Added NFS service configuration to the SERVICES role to allow DNAC backups

2022-07-08 14:59:11 +01:00 · 2022-07-08 14:59:11 +01:00 · 89b377bfde
commit 89b377bfde
parent 0677bd0255
4 changed files with 54 additions and 2 deletions
--- a/dnaclab_linux/prestage.yml
+++ b/dnaclab_linux/prestage.yml
@ -10,6 +10,8 @@
    - common
    - services
  become: yes
+  vars_files:
+    - global_vars/main.yml

  tasks:

--- a/dnaclab_linux/roles/services/tasks/main.yml
+++ b/dnaclab_linux/roles/services/tasks/main.yml
@ -10,6 +10,7 @@
    - tftpd-hpa
    - syslog-ng
    - vsftpd
+    - nfs-kernel-server
  
 - name: Configure UFW to allow inbound NTP, SSH, SYSLOG, FTP and TFTP connections
  community.general.ufw:
@ -36,6 +37,19 @@
      proto: tcp
    - port: '5142'
      proto: tcp
+    - port: '111'
+      proto: tcp
+    - port: '111'
+      proto: udp
+    - port: '2049'
+      proto: tcp
+    - port: '2049'
+      proto: udp
+    - port: '32767'
+      proto: tcp
+    - port: '32767'
+      proto: udp
+    

 - name: Deny all other incoming IPv4 traffic
  community.general.ufw:
@ -93,6 +107,38 @@
    mode: '0644'
    backup: yes

+- name: Create FTP directory
+  ansible.builtin.file:
+    path: "/home/{{ ansible_user }}/Desktop/SFTP"
+    state: directory
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
+    mode: '0755'
+
+- name: Create NFS directories
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    owner: "{{ item.owner }}"
+    group: "{{ item.group }}"
+    mode: '0755'
+  loop:
+    - path: "/home/{{ ansible_user }}/Desktop/DNAC-NFS-BACKUP"
+      owner: "nobody"
+      group: "nogroup"
+    - path: "/home/{{ ansible_user }}/Desktop/DNAC-SSH-BACKUP"
+      owner: "{{ ansible_user }}"
+      group: "{{ ansible_user }}"
+
+- name: Apply NFS configuration lines
+  ansible.builtin.lineinfile:
+    path: /etc/exports 
+    line: "/home/{{ ansible_user }}/Desktop/DNAC-NFS-BACKUP *(rw,all_squash,sync,no_subtree_check) "
+    state: present
+
+- name: Export file system to NFS server
+  ansible.builtin.command: sudo exportfs -a
+
 - name: Enable installed services
  ansible.builtin.service:
    name: "{{ item }}"
@ -101,4 +147,5 @@
    - ntp
    - tftpd-hpa
    - syslog-ng
-    - vsftpd
+    - vsftpd
+    - nfs-kernel-server
--- a/ios_devices/device_audit.yml
+++ b/ios_devices/device_audit.yml
@ -3,7 +3,7 @@
 ## for devices which feature VRFs or multi-instance capabilities.

 - name: Audit devices and print key information
-  hosts: baguleykit
+  hosts: evengkit
  gather_facts: false
  connection: network_cli
  roles:
--- a/ios_devices/inventory.yml
+++ b/ios_devices/inventory.yml
@ -5,3 +5,6 @@ baguleykit:
 homekit:
  hosts:
    192.168.1.60:
+evengkit:
+  hosts:
+    172.16.1.239: