This module is a SIMP Puppet profile for setting up common NFS configurations as supported by the SIMP ecosystem
This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.
If you find any issues, they may be submitted to our bug tracker.
This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:
- When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.
- If used independently, all SIMP-managed security subsystems are disabled by
default and must be explicitly opted into by administrators. Please review
the parameters in
simp/simp_optionsfor details.
This module provides commonly used configurations for NFS server and client systems.
To export home directories for your users, over an Stunnel encrypted connection, use the following code and Hiera data:
include 'simp_nfs'---
simp_options::stunnel: true
simp_nfs::export_home_dirs: trueTo mount your exported home directories, over an Stunnel encrypted connection, use the following code and Hiera data:
include 'simp_nfs'---
simp_options::stunnel: true
simp_nfs::home_dir_server : <your NFS server IP>To mount home directories on another NFS server do not include the simp_nfs
class. This will try to call the nfs class a second time. Instead
create a site manifest and call the simp_nfs::mount::home class directly.
Note: Use the port parameter if you are using stunnel and set it to a different
port then the one the local NFS server is using.
class mounthome {
class { simp_nfs::mount::home:
nfs_server => $home_server,
port => 12049,
autodetect_remote => false
}
}include mounthomeSee REFERENCE.md for details.
The autofs package that was released with CentOS 7.3 (5.0.7-56)
worked properly over a stunnel connection.
The release shipped with with CentOS 7.4 (5.0.7-69) prevents any connection
from happening to the local stunnel process and breaks mounts to remote systems
over stunnel connections.
The release that ship with CentOS 7.6 (5.0.7-99) has fixed the issue.
To use NFS over stunnel and automount directories with old
CentOS 7 releases, you must use the appropriate autofs package.
To determine what version of autofs is installed, run automount -V.
To force the package to the desired version:
- Make sure the package is available via your package-management facility then set the package version in Hiera data:
autofs::autofs_package_ensure: '5.0.7-99'- Alternatively, ensure that the latest packages are available and set the following:
autofs::autofs_package_ensure: 'latest'The associated bug reports can be found at:
This is a SIMP Profile. It will not expose all options of the underlying modules, only the ones that are conducive to a supported SIMP infrastructure. If you need to do things that this module does not cover, you may need to create your own profile or inherit this profile and extend it to meet your needs.
SIMP Puppet modules are generally intended for use on Red Hat Enterprise Linux
and compatible distributions, such as CentOS. Please see the
metadata.json file for the most up-to-date list of
supported operating systems, Puppet versions, and module dependencies.
Please read our Contribution Guide.
This module includes Beaker acceptance tests using the SIMP Beaker Helpers. By default the tests use Vagrant with VirtualBox as a back-end; Vagrant and VirtualBox must both be installed to run these tests without modification. To execute the tests run the following:
bundle install
bundle exec rake beaker:suitesPlease refer to the SIMP Beaker Helpers documentation for more information.