0 - *2017-12-05* 146 | 147 | - @chuhn - Add Debian Stretch support 148 | - Updates to raise Supermarket metrics 149 | 150 | ## 2.4.1 - *2017-08-08* 151 | 152 | - Correct #95 regression on v2.4.0 153 | 154 | ## 2.4.0 - *2017-08-07* 155 | 156 | - Fixes #99 - Remove include_attribute 'sysctl' to maintain compatibility with sysctl cookbook changes. 157 | 158 | ## 3.3.3 - *2017-05-08* 159 | 160 | - Remove trailing newline from export line. Closes #95 161 | 162 | ## 2.3.2 - *2017-01-10* 163 | 164 | - Fixes #93 - nfs-idmap.service unit file depends on nfs-server.service provided by nfs-kernel-server package on Ubuntu 165 | 16.04. 166 | 167 | ## 2.3.1 - *2016-12-09* 168 | 169 | - Fixes #91 - nfs-config.service needs managed to apply fixed port configuration on Ubuntu 16.04 and CentOS 7.2 170 | 171 | ## 2.3.0 - *2016-10-24* 172 | 173 | - Fix #89 - Set sysctl parameters, only if nfs kernel module is loaded. 174 | - Closes #76 - Remove service provider mapping, deferring to Chef 12 provider helpers. 175 | - Fixes #81 - Re-instate status check. 176 | 177 | ## 2.2.12 - *2016-10-07* 178 | 179 | - @nunukim 180 | - fix invalid /etc/defaults/nfs-kernel-server on Debian 181 | 182 | ## 2.2.11 - *2016-09-22* 183 | 184 | - Ignore sysctl for OpenVZ/Virtuozzo 185 | - Start rpcbind service in RHEL 7 prior to nfs server 186 | 187 | ## 2.2.10 - *2016-08-11* 188 | 189 | - Fix #69 - Logical condition error on CentOS 7 190 | - reported by @dougalb 191 | 192 | ## 2.2.9 - *2016-08-11* 193 | 194 | - @sspans 195 | - prevent resource duplication for shared configs 196 | - Rubocop fix-ups 197 | 198 | - @hrak 199 | - Use systemd provider for Ubuntu >= 15.04 200 | 201 | - @rlanore 202 | - Add knob to disable nfs v4 203 | 204 | ## 2.2.8 - *2016-04-27* 205 | 206 | - @zivagolee - Chef 11 backwards compatability for issues/source urls. 207 | 208 | ## 2.2.7 - *2016-04-21* 209 | 210 | - @gsreynolds 211 | - Add explicit service provider attributes for Debian, including Debian 8. 212 | 213 | - @hrak 214 | - Use package portmap instead of rpcbind on Ubuntu <=13.04 215 | - Correct service name for Ubuntu <=13.04 = 'portmap', >=13.10 = 'rpcbind' 216 | 217 | ## 2.2.6 - *2015-10-14* 218 | 219 | - @davidgiesberg - fixed an issue with chef-client 12.5 in #67 220 | 221 | ## 2.2.5 - *2015-08-11* 222 | 223 | - @yoshiwaan - improved Amazon Linux platform support. 224 | - Also added tests, and example .kitchen.yml.aws file. 225 | 226 | ## 2.2.4 - *2015-07-09* 227 | 228 | - @shortgun corrected an Amazon Linux regression introduced by #57 229 | - Cleaned out redundant BATS tests, in favor of Serverspec tests. 230 | - Cleaned up Serverspec tests introduced by #57 to better reflect expected behavior. 231 | 232 | ## 2.2.3 - *2015-07-08* 233 | 234 | - @joerocklin added CentOS 7 support, and tests, in #57 235 | - @sdrycroft added whitespace padding to replacement pattern in #62 236 | 237 | ## 2.2.2 - *2015-07-01* 238 | 239 | - Make service_provider edge cases an Ubuntu-specific hack. 240 | - More feedback may be needed on Debian platforms/versions 241 | - CentOS platforms seem to detect service_provider fine, without explicitly setting one. 242 | - Remove windows/solaris guard regression, because this should not be needed without overriding the service provider 243 | 244 | ## 2.2.1 - *2015-06-29* 245 | 246 | - Partial revert of service_provider Ubuntu hacks. 247 | 248 | ## 2.2.0 - *2015-06-29* 249 | 250 | - De-kludge service_provider hacks 251 | - Add pattern parameter to looped service resources 252 | 253 | ## 2.1.0 - *2015-02-13* 254 | 255 | - @lmickh LWRP stairsteps anonids multiplicatively. #46 256 | - @vgirnet added SLES init script failsafe. closes #47 257 | - @StFS added EL7 service names. closes #39 #41 #49 258 | - @stevenolen remove installation of nfs-kernel-server for debian platform. closes #43 259 | - ChefSpec fixups 260 | - Runner deprecated. 261 | - Generic chefspec 0.6.1 platform has no service providers (i.e. sysvinit) in Chef. 262 | - FreeBSD mapping broken chef/chef#2383. 263 | 264 | ## 2.0.0 - *2014-06-14* 265 | 266 | - @jessp01 added rquotad support, Issue #34 267 | - @jessp01 added NFS4 support, Issue #35 268 | - @dudyk Hash Rockets, Issue #36 269 | - @soul-rebel, Issue #37 270 | - @kjtanaka, notification timing, Issue #38 271 | - rework issue #35 to be cross-platform and backwards compatible 272 | - fix tests, verify behavior 273 | - Update documentation 274 | 275 | ### Potentially Breaking Changes 276 | 277 | Support for some versions of Ubuntu support unverified. Please help cookbook maintainers by submitting [fauxhai](https://github.com/customink/fauxhai) stub data for your preferred platforms. 278 | 279 | ## 1.0.0 - *2014-05-20* 280 | 281 | - Removed unused variables from provider 282 | - NFS server template refactored into singular template to take advantage of added features like `nfs['v4']` and `nfs['threads']` 283 | - @eric-tucker added Amazon support 284 | - @mvollrath added Ubuntu 13.10 support 285 | - @JonathanSerafini added FreeBSD support 286 | - @gswallow added an `nfs['threads']` attribute 287 | - @brint added array support for network LWRP parameter 288 | - Tests 289 | - @stuart12 added debian to kitchen.ci platforms 290 | - Chefspec unit test coverage 291 | - BATS integration tests 292 | - Rubocop linting 293 | 294 | ## 0.5.0 - *2013-09-06* 295 | 296 | - @CloCkWeRX - LWRP multi-line fix 297 | - @walbenzi - toggle-able nfs protocol level 2, or 3 298 | - defer to default proto level, and default behavior according to installed kernel 299 | - Add attributes to README 300 | 301 | - @ranxxerox & @reoring - Debian wheezy support added 302 | 303 | ## 0.4.2 - *2013-07-16* 304 | 305 | - Remove nfs::undo only upon conflict in run_list 306 | 307 | ## 0.4.1 - *2013-06-24* 308 | 309 | - Community site version does not match cb on github. 310 | 311 | ## 0.4.0 - *2013-06-06* 312 | 313 | - Add SLES 11 support. 314 | - Handle non-existent exports. 315 | - Re-order service/template. 316 | - Added attributes to LWRP for anonymous user and group mapping. 317 | - Removed deprecated exports documentation. 318 | - Add test-kitchen skeleton 319 | 320 | ## 0.3.1 - *2013-01-14* 321 | 322 | - Correct LWRP behavior for empty exports file via @bryanwb 323 | - Corrected lint warnings: 324 | 325 | - FC043: Prefer new notification syntax: ./recipes/default.rb:40 326 | - FC043: Prefer new notification syntax: ./recipes/server.rb:35 327 | 328 | ## 0.3.0 - *2012-12-10* 329 | 330 | @someara exports LWRP refactor 331 | 332 | - **Breaking changes** 333 | - Deprecated ~nfs['exports']~ attribute 334 | - remove exports recipe hack 335 | - refactored provider to execute in new run_context 336 | - update notification timings on exports resources 337 | - add service status to recipes 338 | - dependency and integration with [line](https://github.com/sous-chefs/line) cookbook 339 | 340 | ## 0.2.8 - *2012-11-28* 341 | 342 | - Debian family attribute correction 343 | - Use portmap service when using the portmap package 344 | 345 | ## 0.2.7 - *2012-09-26* 346 | 347 | - Documentation corrections 348 | - correct node.nfs.port references 349 | - correct run_list symtax 350 | 351 | ## 0.2.6 - *2012-08-14* 352 | 353 | - Force float in platform_version conditional 354 | 355 | ## 0.2.5 - *2012-08-13* 356 | 357 | Ubuntu service names 358 | 359 | - Fix Ubuntu 11.10 edge-case reported by Andrea Campi 360 | - Update test cases 361 | 362 | ## 0.2.4 - *2012-06-13* 363 | 364 | Attribute typo for Debian 365 | 366 | - Correct typo in attributes 367 | - Add attribute testing for config templates 368 | - Add /etc/exports grep for better idempotency guard 369 | 370 | ## 0.2.3 - *2012-05-24* 371 | 372 | - Fix service action typo in nfs::undo 373 | 374 | ## 0.2.2 - *2012-05-22* 375 | 376 | - [annoyance] Add run once nfs::undo recipe to stop and remove all nfs components 377 | - Correct export duplication check in LWRP 378 | - Re-factor attributes, and introduce Ubuntu 12+ edge cases 379 | - Add testing artefacts for Travis CI integration 380 | 381 | ## 0.2.0 - *2012-05-01* 382 | 383 | - Add nfs_export LWRP, thanks Michael Ivey from Riot Games for the contribution 384 | - Update README documentation, and add CHANGELOG 385 | 386 | ## 0.1.0 - *2012-04-17* 387 | 388 | - Re-factor NFS cookbook 389 | - Add edge cases for RHEL6, thanks Bryan Berry for reporting and testing 390 | - Filter-branched into cookbook-nfs repo 391 | 392 | ## 0.0.6 - *2011-07-08* 393 | 394 | - Add NFS export support 395 | - Update documentation 396 | - First community site release 397 | 398 | ## 0.0.4 - *2011-07-01* 399 | 400 | - Initial version with RHEL/CentOS/Debian/Ubuntu support 401 | - Thanks to Glenn Pratt for testing on Debian family distros 402 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Community Guidelines 2 | 3 | This project follows the Chef Community Guidelines 4 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Please refer to 4 | [https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) 5 | -------------------------------------------------------------------------------- /Dangerfile: -------------------------------------------------------------------------------- 1 | # Reference: http://danger.systems/reference.html 2 | 3 | # A pull request summary is required. Add a description of the pull request purpose. 4 | # Changelog must be updated for each pull request that changes code. 5 | # Warnings will be issued for: 6 | # Pull request with more than 400 lines of code changed 7 | # Pull reqest that change more than 5 lines without test changes 8 | # Failures will be issued for: 9 | # Pull request without summary 10 | # Pull requests with code changes without changelog entry 11 | 12 | def code_changes? 13 | code = %w(libraries attributes recipes resources files templates) 14 | code.each do |location| 15 | return true unless git.modified_files.grep(/#{location}/).empty? 16 | end 17 | false 18 | end 19 | 20 | def test_changes? 21 | tests = %w(spec test kitchen.yml kitchen.dokken.yml) 22 | tests.each do |location| 23 | return true unless git.modified_files.grep(/#{location}/).empty? 24 | end 25 | false 26 | end 27 | 28 | failure 'Please provide a summary of your Pull Request.' if github.pr_body.length < 10 29 | 30 | warn 'This is a big Pull Request.' if git.lines_of_code > 400 31 | 32 | warn 'This is a Table Flip.' if git.lines_of_code > 2000 33 | 34 | # Require a CHANGELOG entry for non-test changes. 35 | if !git.modified_files.include?('CHANGELOG.md') && code_changes? 36 | failure 'Please include a CHANGELOG entry.' 37 | end 38 | 39 | # Require Major Minor Patch version labels 40 | unless github.pr_labels.grep /minor|major|patch/i 41 | warn 'Please add a release label to this pull request' 42 | end 43 | 44 | # A sanity check for tests. 45 | if git.lines_of_code > 5 && code_changes? && !test_changes? 46 | warn 'This Pull Request is probably missing tests.' 47 | end 48 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2011-2017, Eric G. Wolfe 190 | Copyright 2014, Joe Rocklin 191 | Copyright 2012, Riot Games 192 | Copyright 2012, Sean OMeara 193 | 194 | Licensed under the Apache License, Version 2.0 (the "License"); 195 | you may not use this file except in compliance with the License. 196 | You may obtain a copy of the License at 197 | 198 | http://www.apache.org/licenses/LICENSE-2.0 199 | 200 | Unless required by applicable law or agreed to in writing, software 201 | distributed under the License is distributed on an "AS IS" BASIS, 202 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 203 | See the License for the specific language governing permissions and 204 | limitations under the License. 205 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # nfs cookbook 2 | 3 | [![Cookbook Version](https://img.shields.io/cookbook/v/selnux.svg)](https://supermarket.chef.io/cookbooks/nfs) 4 | [![CI State](https://github.com/sous-chefs/nfs/workflows/ci/badge.svg)](https://github.com/sous-chefs/nfs/actions?query=workflow%3Aci) 5 | [![OpenCollective](https://opencollective.com/sous-chefs/backers/badge.svg)](#backers) 6 | [![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors) 7 | [![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0) 8 | 9 | ## Description 10 | 11 | Installs and configures NFS client and server components 12 | 13 | ## Maintainers 14 | 15 | This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF). 16 | 17 | ## Requirements 18 | 19 | Should work on any RHEL 7+, Debian 10+, Ubuntu 18.04+ distributions. 20 | 21 | This cookbook depends on the [`line` cookbook](https://github.com/sous-chefs/line) 22 | 23 | ### Attributes 24 | 25 | - `nfs['packages']` 26 | - Case switch in attributes to choose NFS client packages dependent on platform. 27 | 28 | - `nfs['service']` 29 | - `['config']` - only set on Debian/Ubuntu to work around loose systemd dependencies on this platform family - debian: 30 | `nfs-config.service` 31 | - `['portmap']` - the rpcbind service - default: `nfs-client.target` 32 | - `['lock']` - the rpc-statd service - default: `nfs-client.target`, debian: `rpc-statd.service` 33 | - `['server']` - the server component, - default: `nfs-server.service`, debian: `nfs-kernel-server.service` 34 | - `['idmap']` - the NFSv4 idmap component 35 | 36 | - `nfs['config']` 37 | - `client_templates` - templates to iterate through on client systems, chosen by platform 38 | - `server_template` - Per-platform case switch in common nfs.erb template. This string should be set to where the main 39 | NFS server configuration file should be placed. 40 | - `idmap_template` - Path to idmapd.conf used in `nfs::client4` and `nfs::server4` recipes. 41 | 42 | - `nfs['threads']` - Number of nfsd threads to run. Default 8 on Linux, 24 on FreeBSD. Set to 0, to disable. 43 | 44 | - `nfs['port']` 45 | - `['statd']` = Listen port for statd, default 32765 46 | - `['statd_out']` = Outgoing port for statd, default 32766 47 | - `['mountd']` = Listen port for mountd, default 32767 48 | - `['lockd']` = Listen port for lockd, default 32768 49 | 50 | - `nfs['v2']`, `nfs['v3']`, `nfs['v4']` 51 | - Set to `yes` or `no` to turn on/off NFS protocol level v2, or v3. 52 | - Defaults to nil, deferring to the default behavior provided by running kernel. 53 | 54 | - `nfs['mountd_flags']` - BSD launch options for mountd. 55 | - `nfs['server_flags']` - BSD launch options for nfsd. 56 | 57 | - `nfs['idmap']` 58 | - Attributes specific to idmap template and service. 59 | - `['domain']` - Domain for idmap service, defaults to `node['domain']` 60 | - `['pipefs_directory']` - platform-specific location of `Pipefs-Directory` 61 | - `['user']` - effective user for idmap service, default `nobody`. 62 | - `['group']` - effective group for idmap service, default `nogroup`. 63 | 64 | ## Usage 65 | 66 | To install the NFS components for a client system, simply add nfs to the run list. 67 | 68 | ```ruby 69 | name "base" 70 | description "Role applied to all systems" 71 | run_list [ "nfs" ] 72 | ``` 73 | 74 | Then in an `nfs_server.rb` role that is applied to NFS servers: 75 | 76 | ```ruby 77 | name "nfs_server" 78 | description "Role applied to the system that should be an NFS server." 79 | override_attributes( 80 | "nfs" => { 81 | "packages" => [ "portmap", "nfs-common", "nfs-kernel-server" ], 82 | "port" => { 83 | "statd" => 32765, 84 | "statd_out" => 32766, 85 | "mountd" => 32767, 86 | "lockd" => 32768 87 | } 88 | } 89 | ) 90 | run_list [ "nfs::server" ] 91 | ``` 92 | 93 | ### `nfs_export` resource Usage 94 | 95 | Applications or other cookbooks can use the `nfs_export` resource to add exports: 96 | 97 | ```ruby 98 | nfs_export "/exports" do 99 | network '10.0.0.0/8' 100 | writeable false 101 | sync true 102 | options ['no_root_squash'] 103 | end 104 | ``` 105 | 106 | The default parameters for the `nfs_export` LWRP are as follows 107 | 108 | - directory 109 | - directory you wish to export 110 | - defaults to resource name 111 | 112 | - network 113 | - a CIDR, IP address, or wildcard (\*) 114 | - requires an option 115 | - can be a string for a single address or an array of networks 116 | 117 | - writeable 118 | - ro/rw export option 119 | - defaults to false 120 | 121 | - sync 122 | - synchronous/asynchronous export option 123 | - defaults to true 124 | 125 | - anonuser 126 | - user mapping for anonymous users 127 | - the user's UID will be retrieved from /etc/passwd for the anonuid=x option 128 | - defaults to nil (no mapping) 129 | 130 | - anongroup 131 | - group mapping for anonymous users 132 | - the group's GID will be retrieved from /etc/group for the anongid=x option 133 | - defaults to nil (no mapping) 134 | 135 | - options 136 | - additional export options as an array, excluding the parameterized sync/async, ro/rw options, and anoymous mappings 137 | - defaults to `root_squash` 138 | 139 | ## nfs::default recipe 140 | 141 | The default recipe installs and configures the common components for an NFS client, at an effective protocol level of 142 | NFSv3. The Chef resource logic for this is in the `nfs::_common` recipe, with platform-specific conditional defaults set 143 | in the default attributes file. 144 | 145 | ## nfs::client4 recipe 146 | 147 | Includes the logic from `nfs::_common`, and also configures and installs the idmap service to provide an effective 148 | protocol level of NFSv4. Effectively the same as running both `nfs::_common` and `nfs::_idmap`. 149 | 150 | ## nfs::server recipe 151 | 152 | The server recipe includes the common client components from `nfs::_common`. This also configures and installs the 153 | platform-specific server services for an effective protocol level of NFSv3. 154 | 155 | ## nfs::server4 recipe 156 | 157 | This recipe includes the common client components from `nfs::_common`. It also configures and installs the 158 | platform-specific server services for an effective protocol level of NFSv4. Effectively the same as running 159 | `nfs::_common` and `nfs::_idmap` and `nfs::server`. 160 | 161 | ## nfs::undo recipe 162 | 163 | Does your freshly kickstarted/preseeded system come with NFS, when you didn't ask for NFS? This recipe inspired by the 164 | annoyances cookbook, will run once to remove NFS from the system. Use a knife command to remove NFS components from your 165 | system like so. 166 | 167 | ```sh 168 | knife run_list add $NODE nfs::undo 169 | ``` 170 | 171 | ## Contributors 172 | 173 | This project exists thanks to all the people who [contribute.](https://opencollective.com/sous-chefs/contributors.svg?width=890&button=false) 174 | 175 | ### Backers 176 | 177 | Thank you to all our backers! 178 | 179 | ![https://opencollective.com/sous-chefs#backers](https://opencollective.com/sous-chefs/backers.svg?width=600&avatarHeight=40) 180 | 181 | ### Sponsors 182 | 183 | Support this project by becoming a sponsor. Your logo will show up here with a link to your website. 184 | 185 | ![https://opencollective.com/sous-chefs/sponsor/0/website](https://opencollective.com/sous-chefs/sponsor/0/avatar.svg?avatarHeight=100) 186 | ![https://opencollective.com/sous-chefs/sponsor/1/website](https://opencollective.com/sous-chefs/sponsor/1/avatar.svg?avatarHeight=100) 187 | ![https://opencollective.com/sous-chefs/sponsor/2/website](https://opencollective.com/sous-chefs/sponsor/2/avatar.svg?avatarHeight=100) 188 | ![https://opencollective.com/sous-chefs/sponsor/3/website](https://opencollective.com/sous-chefs/sponsor/3/avatar.svg?avatarHeight=100) 189 | ![https://opencollective.com/sous-chefs/sponsor/4/website](https://opencollective.com/sous-chefs/sponsor/4/avatar.svg?avatarHeight=100) 190 | ![https://opencollective.com/sous-chefs/sponsor/5/website](https://opencollective.com/sous-chefs/sponsor/5/avatar.svg?avatarHeight=100) 191 | ![https://opencollective.com/sous-chefs/sponsor/6/website](https://opencollective.com/sous-chefs/sponsor/6/avatar.svg?avatarHeight=100) 192 | ![https://opencollective.com/sous-chefs/sponsor/7/website](https://opencollective.com/sous-chefs/sponsor/7/avatar.svg?avatarHeight=100) 193 | ![https://opencollective.com/sous-chefs/sponsor/8/website](https://opencollective.com/sous-chefs/sponsor/8/avatar.svg?avatarHeight=100) 194 | ![https://opencollective.com/sous-chefs/sponsor/9/website](https://opencollective.com/sous-chefs/sponsor/9/avatar.svg?avatarHeight=100) 195 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env rake 2 | 3 | # chefspec task against spec/*_spec.rb 4 | require 'rspec/core/rake_task' 5 | RSpec::Core::RakeTask.new(:chefspec) 6 | 7 | # cookstyle 8 | desc 'Ruby style guide linter' 9 | task :cookstyle do 10 | sh 'cookstyle --fail-level W' 11 | end 12 | 13 | # test-kitchen task 14 | begin 15 | require 'kitchen/rake_tasks' 16 | Kitchen::RakeTasks.new 17 | rescue LoadError 18 | puts '>>>>> Kitchen gem not loaded, omitting tasks' unless ENV['CI'] 19 | end 20 | 21 | # default tasks are quick, commit tests 22 | task default: %w(cookstyle chefspec) 23 | -------------------------------------------------------------------------------- /TESTING.md: -------------------------------------------------------------------------------- 1 | # Testing 2 | 3 | Please refer to [the community cookbook documentation on testing](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/TESTING.MD). 4 | -------------------------------------------------------------------------------- /attributes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: nfs 3 | # Attributes:: default 4 | # 5 | # Copyright:: 2011, Eric G. Wolfe 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the 'License'); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an 'AS IS' BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | # Allowing Version 2, 3 and 4 of NFS to be enabled or disabled. 21 | # Default behavior, defer to protocol level(s) supported by kernel. 22 | default['nfs']['v2'] = nil 23 | default['nfs']['v3'] = nil 24 | default['nfs']['v4'] = nil 25 | 26 | # rquotad needed? 27 | default['nfs']['rquotad'] = 'no' 28 | 29 | # Default options are taken from the Debian guide on static NFS ports 30 | default['nfs']['port']['statd'] = 32_765 31 | default['nfs']['port']['statd_out'] = 32_766 32 | default['nfs']['port']['mountd'] = 32_767 33 | default['nfs']['port']['lockd'] = 32_768 34 | default['nfs']['port']['rquotad'] = 32_769 35 | 36 | # Number of rpc.nfsd threads to start (default 8) 37 | default['nfs']['threads'] = 8 38 | 39 | # Default options are based on RHEL8 40 | default['nfs']['packages'] = if platform_family?('debian') 41 | %w(nfs-common rpcbind) 42 | else 43 | %w(nfs-utils rpcbind) 44 | end 45 | 46 | # Let systemd demand rpcbind 47 | default['nfs']['service']['portmap'] = 'nfs-client.target' 48 | default['nfs']['service']['statd'] = 'rpc-statd.service' 49 | default['nfs']['service']['lock'] = 'nfs-client.target' 50 | 51 | default['nfs']['service']['server'] = if platform_family?('debian') 52 | 'nfs-kernel-server.service' 53 | else 54 | 'nfs-server.service' 55 | end 56 | 57 | # Client config defaults 58 | default['nfs']['config']['client_templates'] = 59 | if platform_family?('debian') 60 | if platform?('ubuntu') && node['platform_version'].to_f >= 22.04 61 | %w(/etc/nfs.conf) 62 | else 63 | %w(/etc/default/nfs-common) 64 | end 65 | elsif platform_family?('rhel') && node['platform_version'].to_i >= 8 66 | %w(/etc/nfs.conf) 67 | elsif platform_family?('fedora') 68 | %w(/etc/nfs.conf) 69 | else 70 | %w(/etc/sysconfig/nfs) 71 | end 72 | 73 | # Sever config defaults 74 | default['nfs']['config']['server_template'] = 75 | if platform_family?('debian') 76 | if platform?('ubuntu') && node['platform_version'].to_f >= 22.04 77 | '/etc/nfs.conf' 78 | else 79 | '/etc/default/nfs-kernel-server' 80 | end 81 | elsif platform_family?('rhel') && node['platform_version'].to_i >= 8 82 | '/etc/nfs.conf' 83 | elsif platform_family?('fedora') 84 | '/etc/nfs.conf' 85 | else 86 | '/etc/sysconfig/nfs' 87 | end 88 | 89 | # idmap recipe attributes 90 | default['nfs']['config']['idmap_template'] = '/etc/idmapd.conf' 91 | 92 | # I don't think this gets pulled in as a unit file dependency on nfs-client.target 93 | default['nfs']['service']['idmap'] = 'nfs-idmapd.service' 94 | 95 | default['nfs']['idmap']['domain'] = node['domain'] 96 | 97 | # I'm assuming both Debian and Ubuntu use this FHS tree for var data 98 | default['nfs']['idmap']['pipefs_directory'] = if platform_family?('debian') 99 | '/run/rpc_pipefs' 100 | else 101 | '/var/lib/nfs/rpc_pipefs' 102 | end 103 | 104 | # The nobody service user, and nogroup edge-case 105 | default['nfs']['idmap']['user'] = 'nobody' 106 | default['nfs']['idmap']['group'] = if platform_family?('debian') 107 | 'nogroup' 108 | else 109 | 'nobody' 110 | end 111 | 112 | # These are object refs to the default services, used as an iteration key in recipe. 113 | # These are not the literal service names passed to the service resource. 114 | # i.e. nfs.service.portmap, nfs.service.lock above 115 | default['nfs']['client-services'] = %w(portmap statd lock) 116 | 117 | # Platforms that may no longer work? 118 | case node['platform_family'] 119 | when 'freebsd' 120 | # Packages are installed by default 121 | default['nfs']['packages'] = [] 122 | default['nfs']['config']['server_template'] = '/etc/rc.conf.d/nfsd' 123 | default['nfs']['config']['client_templates'] = %w(/etc/rc.conf.d/mountd) 124 | default['nfs']['service']['lock'] = 'lockd' 125 | default['nfs']['service']['server'] = 'nfsd' 126 | default['nfs']['threads'] = 24 127 | default['nfs']['mountd_flags'] = '-r' 128 | default['nfs']['server_flags'] = if node['nfs']['threads'] >= 0 129 | "-u -t -n #{node['nfs']['threads']}" 130 | else 131 | '-u -t' 132 | end 133 | when 'suse' 134 | default['nfs']['packages'] = %w(nfs-client nfs-kernel-server rpcbind) 135 | default['nfs']['service']['lock'] = 'nfsserver' 136 | default['nfs']['service']['server'] = 'nfsserver' 137 | default['nfs']['config']['client_templates'] = %w(/etc/sysconfig/nfs) 138 | end 139 | -------------------------------------------------------------------------------- /chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file when uploading 2 | # to a Chef Infra Server or Supermarket. 3 | # Lines that start with '# ' are comments. 4 | 5 | # OS generated files # 6 | ###################### 7 | .DS_Store 8 | ehthumbs.db 9 | Icon? 10 | nohup.out 11 | Thumbs.db 12 | .envrc 13 | 14 | # EDITORS # 15 | ########### 16 | .#* 17 | .project 18 | .settings 19 | *_flymake 20 | *_flymake.* 21 | *.bak 22 | *.sw[a-z] 23 | *.tmproj 24 | *~ 25 | \#* 26 | REVISION 27 | TAGS* 28 | tmtags 29 | .vscode 30 | .editorconfig 31 | 32 | ## COMPILED ## 33 | ############## 34 | *.class 35 | *.com 36 | *.dll 37 | *.exe 38 | *.o 39 | *.pyc 40 | *.so 41 | */rdoc/ 42 | a.out 43 | mkmf.log 44 | 45 | # Testing # 46 | ########### 47 | .circleci/* 48 | .codeclimate.yml 49 | .delivery/* 50 | .foodcritic 51 | .kitchen* 52 | .mdlrc 53 | .overcommit.yml 54 | .rspec 55 | .rubocop.yml 56 | .travis.yml 57 | .watchr 58 | .yamllint 59 | azure-pipelines.yml 60 | Dangerfile 61 | examples/* 62 | features/* 63 | Guardfile 64 | kitchen.yml* 65 | mlc_config.json 66 | Procfile 67 | Rakefile 68 | spec/* 69 | test/* 70 | 71 | # SCM # 72 | ####### 73 | .git 74 | .gitattributes 75 | .gitconfig 76 | .github/* 77 | .gitignore 78 | .gitkeep 79 | .gitmodules 80 | .svn 81 | */.bzr/* 82 | */.git 83 | */.hg/* 84 | */.svn/* 85 | 86 | # Berkshelf # 87 | ############# 88 | Berksfile 89 | Berksfile.lock 90 | cookbooks/* 91 | tmp 92 | 93 | # Bundler # 94 | ########### 95 | vendor/* 96 | Gemfile 97 | Gemfile.lock 98 | 99 | # Policyfile # 100 | ############## 101 | Policyfile.rb 102 | Policyfile.lock.json 103 | 104 | # Documentation # 105 | ############# 106 | CODE_OF_CONDUCT* 107 | CONTRIBUTING* 108 | documentation/* 109 | TESTING* 110 | UPGRADING* 111 | 112 | # Vagrant # 113 | ########### 114 | .vagrant 115 | Vagrantfile 116 | -------------------------------------------------------------------------------- /documentation/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sous-chefs/nfs/f8709c2df49579a288eca9882ef99bd0156a428c/documentation/.gitkeep -------------------------------------------------------------------------------- /kitchen.dokken.yml: -------------------------------------------------------------------------------- 1 | driver: 2 | name: dokken 3 | privileged: true 4 | chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> 5 | 6 | transport: { name: dokken } 7 | provisioner: { name: dokken } 8 | 9 | platforms: 10 | - name: almalinux-8 11 | driver: 12 | image: dokken/almalinux-8 13 | pid_one_command: /usr/lib/systemd/systemd 14 | 15 | - name: almalinux-9 16 | driver: 17 | image: dokken/almalinux-9 18 | pid_one_command: /usr/lib/systemd/systemd 19 | 20 | - name: amazonlinux-2023 21 | driver: 22 | image: dokken/amazonlinux-2023 23 | pid_one_command: /usr/lib/systemd/systemd 24 | 25 | - name: centos-7 26 | driver: 27 | image: dokken/centos-7 28 | pid_one_command: /usr/lib/systemd/systemd 29 | 30 | - name: centos-stream-8 31 | driver: 32 | image: dokken/centos-stream-8 33 | pid_one_command: /usr/lib/systemd/systemd 34 | 35 | - name: centos-stream-9 36 | driver: 37 | image: dokken/centos-stream-9 38 | pid_one_command: /usr/lib/systemd/systemd 39 | 40 | - name: debian-9 41 | driver: 42 | image: dokken/debian-9 43 | pid_one_command: /bin/systemd 44 | 45 | - name: debian-10 46 | driver: 47 | image: dokken/debian-10 48 | pid_one_command: /bin/systemd 49 | 50 | - name: debian-11 51 | driver: 52 | image: dokken/debian-11 53 | pid_one_command: /bin/systemd 54 | 55 | - name: debian-12 56 | driver: 57 | image: dokken/debian-12 58 | pid_one_command: /bin/systemd 59 | 60 | - name: fedora-latest 61 | driver: 62 | image: dokken/fedora-latest 63 | pid_one_command: /usr/lib/systemd/systemd 64 | 65 | - name: opensuse-leap-15 66 | driver: 67 | image: dokken/opensuse-leap-15 68 | pid_one_command: /usr/lib/systemd/systemd 69 | 70 | - name: oraclelinux-7 71 | driver: 72 | image: dokken/oraclelinux-7 73 | pid_one_command: /usr/lib/systemd/systemd 74 | 75 | - name: oraclelinux-8 76 | driver: 77 | image: dokken/oraclelinux-8 78 | pid_one_command: /usr/lib/systemd/systemd 79 | 80 | - name: oraclelinux-9 81 | driver: 82 | image: dokken/oraclelinux-9 83 | pid_one_command: /usr/lib/systemd/systemd 84 | 85 | - name: rockylinux-8 86 | driver: 87 | image: dokken/rockylinux-8 88 | pid_one_command: /usr/lib/systemd/systemd 89 | 90 | - name: rockylinux-9 91 | driver: 92 | image: dokken/rockylinux-9 93 | pid_one_command: /usr/lib/systemd/systemd 94 | 95 | - name: ubuntu-18.04 96 | driver: 97 | image: dokken/ubuntu-18.04 98 | pid_one_command: /bin/systemd 99 | 100 | - name: ubuntu-20.04 101 | driver: 102 | image: dokken/ubuntu-20.04 103 | pid_one_command: /bin/systemd 104 | 105 | - name: ubuntu-22.04 106 | driver: 107 | image: dokken/ubuntu-22.04 108 | pid_one_command: /bin/systemd 109 | 110 | - name: ubuntu-23.04 111 | driver: 112 | image: dokken/ubuntu-23.04 113 | pid_one_command: /bin/systemd 114 | -------------------------------------------------------------------------------- /kitchen.yml: -------------------------------------------------------------------------------- 1 | --- 2 | driver: 3 | name: vagrant 4 | 5 | provisioner: 6 | name: chef_infra 7 | product_name: <%= ENV['CHEF_PRODUCT_NAME'] || 'chef' %> 8 | product_version: <%= ENV['CHEF_VERSION'] || 'latest' %> 9 | log_level: <%= ENV['CHEF_LOG_LEVEL'] || 'auto' %> 10 | multiple_converge: 2 11 | enforce_idempotency: true 12 | deprecations_as_errors: true 13 | chef_license: accept-no-persist 14 | 15 | # TODO(ramereth): Remove on the next release of chef-workstation - 12/20/2022 16 | transport: 17 | name: ssh 18 | username: vagrant 19 | password: vagrant 20 | 21 | verifier: 22 | name: inspec 23 | 24 | platforms: 25 | - name: centos-7 26 | - name: centos-stream-8 27 | - name: debian-10 28 | - name: debian-11 29 | - name: fedora-latest 30 | - name: ubuntu-18.04 31 | - name: ubuntu-20.04 32 | - name: ubuntu-22.04 33 | 34 | suites: 35 | - name: default 36 | run_list: 37 | - recipe[nfs::default] 38 | - recipe[nfs_test::default] 39 | - name: server 40 | run_list: 41 | - recipe[nfs::server] 42 | - recipe[nfs_test::issue46] 43 | -------------------------------------------------------------------------------- /libraries/helpers.rb: -------------------------------------------------------------------------------- 1 | module Nfs 2 | module Cookbook 3 | module Helpers 4 | # Finds the UID for the given user name 5 | # 6 | # @param [String] username 7 | # @return 8 | def find_uid(username) 9 | uid = nil 10 | Etc.passwd do |entry| 11 | if entry.name == username 12 | uid = entry.uid 13 | break 14 | end 15 | end 16 | uid 17 | end 18 | 19 | # Finds the GID for the given group name 20 | # 21 | # @param [String] groupname 22 | # @return [Integer] the matching GID or nil 23 | def find_gid(groupname) 24 | gid = nil 25 | Etc.group do |entry| 26 | if entry.name == groupname 27 | gid = entry.gid 28 | break 29 | end 30 | end 31 | gid 32 | end 33 | end 34 | end 35 | end 36 | -------------------------------------------------------------------------------- /metadata.rb: -------------------------------------------------------------------------------- 1 | name 'nfs' 2 | maintainer 'Sous Chefs' 3 | maintainer_email 'help@sous-chefs.org' 4 | license 'Apache-2.0' 5 | description 'Installs and configures NFS, and NFS exports' 6 | version '5.1.5' 7 | source_url 'https://github.com/sous-chefs/nfs' 8 | issues_url 'https://github.com/sous-chefs/nfs/issues' 9 | chef_version '>= 15.3' 10 | 11 | supports 'centos' 12 | supports 'debian' 13 | supports 'oracle' 14 | supports 'redhat' 15 | supports 'scientific' 16 | supports 'ubuntu' 17 | 18 | depends 'line' 19 | -------------------------------------------------------------------------------- /recipes/_common.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: nfs 3 | # Recipe:: _common 4 | # 5 | # Copyright:: 2011-2014, Eric G. Wolfe 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | # Install package, dependent on platform 21 | node['nfs']['packages'].each do |nfspkg| 22 | package nfspkg 23 | end 24 | 25 | # On FreeBSD, create the potentially missing configuration directory 26 | directory ::File.dirname(node['nfs']['config']['server_template']) do 27 | mode '755' 28 | action :create 29 | only_if { platform_family?('freebsd') } 30 | end 31 | 32 | client_service_list = node['nfs']['client-services'] 33 | 34 | # Configure NFS client components 35 | node['nfs']['config']['client_templates'].each do |client_template| 36 | template client_template do 37 | mode '644' 38 | client_service_list.each do |component| 39 | notifies :restart, "service[#{component}]", :delayed 40 | end 41 | end 42 | end 43 | 44 | kernel_module 'lockd' do 45 | options [ 46 | "nlm_udpport=#{node['nfs']['port']['lockd']}", 47 | "nlm_tcpport=#{node['nfs']['port']['lockd']}", 48 | ] 49 | client_service_list.each do |component| 50 | notifies :restart, "service[#{component}]", :delayed 51 | end 52 | end unless docker? 53 | 54 | # Start NFS client components 55 | client_service_list.each do |component| 56 | service component do 57 | service_name node['nfs']['service'][component] 58 | action [:start, :enable] 59 | supports status: true 60 | end 61 | end 62 | -------------------------------------------------------------------------------- /recipes/_idmap.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: nfs 3 | # Recipe:: _idmap 4 | # 5 | # Copyright:: 2014, Eric G. Wolfe 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | include_recipe 'nfs::_common' 21 | 22 | # Configure idmap template for NFSv4 client/server support 23 | template node['nfs']['config']['idmap_template'] do 24 | mode '644' 25 | notifies :restart, 'service[idmap]', :immediately 26 | end 27 | 28 | # Start idmapd components 29 | service 'idmap' do 30 | service_name node['nfs']['service']['idmap'] 31 | action [:start, :enable] 32 | supports status: true 33 | end 34 | -------------------------------------------------------------------------------- /recipes/_sysctl.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: nfs 3 | # Recipe:: _sysctl 4 | # 5 | # Copyright:: 2011-2018, Eric G. Wolfe 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | sysctl_keys = %w(fs.nfs.nlm_tcpport fs.nfs.nlm_udpport) 21 | sysctl_keys.each do |key| 22 | sysctl key do 23 | value node['nfs']['port']['lockd'] 24 | end unless docker? 25 | end 26 | 27 | service 'rpcbind' do 28 | action [:start, :enable] 29 | supports status: true 30 | end 31 | -------------------------------------------------------------------------------- /recipes/client4.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: nfs 3 | # Recipe:: client4 4 | # 5 | # Copyright:: 2011, Eric G. Wolfe 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | # Include NFS <= v3 components and idmap 21 | include_recipe 'nfs::_common' 22 | include_recipe 'nfs::_idmap' 23 | -------------------------------------------------------------------------------- /recipes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: nfs 3 | # Recipe:: default 4 | # 5 | # Copyright:: 2011, Eric G. Wolfe 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | # NFS client components protocol-level less than, or equal to 3 moved to _common recipe 21 | include_recipe 'nfs::_common' 22 | -------------------------------------------------------------------------------- /recipes/server.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: nfs 3 | # Recipe:: server 4 | # 5 | # Copyright:: 2011-2014, Eric G. Wolfe 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | include_recipe 'nfs::_common' 21 | 22 | # Install server components for Debian 23 | package 'nfs-kernel-server' if platform_family?('debian') 24 | 25 | # Configure nfs-server components 26 | if node['nfs']['config']['client_templates'].include?(node['nfs']['config']['server_template']) 27 | r = resources(template: node['nfs']['config']['server_template']) 28 | r.notifies :restart, "service[#{node['nfs']['service']['server']}]" 29 | else 30 | template node['nfs']['config']['server_template'] do 31 | source 'nfs.erb' 32 | mode '644' 33 | notifies :restart, "service[#{node['nfs']['service']['server']}]" 34 | end 35 | end 36 | 37 | # RHEL7 has some extra requirements per 38 | # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Storage_Administration_Guide/nfs-serverconfig.html#s2-nfs-nfs-firewall-config 39 | include_recipe 'nfs::_sysctl' 40 | 41 | # Start nfs-server components 42 | service node['nfs']['service']['server'] do 43 | action [:start, :enable] 44 | supports status: true 45 | end 46 | -------------------------------------------------------------------------------- /recipes/server4.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: nfs 3 | # Recipe:: server4 4 | # 5 | # Copyright:: 2011-2014, Eric G. Wolfe 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | include_recipe 'nfs::_common' 21 | include_recipe 'nfs::_idmap' 22 | include_recipe 'nfs::server' 23 | -------------------------------------------------------------------------------- /recipes/undo.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: nfs 3 | # Recipe:: undo 4 | # 5 | # Copyright:: 2012, Eric G. Wolfe 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | # Stop nfs server components 21 | service node['nfs']['service']['server'] do 22 | action [:stop, :disable] 23 | end 24 | 25 | service 'nfslock' do 26 | service_name node['nfs']['service']['lock'] 27 | action [:stop, :disable] 28 | end 29 | 30 | # Stop nfs client components 31 | service 'portmap' do 32 | service_name node['nfs']['service']['portmap'] 33 | action [:stop, :disable] 34 | end 35 | 36 | # Remove package, dependent on platform 37 | node['nfs']['packages'].each do |nfspkg| 38 | package nfspkg do 39 | action :remove 40 | end 41 | end 42 | 43 | # Remove server components for Debian 44 | package 'nfs-kernel-server' do 45 | action :remove 46 | only_if { platform_family?('debian') } 47 | end 48 | 49 | unless Chef::Config[:solo] 50 | ruby_block 'remove nfs::undo from run_list when there is a conflict' do 51 | block do 52 | node.run_list.remove('recipe[nfs::undo]') 53 | end 54 | only_if do 55 | node.run_list.include?('recipe[nfs::default]') || node.run_list.include?('recipe[nfs::client4]') || 56 | node.run_list.include?('recipe[nfs::server]') || node.run_list.include?('recipe[nfs::server4]') 57 | end 58 | end 59 | end 60 | -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "extends": ["config:base"], 4 | "packageRules": [{ 5 | "groupName": "Actions", 6 | "matchUpdateTypes": ["patch", "pin", "digest"], 7 | "automerge": true, 8 | "addLabels": ["Release: Patch", "Skip: Announcements"] 9 | }, 10 | { 11 | "groupName": "Actions", 12 | "matchUpdateTypes": ["major"], 13 | "automerge": false, 14 | "addLabels": ["Release: Patch", "Skip: Announcements"] 15 | } 16 | ] 17 | } 18 | -------------------------------------------------------------------------------- /resources/export.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: nfs 3 | # Resources:: export 4 | # 5 | # Copyright:: 2012, Riot Games 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | unified_mode true 21 | 22 | property :directory, String, name_property: true 23 | property :network, [String, Array], required: true 24 | property :writeable, [true, false], default: false 25 | property :sync, [true, false], default: true 26 | property :options, Array, default: ['root_squash'] 27 | property :anonuser, String 28 | property :anongroup, String 29 | property :unique, [true, false], default: false 30 | property :fsid, String, default: 'root' 31 | 32 | action :create do 33 | extend Nfs::Cookbook::Helpers 34 | 35 | ro_rw = new_resource.writeable ? 'rw' : 'ro' 36 | sync_async = new_resource.sync ? 'sync' : 'async' 37 | options = new_resource.options.join(',') 38 | options = ",#{options}" unless options.empty? 39 | options << ",anonuid=#{find_uid(new_resource.anonuser)}" if new_resource.anonuser 40 | options << ",anongid=#{find_gid(new_resource.anongroup)}" if new_resource.anongroup 41 | options << ",fsid=#{new_resource.fsid}" if platform_family?('fedora') 42 | 43 | if new_resource.network.is_a?(Array) 44 | host_permissions = new_resource.network.map { |net| net + "(#{ro_rw},#{sync_async}#{options})" } 45 | export_line = "#{new_resource.directory} #{host_permissions.join(' ')}\n" 46 | else 47 | export_line = "#{new_resource.directory} #{new_resource.network}(#{ro_rw},#{sync_async}#{options})\n" 48 | end 49 | 50 | execute 'exportfs' do 51 | command 'exportfs -ar' 52 | default_env true 53 | action :nothing 54 | end 55 | 56 | if ::File.zero?('/etc/exports') || !::File.exist?('/etc/exports') 57 | file '/etc/exports' do 58 | content export_line 59 | notifies :run, 'execute[exportfs]', :immediately 60 | end 61 | elsif new_resource.unique 62 | replace_or_add "export #{new_resource.name}" do 63 | path '/etc/exports' 64 | pattern "^#{new_resource.directory} " 65 | line export_line 66 | notifies :run, 'execute[exportfs]', :immediately 67 | end 68 | else 69 | append_if_no_line "export #{new_resource.name}" do 70 | path '/etc/exports' 71 | line export_line 72 | notifies :run, 'execute[exportfs]', :immediately 73 | end 74 | end 75 | end 76 | -------------------------------------------------------------------------------- /spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | require 'chefspec' 2 | require 'chefspec/berkshelf' 3 | 4 | RSpec.configure do |config| 5 | config.log_level = :error 6 | end 7 | -------------------------------------------------------------------------------- /spec/unit/recipes/client4_spec.rb: -------------------------------------------------------------------------------- 1 | require_relative '../../spec_helper' 2 | 3 | describe 'nfs::client4' do 4 | platform 'centos' 5 | 6 | %w(nfs::_common nfs::_idmap).each do |component| 7 | it { is_expected.to include_recipe(component) } 8 | end 9 | end 10 | -------------------------------------------------------------------------------- /spec/unit/recipes/common_spec.rb: -------------------------------------------------------------------------------- 1 | require_relative '../../spec_helper' 2 | 3 | describe 'nfs::_common' do 4 | context 'on centos 7' do 5 | platform 'centos', '7' 6 | 7 | it { is_expected.to install_package('nfs-utils') } 8 | it { is_expected.to install_package('rpcbind') } 9 | 10 | %w( 11 | nfs-client.target 12 | rpc-statd.service 13 | ).each do |service| 14 | it { is_expected.to start_service(service) } 15 | it { is_expected.to enable_service(service) } 16 | end 17 | 18 | it do 19 | is_expected.to render_file('/etc/sysconfig/nfs') 20 | .with_content(/STATD_PORT="32765"/) 21 | .with_content(/STATD_OUTGOING_PORT="32766"/) 22 | .with_content(/MOUNTD_PORT="32767"/) 23 | .with_content(/LOCKD_UDPPORT="32768"/) 24 | .with_content(/RPCNFSDCOUNT="8"/) 25 | end 26 | end 27 | 28 | context 'on centos 8' do 29 | platform 'centos', '8' 30 | 31 | it { is_expected.to install_package('nfs-utils') } 32 | it { is_expected.to install_package('rpcbind') } 33 | 34 | %w( 35 | nfs-client.target 36 | rpc-statd.service 37 | ).each do |service| 38 | it { is_expected.to start_service(service) } 39 | it { is_expected.to enable_service(service) } 40 | end 41 | 42 | it do 43 | is_expected.to render_file('/etc/nfs.conf') 44 | .with_content(/\[statd\]\nport=32765\noutgoing-port=32766/) 45 | .with_content(/\[mountd\]\nport=32767/) 46 | .with_content(/\[lockd\]\nport=32768\nudp-port=32768/) 47 | .with_content(/\[nfsd\]\nthreads=8/) 48 | end 49 | end 50 | 51 | context 'on debian' do 52 | platform 'debian' 53 | 54 | it { is_expected.to install_package('nfs-common') } 55 | it { is_expected.to install_package('rpcbind') } 56 | 57 | %w( 58 | nfs-client.target 59 | rpc-statd.service 60 | ).each do |service| 61 | it { is_expected.to start_service(service) } 62 | it { is_expected.to enable_service(service) } 63 | end 64 | 65 | it do 66 | is_expected.to render_file('/etc/default/nfs-common') 67 | .with_content(/STATDOPTS="--port 32765 --outgoing-port 32766"/) 68 | end 69 | end 70 | end 71 | -------------------------------------------------------------------------------- /spec/unit/recipes/default_spec.rb: -------------------------------------------------------------------------------- 1 | require_relative '../../spec_helper' 2 | 3 | describe 'nfs::default' do 4 | platform 'centos' 5 | 6 | it { is_expected.to include_recipe('nfs::_common') } 7 | end 8 | -------------------------------------------------------------------------------- /spec/unit/recipes/idmap_spec.rb: -------------------------------------------------------------------------------- 1 | require_relative '../../spec_helper' 2 | 3 | describe 'nfs::_idmap' do 4 | context 'on centos' do 5 | platform 'centos' 6 | 7 | it { is_expected.to include_recipe('nfs::_common') } 8 | 9 | it do 10 | is_expected.to render_file('/etc/idmapd.conf') 11 | .with_content(%r{Pipefs-Directory += +/var/lib/nfs/rpc_pipefs}) 12 | end 13 | 14 | it { is_expected.to start_service('nfs-idmapd.service') } 15 | it { is_expected.to enable_service('nfs-idmapd.service') } 16 | end 17 | 18 | context 'on debian' do 19 | platform 'debian' 20 | 21 | it { is_expected.to include_recipe('nfs::_common') } 22 | 23 | it do 24 | is_expected.to render_file('/etc/idmapd.conf') 25 | .with_content(%r{Pipefs-Directory += +/run/rpc_pipefs}) 26 | end 27 | 28 | it { is_expected.to start_service('nfs-idmapd.service') } 29 | it { is_expected.to enable_service('nfs-idmapd.service') } 30 | end 31 | end 32 | -------------------------------------------------------------------------------- /spec/unit/recipes/server4_spec.rb: -------------------------------------------------------------------------------- 1 | require_relative '../../spec_helper' 2 | 3 | describe 'nfs::server4' do 4 | platform 'centos' 5 | 6 | %w(nfs::_common nfs::_idmap nfs::server).each do |component| 7 | it { is_expected.to include_recipe(component) } 8 | end 9 | end 10 | -------------------------------------------------------------------------------- /spec/unit/recipes/server_spec.rb: -------------------------------------------------------------------------------- 1 | require_relative '../../spec_helper' 2 | 3 | describe 'nfs::server' do 4 | context 'on centos' do 5 | platform 'centos' 6 | 7 | it { is_expected.to include_recipe('nfs::_common') } 8 | 9 | it { is_expected.to start_service('nfs-server.service') } 10 | it { is_expected.to enable_service('nfs-server.service') } 11 | end 12 | 13 | context 'on debian' do 14 | platform 'debian' 15 | 16 | it { is_expected.to include_recipe('nfs::_common') } 17 | 18 | it { is_expected.to start_service('nfs-kernel-server.service') } 19 | it { is_expected.to enable_service('nfs-kernel-server.service') } 20 | 21 | it do 22 | is_expected.to render_file('/etc/default/nfs-kernel-server') 23 | .with_content(/RPCMOUNTDOPTS="-p +32767"/) 24 | .with_content(/RPCNFSDCOUNT="8"/) 25 | end 26 | end 27 | end 28 | -------------------------------------------------------------------------------- /spec/unit/resources/export_spec.rb: -------------------------------------------------------------------------------- 1 | require_relative '../../spec_helper' 2 | 3 | describe 'nfs_export' do 4 | platform 'centos' 5 | 6 | recipe do 7 | nfs_export 'test' 8 | end 9 | end 10 | -------------------------------------------------------------------------------- /templates/default/exports.erb: -------------------------------------------------------------------------------- 1 | # Generated by Chef for <%= node["fqdn"] %> 2 | # Local modifications will be overwritten. 3 | <%- node["nfs"]["exports"].each do |export_line| %> 4 | <%= export_line %> 5 | <% end %> 6 | -------------------------------------------------------------------------------- /templates/default/idmapd.conf.erb: -------------------------------------------------------------------------------- 1 | [General] 2 | 3 | Verbosity = 0 4 | Pipefs-Directory = <%= node['nfs']['idmap']['pipefs_directory'] %> 5 | 6 | # The following should be set to the local NFSv4 domain name 7 | # The default is the host's DNS domain name. 8 | Domain = <%= node['nfs']['idmap']['domain'] %> 9 | 10 | # The following is a comma-separated list of Kerberos realm 11 | # names that should be considered to be equivalent to the 12 | # local realm, such that @REALM.A can be assumed to 13 | # be the same user as @REALM.B 14 | # If not specified, the default local realm is the domain name, 15 | # which defaults to the host's DNS domain name, 16 | # translated to upper-case. 17 | # Note that if this value is specified, the local realm name 18 | # must be included in the list! 19 | #Local-Realms = 20 | 21 | [Mapping] 22 | 23 | Nobody-User = <%= node['nfs']['idmap']['user'] %> 24 | Nobody-Group = <%= node['nfs']['idmap']['group'] %> 25 | 26 | [Translation] 27 | 28 | # Translation Method is an comma-separated, ordered list of 29 | # translation methods that can be used. Distributed methods 30 | # include "nsswitch", "umich_ldap", and "static". Each method 31 | # is a dynamically loadable plugin library. 32 | # New methods may be defined and inserted in the list. 33 | # The default is "nsswitch". 34 | Method = nsswitch 35 | 36 | -------------------------------------------------------------------------------- /templates/default/mountd.erb: -------------------------------------------------------------------------------- 1 | # Generated by Chef for <%= node['fqdn'] %> 2 | # Local modifications will be overwritten. 3 | 4 | mountd_enable="YES" 5 | mountd_flags="<%=node['nfs']['mountd_flags']%> -p <%=node['nfs']['port']['mountd']%>" 6 | -------------------------------------------------------------------------------- /templates/default/nfs-common.erb: -------------------------------------------------------------------------------- 1 | # Generated by Chef for <%= node['fqdn'] -%> 2 | # Local modifications will be overwritten. 3 | STATDOPTS="--port <%= node['nfs']['port']['statd'] -%> --outgoing-port <%= node['nfs']['port']['statd_out'] -%>" 4 | -------------------------------------------------------------------------------- /templates/default/nfs.conf.erb: -------------------------------------------------------------------------------- 1 | # Generated by Chef for <%= node['fqdn'] -%> 2 | # Local modifications will be overwritten. 3 | # 4 | # This is a general configuration for the 5 | # NFS daemons and tools 6 | [general] 7 | pipefs-directory=<%= node['nfs']['idmap']['pipefs_directory'] %> 8 | 9 | [gssd] 10 | use-gss-proxy=1 11 | 12 | [lockd] 13 | port=<%= node['nfs']['port']['lockd'] %> 14 | udp-port=<%= node['nfs']['port']['lockd'] %> 15 | 16 | [mountd] 17 | port=<%= node['nfs']['port']['mountd'] %> 18 | 19 | [nfsd] 20 | threads=<%= node['nfs']['threads'] %> 21 | 22 | [statd] 23 | port=<%= node['nfs']['port']['statd'] %> 24 | outgoing-port=<%= node['nfs']['port']['statd_out'] %> 25 | -------------------------------------------------------------------------------- /templates/default/nfs.erb: -------------------------------------------------------------------------------- 1 | # Generated by Chef for <%= node['fqdn'] -%> 2 | # Local modifications will be overwritten. 3 | <% case node['platform_family'] -%> 4 | <%# RHEL -%> 5 | <% when 'rhel' -%> 6 | # Rendered RHEL template variant 7 | STATD_PORT="<%= node['nfs']['port']['statd'] -%>" 8 | STATD_OUTGOING_PORT="<%= node['nfs']['port']['statd_out'] -%>" 9 | STATDARG="-p <%= node['nfs']['port']['statd'] -%> -o <%= node['nfs']['port']['statd_out'] -%>" 10 | MOUNTD_PORT="<%= node['nfs']['port']['mountd'] -%>" 11 | RPCMOUNTDOPTS="-p <%= node['nfs']['port']['mountd'] -%>" 12 | LOCKD_UDPPORT="<%= node['nfs']['port']['lockd'] -%>" 13 | LOCKD_TCPPORT="<%= node['nfs']['port']['lockd'] -%>" 14 | RQUOTAD_PORT="<%= node['nfs']['port']['rquotad'] -%>" 15 | <% unless node['nfs']['v2'].nil? -%> 16 | MOUNTD_NFS_V2="<%= node['nfs']['v2'] -%>" 17 | <% end -%> 18 | <% unless node['nfs']['v3'].nil? -%> 19 | MOUNTD_NFS_V3="<%= node['nfs']['v3'] -%>" 20 | <% end -%> 21 | RQUOTAD="<%= node['nfs']['rquotad'] -%>" 22 | <% unless node['nfs']['threads'] == 0 -%> 23 | RPCNFSDCOUNT="<%= node['nfs']['threads'] -%>" 24 | <% end -%> 25 | 26 | <%# SUSE -%> 27 | <% when 'suse' -%> 28 | # Rendered SUSE template variant 29 | <% unless node['nfs']['threads'] == 0 -%> 30 | USE_KERNEL_NFSD_NUMBER="<%= node['nfs']['threads'] -%>" 31 | <% end -%> 32 | MOUNTD_PORT="<%= node['nfs']['port']['mountd'] -%>" 33 | STATD_PORT="<%= node['nfs']['port']['statd'] -%>" 34 | LOCKD_TCPPORT="<%= node['nfs']['port']['lockd'] -%>" 35 | LOCKD_UDPPORT="<%= node['nfs']['port']['lockd'] -%>" 36 | NFS_START_SERVICES="yes" 37 | <% unless node['nfs']['v4'].nil? -%> 38 | NFS4_SUPPORT="<%= node['nfs']['v4'] -%>" 39 | <% end -%> 40 | 41 | <%# FreeBSD -%> 42 | <% when 'freebsd' -%> 43 | # Rendered FreeBSD template variant 44 | portmap_enabled="YES" 45 | nfs_server_enable="YES" 46 | <% unless node['nfs']['v4'].nil? -%> 47 | nfsv4_server_enable="<%= node['nfs']['v4'] -%>" 48 | <% end -%> 49 | nfs_server_flags="<%= node['nfs']['server_flags'] -%>" 50 | 51 | <%# Debian/Ubuntu -%> 52 | <% when 'debian' -%> 53 | # Rendered Debian/Ubuntu template variant 54 | RPCMOUNTDOPTS="-p <%= node['nfs']['port']['mountd'] %>" 55 | <% unless node['nfs']['threads'] == 0 -%> 56 | RPCNFSDCOUNT="<%= node['nfs']['threads'] -%><% if node['nfs']['v4'] == 'no' -%> --no-nfs-version 4<% end -%>" 57 | <% end -%> 58 | <% end -%> 59 | -------------------------------------------------------------------------------- /test/cookbooks/nfs_test/metadata.rb: -------------------------------------------------------------------------------- 1 | name 'nfs_test' 2 | maintainer 'Eric G. Wolfe' 3 | maintainer_email 'wolfe21@marshall.edu' 4 | license 'Apache-2.0' 5 | description 'Tests NFS cookbook' 6 | version '0.0.2' 7 | 8 | depends 'apt' 9 | depends 'nfs' 10 | depends 'line' 11 | -------------------------------------------------------------------------------- /test/cookbooks/nfs_test/recipes/default.rb: -------------------------------------------------------------------------------- 1 | # This service is loaded lazily and wait until a connection is attempted to 2 | # start so, manually start them here so that Kitchen can test for them 3 | 4 | service 'rpcbind' do 5 | action [:enable, :start] 6 | end 7 | -------------------------------------------------------------------------------- /test/cookbooks/nfs_test/recipes/issue46.rb: -------------------------------------------------------------------------------- 1 | %w(share1 share2 share3).each do |share| 2 | directory "/tmp/#{share}" 3 | end 4 | 5 | %w(user1 user2 user3).each do |u| 6 | group u if platform_family?('suse') 7 | user u 8 | end 9 | 10 | nfs_export '/tmp/share1' do 11 | network '127.0.0.1' 12 | anonuser 'user1' 13 | anongroup 'user1' 14 | end 15 | 16 | nfs_export '/tmp/share2' do 17 | network '127.0.0.1' 18 | anonuser 'user2' 19 | anongroup 'user2' 20 | end 21 | 22 | nfs_export '/tmp/share3' do 23 | network '127.0.0.1' 24 | anonuser 'user3' 25 | anongroup 'user3' 26 | end 27 | -------------------------------------------------------------------------------- /test/integration/default/controls/default_control.rb: -------------------------------------------------------------------------------- 1 | control 'portmap' do 2 | title 'Verify portmap is setup correctly' 3 | 4 | describe port(111) do 5 | it { should be_listening } 6 | end 7 | 8 | describe service('rpcbind') do 9 | it { should be_enabled } 10 | it { should be_running } 11 | end 12 | end 13 | 14 | control 'statd' do 15 | title 'Verify statd is setup correctly' 16 | 17 | describe port(32765) do 18 | it { should be_listening } 19 | end 20 | 21 | describe service('rpc-statd') do 22 | it { should be_enabled } 23 | it { should be_running } 24 | end 25 | end 26 | 27 | control 'nfs-client' do 28 | title 'Verify nfs client services are setup correctly' 29 | 30 | describe service('nfs-client.target') do 31 | it { should be_enabled } 32 | it { should be_running } 33 | end 34 | end 35 | -------------------------------------------------------------------------------- /test/integration/default/inspec.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: default 3 | title: Integration tests for the nfs cookbook 4 | -------------------------------------------------------------------------------- /test/integration/server/controls/server_control.rb: -------------------------------------------------------------------------------- 1 | include_controls 'default' 2 | 3 | control 'mountd' do 4 | title 'Verify mountd is setup correctly' 5 | 6 | describe port(32767) do 7 | it { should be_listening } 8 | end 9 | 10 | describe service('nfs-mountd') do 11 | it { should be_enabled } 12 | it { should be_running } 13 | end 14 | end 15 | 16 | control 'nfs-server' do 17 | title 'Verify nfs-server is setup correctly' 18 | 19 | describe service('nfs-server') do 20 | it { should be_enabled } 21 | it { should be_running } 22 | end 23 | end 24 | 25 | control 'share-ids' do 26 | title 'Verify correct user/group ids are used' 27 | 28 | describe command("egrep -c '/tmp/share[0-9] 127.0.0.1\\(ro,sync,root_squash,anonuid=[0-9]+,anongid=[0-9]+(,fsid=root)?\\)' /etc/exports") do 29 | its('stdout') { should match(/3\n/) } 30 | end 31 | 32 | describe command("egrep -v '/tmp/share[0-9] 127.0.0.1\\(rw,sync,root_squash,(anonuid=[0-9]+,anongid=[0-9]+){2,}\\)' /etc/exports") do 33 | its('exit_status') { should eq 0 } 34 | its('stdout') { should_not match(%r{^\/tmp\/share2[.]*anonuid=1001}) } 35 | its('stdout') { should_not match(%r{^\/tmp\/share2[.]*anongid=1001}) } 36 | its('stdout') { should_not match(%r{^\/tmp\/share3[.]*anonuid=1002}) } 37 | its('stdout') { should_not match(%r{^\/tmp\/share3[.]*anongid=1002}) } 38 | end 39 | end 40 | 41 | control 'lockd kernel module' do 42 | title 'Verify kernel module is setup correctly' 43 | 44 | describe kernel_module 'lockd' do 45 | it { should be_loaded } 46 | it { should_not be_disabled } 47 | it { should_not be_blacklisted } 48 | end 49 | 50 | %w(fs.nfs.nlm_tcpport fs.nfs.nlm_udpport).each do |param| 51 | describe kernel_parameter param do 52 | its('value') { should eq 32768 } 53 | end 54 | end 55 | end 56 | -------------------------------------------------------------------------------- /test/integration/server/inspec.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: server 3 | title: Integration tests for the nfs cookbook 4 | 5 | depends: 6 | - name: default 7 | path: test/integration/default 8 | --------------------------------------------------------------------------------