This is a module for managing fileystem automounting using autofs.
This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.
If you find any issues, please submit them via JIRA.
This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:
- When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.
- If used independently, all SIMP-managed security subsystems are disabled by
default and must be explicitly opted into by administrators. See the
SIMP
simp_optionsmodule for more detail.
The autofs module installs autofs packages, configures the autofs service,
and manages all autofs configuration files.
It does not manage NFS, but seamlessly interoperates with the
SIMP nfs module, which does manage
NFS.
The only requirement is to include the autofs module and its dependencies
in your modulepath.
You can use the autofs module to manage general autofs configuration files,
as well as auto.master entry files and map files.
The autofs module manages the following general configuration files:
/etc/autofs.conf/etc/autofs/sysconfig/autofs/etc/auto.master/etc/autofs_ldap_auth.conf
To configure the first three files, simply include autofs or one of this
module's defines in a node's manifest and then set the appropriate
configuration values from the autofs class via Hieradata.
- The managed
/etc/auto.masterfile only allows configuration of included directories with one or more+dirdirectives. All other auto.master entries must reside in one or more*.autofsfiles in one of the included directories.
To configure the third file:
-
Include
autofsor one of this module's defines in a node's manifest. -
Set the
autofs::ldapparameter totruein Hieradata, along with any of the other LDAP-related parameters in theautofsclass, as appropriate. This will ensure/etc/autofs.confis configured to load the appropriate LDAP authentication configuration file.- The
autofs::ldap_authclass that manages that file is included in the node's manifest.
-
Configure the LDAP-authentication-specific parameters of the
autofs::ldap_authclass in Heiradata.
You can configure the automount map configuration via the $autofs::maps
parameter, or by including autofs::map, autofs::masterfile, and/or
autofs::mapfile defines in your node's manifest. By default these will
create auto.master entry files in /etc/auto.master.simp.d and map files in
/etc/autofs.maps.simp.d. Both directories are fully managed by the autofs
module. This means any files in those directories that are not managed by a
Puppet resource will be purged.
The autofs class provides a simple mechanism to configure 'file' type maps
in hieradata. Via the $autofs::map parameter, you can configure any number
of direct or indirect 'file' maps. For example,
autofs::maps:
# direct mount
data:
mount_point: "/-"
mappings:
# mappings is a single Hash for direct maps
key: "/net/data"
options: "-fstype=nfs,soft,nfsvers=4,ro"
location: "nfs.example.com:/exports/data"
# indirect mount with wildcard key and key substitution
home:
mount_point: "/home"
master_options: "strictexpire --strict"
mappings:
# mappings is an Array for indirect maps
- key: "*"
options: "-fstype=nfs,soft,nfsvers=4,rw"
location: "nfs.example.com:/exports/home/&"
# indirect mount with multiple, explicit keys
apps:
mount_point: "/net/apps"
mappings:
- key: "v1"
options: "-fstype=nfs,soft,nfsvers=4,ro"
location: "nfs.example.com:/exports/apps1"
- key: "v2"
options: "-fstype=nfs,soft,nfsvers=4,ro"
location: "nfs.example.com:/exports/apps2"
- key: "latest"
options: "-fstype=nfs,soft,nfsvers=4,ro"
location: "nfs.example.com:/exports/apps3"This would create 3 auto.master entry files and 3 corresponding map files:
-
/etc/auto.master.simp.d/data.autofs: Direct map auto.master entry that references the/etc/autofs.simp.maps.d/data.mapmap file./- /etc/autofs.maps.simp.d/data.map -
/etc/auto.master.simp.d/home.autofs: Indirect map auto.master entry that references the/etc/autofs.simp.maps.d/home.mapmap file./home /etc/autofs.maps.simp.d/home.map -
/etc/auto.master.simp.d/auto.autofs: Indirect map auto.master entry that references the/etc/autofs.simp.maps.d/apps.mapmap file./net/apps /etc/autofs.maps.simp.d/apps.map -
/etc/autofs.maps.simp.d/data.map: Direct map./net/data -fstype=nfs,soft,nfsvers=4,ro nfs.example.com:/exports/data -
/etc/autofs.maps.simp.d/home.map: Indirect map with wildcard key.* -fstype=nfs,soft,nfsvers=4,rw nfs.example.com:/exports/home/& -
/etc/autofs.maps.simp.d/auto.map: Indirect map with multiple keys.v1 -fstype=nfs,soft,nfsvers=4,ro nfs.example.com:/exports/apps1 v2 -fstype=nfs,soft,nfsvers=4,ro nfs.example.com:/exports/apps2 latest -fstype=nfs,soft,nfsvers=4,ro nfs.example.com:/exports/apps3
To configure just an auto.master entry file, use the autofs::masterfile
define. For example,
-
To create an autofs master entry file for a direct 'file' map
autofs::masterfile { 'data': mount_point => '/-', map => '/etc/autofs.maps.simp.d/data' } -
To create an autofs master entry file for an indirect 'file' map
autofs::masterfile { 'home': mount_point => '/home', map => '/etc/autofs.maps.simp.d/home' } -
To create an autofs master entry file for a 'program' map
autofs::masterfile { 'nfs4': mount_point => '/nfs4', map_type => 'program', map => '/usr/sbin/fedfs-map-nfs4', options => 'nobind' } -
To create an autofs master entry file for a 'ldap' map with a pre-configured LDAP server
autofs::masterfile { 'home': mount_point => '/home', map_type => 'ldap', map => 'ou=auto.indirect,dc=example,dc=com' }
To configure just a map file, use the autofs::mapfile define. For
example,
-
To create an autofs map file for a direct map
autofs::mapfile {'data': mappings => { 'key' => '/net/data', 'options' => '-fstype=nfs,soft,nfsvers=4,ro', 'location' => '1.2.3.4:/exports/data' } } -
To create an autofs map file for an indirect map with wildcard key
autofs::mapfile { 'home': mappings => [ { 'key' => '*', 'options' => '-fstype=nfs,soft,nfsvers=4,rw', 'location' => '1.2.3.4:/exports/home/&' } ] } -
To create an autofs map file for an indirect map with mutiple keys
autofs::mapfile { 'apps': mappings => [ { 'key' => 'v1', 'options' => '-fstype=nfs,soft,nfsvers=4,rw', 'location' => '1.2.3.4:/exports/apps1' }, { 'key' => 'v2', 'options' => '-fstype=nfs,soft,nfsvers=4,rw', 'location' => '1.2.3.4:/exports/apps2' }, { 'key' => 'latest', 'options' => '-fstype=nfs,soft,nfsvers=4,rw', 'location' => '1.2.3.5:/exports/apps3' } ] }
To configure an auto.master entry file and its corresponding map file, use the
autofs::map define. For example,
-
To create an autofs master and map files for a direct map
autofs::map {'data': mount_point => '/-', mappings => { 'key' => '/net/data', 'options' => '-fstype=nfs,soft,nfsvers=4,ro', 'location' => '1.2.3.4:/exports/data' } } -
To create an autofs master and map files for an indirect map with the wildcard key
autofs::map { 'home': mount_point => '/home', master_options => 'strictexpire', mappings => [ { 'key' => '*', 'options' => '-fstype=nfs,soft,nfsvers=4,rw', 'location' => '1.2.3.4:/exports/home/&' } ] } -
To create an autofs master and map files for an indirect map with multiple keys
autofs::map { 'apps': mount_point => '/apps', mappings => [ { 'key' => 'v1', 'options' => '-fstype=nfs,soft,nfsvers=4,rw', 'location' => '1.2.3.4:/exports/apps1' }, { 'key' => 'v2', 'options' => '-fstype=nfs,soft,nfsvers=4,rw', 'location' => '1.2.3.4:/exports/apps2' }, { 'key' => 'latest', 'options' => '-fstype=nfs,soft,nfsvers=4,rw', 'location' => '1.2.3.5:/exports/apps3' } ] }
Please refer to the REFERENCE.md.
-
This module does not support
amdconfiguration.- The
am-utilsservice has been removed from Red Hat Enterprise Linux 8, and the support tail foramdconfiguration is unclear.
- The
-
This module has no direct support for creating hesiod-formatted map files.
- You can use a
fileresource to manage a hesiod-formatted map file. Just make sure all of your custom map files that contain a direct map notify theExec['autofs_reload']resource.
- You can use a
-
This module does not manage program executables that may be referenced in an auto.master entry.
- You can use a
fileresource to manage a program executable.
- You can use a
SIMP Puppet modules are generally intended for use on Red Hat Enterprise Linux
and compatible distributions, such as CentOS. Please see the metadata.json file
for the most up-to-date list of supported operating systems, Puppet versions,
and module dependencies.
Please read our Contribution Guide.
Unit tests, written in rspec-puppet can be run by calling:
bundle install
bundle exec rake specThis module includes Beaker acceptance tests using the SIMP Beaker Helpers. By default the tests use Vagrant with VirtualBox as a back-end; Vagrant and VirtualBox must both be installed to run these tests without modification. To execute the tests run the following:
bundle install
bundle exec rake beaker:suitesPlease refer to the SIMP Beaker Helpers documentation for more information.