[Puppet Users] Re: Managing mounted NFS shares, when having no write permission on that share

Mon, 20 Aug 2018 05:57:04 -0700 

Another alternative might be to avoid specifying the user/group/mode 
attributes for the File resource.  This would assume that you can be 
confident that the agent is running as root and the system has a sufficient 
umask setting.  If that's the case, these resource attributes can be left 
out and puppet shouldn't complain about them on subsequent runs...

file { '/data/app':
 ensure => directory,
}

mount { '/data/app':
 ensure  => mounted,
 device   => nfs_server:/app
 dump    => 0,
 fstype    => 'nfs',
 target    => '/etc/fstab',
 require  => File['/data/app'],
}



On Friday, August 17, 2018 at 5:03:02 PM UTC-4, Mike Langhorst wrote:
>
> I'm having some issues with managing a mount point for an NFS server.  
> Specifically when the client system has no root write privileges to that 
> NFS share.
>
> I need to mount a NetApp NFS/Cifs share to a filesystem location 
> /data/app.   So I'll need to manage the file resource /data/app, and as 
> typical the owner and mode.
>
> file { '/data/app':
>   ensure => directory,
>   owner => root,
>   group  => root,
>   mode   => '0755',
> }
>
> mount { '/data/app':
>   ensure  => mounted,
>   device   => nfs_server:/app
>   dump    => 0,
>   fstype    => 'nfs',
>   target    => '/etc/fstab',
>   require  => File['/data/app'],
> }
>
>
> So when I mount this nfs to /data/app,  that share and it's contents are 
> nfsnobody, or some other high numbered uid,  with varying permissions, 
> sometimes 777.  The NetApp may show 777, but it's applying other ACLs due 
> to the CIFS share.  For the different shares I've had to mount, that uid 
> and permissions have been different so I couldn't do something like 
> updating the module/hiera data to match after the fact as I still wouldn't 
> want that underling directory /data/app to be 777.
>
> I don't see anything in the file resource spec to allow for an "onlyif" or 
> such.
>
> Any ideas on how to manage this?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/323abd27-a8c3-4e87-9ef1-94a2602e2d27%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to