[Puppet Users] Re: Managing mounted NFS shares, when having no write permission on that share

Mon, 20 Aug 2018 05:57:04 -0700 

Another alternative might be to avoid specifying the user/group/mode 
attributes for the File resource.  This would assume that you can be 
confident that the agent is running as root and the system has a sufficient 
umask setting.  If that's the case, these resource attributes can be left 
out and puppet shouldn't complain about them on subsequent runs...

file { '/data/app':
 ensure => directory,
}

mount { '/data/app':
 ensure  => mounted,
 device   => nfs_server:/app
 dump    => 0,
 fstype    => 'nfs',
 target    => '/etc/fstab',
 require  => File['/data/app'],
}



On Friday, August 17, 2018 at 5:03:02 PM UTC-4, Mike Langhorst wrote:
>
> I'm having some issues with managing a mount point for an NFS server.  
> Specifically when the client system has no root write privileges to that 
> NFS share.
>
> I need to mount a NetApp NFS/Cifs share to a filesystem location 
> /data/app.   So I'll need to manage the file resource /data/app, and as 
> typical the owner and mode.
>
> file { '/data/app':
>   ensure => directory,
>   owner => root,
>   group  => root,
>   mode   => '0755',
> }
>
> mount { '/data/app':
>   ensure  => mounted,
>   device   => nfs_server:/app
>   dump    => 0,
>   fstype    => 'nfs',
>   target    => '/etc/fstab',
>   require  => File['/data/app'],
> }
>
>
> So when I mount this nfs to /data/app,  that share and it's contents are 
> nfsnobody, or some other high numbered uid,  with varying permissions, 
> sometimes 777.  The NetApp may show 777, but it's applying other ACLs due 
> to the CIFS share.  For the different shares I've had to mount, that uid 
> and permissions have been different so I couldn't do something like 
> updating the module/hiera data to match after the fact as I still wouldn't 
> want that underling directory /data/app to be 777.
>
> I don't see anything in the file resource spec to allow for an "onlyif" or 
> such.
>
> Any ideas on how to manage this?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/323abd27-a8c3-4e87-9ef1-94a2602e2d27%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to