3f0e36c8bb
- terraform-lxc-deployment.md: Deployed (Phase 1 single-LXC baseline) - terraform-lxc-deployment-batch.md: Deployed (Phase 2 batch/dynamic template, validated N=4/N=7) - ansible-base-testing.md: Deployed (base testing environment, validated fleet ping/playbook) - ansible-playbook.md: Deployed (NFS client role, validated MK7 + Swarm workers) All four PRDs now in PRDs/ with status Deployed.
3.7 KiB
3.7 KiB
Ansible Playbook — NFS Client Role PRD
Status: Deployed | Author: Artemis | Date: 2026-06-04
Deployed: Standardized NFS client mount for fleet Debian nodes. Mounts TrueNAS
Repodataset to/home/jarvis/repoon all non-PVE, non-ZimaOS nodes. Role tested and validated against MK7 and Swarm workers.
1. Purpose
Standardized NFS client mounting for fleet Debian nodes. Ensures /home/jarvis/repo is available fleet-wide for shared scripts, compose files, and configuration storage.
2. Scope
| Target | Action |
|---|---|
| Debian fleet nodes (MK7, Swarm workers) | Install nfs-common, mount NFS share |
| PVE nodes (MK33/34/39) | Excluded — TrueNAS ACL blocks 192.168.192.0/27 |
| ZimaOS (igor, MK-46) | Excluded — ansible_os_family != "Debian" |
3. Files
| File | Location | Purpose |
|---|---|---|
main.yml |
~/documentation/procedures/ansible-playbook/ |
Playbook entry point |
inventory.yml |
~/documentation/procedures/ansible-playbook/ |
Host definitions + nfs_shares variable |
roles/nfs_client/tasks/main.yml |
~/documentation/procedures/ansible-playbook/roles/nfs_client/tasks/ |
Role: install, mount, fix permissions |
4. Role Task Breakdown
4.1 Install nfs-common
- name: Install nfs-common
ansible.builtin.apt:
name: nfs-common
state: present
become: true
when: ansible_os_family == "Debian"
4.2 Create mount directory
- name: Ensure NFS mount directory exists
ansible.builtin.file:
path: "{{ item.local_path }}"
state: directory
owner: "jarvis"
group: "jarvis"
mode: '0755'
become: true
loop: "{{ nfs_shares }}"
4.3 Mount NFS share
- name: Mount NFS share
ansible.posix.mount:
src: "{{ item.server }}:{{ item.remote_path }}"
path: "{{ item.local_path }}"
fstype: nfs
opts: "{{ item.options | default('defaults') }}"
state: mounted
become: true
loop: "{{ nfs_shares }}"
4.4 Fix mount ownership
- name: Ensure mounted directory is owned by jarvis
ansible.builtin.file:
path: "{{ item.local_path }}"
owner: "jarvis"
group: "jarvis"
recurse: yes
become: true
loop: "{{ nfs_shares }}"
5. Inventory Variables
nfs_shares:
- server: "192.168.16.254"
remote_path: "/mnt/Ice/Repo"
local_path: "/home/jarvis/repo"
options: "vers=4.2,proto=tcp"
6. Deployment Notes
| Decision | Value | Rationale |
|---|---|---|
| NFS version | 4.2 |
TrueNAS SCALE 25.10.2 default |
| Transport | tcp |
Required for NFSv4.2 |
| Mount point | /home/jarvis/repo |
Fleet standard shared workspace |
| Owner | jarvis:jarvis |
Fleet-wide standard user |
| TrueNAS path | /mnt/Ice/Repo |
Dataset-backed export (not /repo) |
| ACL restriction | 192.168.0.0/18 |
Neo (192.168.192.0/27) excluded |
7. Execution
# From ~/docker/ansible-push/
docker compose run --rm ansible \
ansible-playbook -i procedures/ansible-playbook/inventory.yml \
procedures/ansible-playbook/main.yml
Or directly on any Ansible-capable node:
ansible-playbook -i ~/documentation/procedures/ansible-playbook/inventory.yml \
~/documentation/procedures/ansible-playbook/main.yml
8. Validated On
| Node | Date | Result |
|---|---|---|
| MK7 (mark-vii) | 2026-06-04 | ✅ Mounted, accessible |
| MK33/34/39 | — | ❌ Excluded (TrueNAS ACL) |
| Neo | — | ❌ Excluded (192.168.192.0/27) |
| Igor (MK-38) | — | ❌ Excluded (ZimaOS, not Debian) |
9. Future Work
- Phase 2: Expand to additional NFS exports (
/mnt/Ice/Backup) - Phase 3: Add
fstabpersistence check and remount logic - Phase 4: Create separate playbook for Neo NFS proxy via MK7 jump host