Marty Oehme
a5a6e297ff
Can be changed with `nfs_v4_only=false` which defaults to true. Information taken from: https://wiki.debian.org/NFSServerSetup and applied directly through Ansible. Currently _irreversible_, meaning once we set the server to v4 only there is NO ansible-supported playbook to reset it to all NFSv2/3/4 versions. Has to be done manually, or could be included as manually-run playbook.
48 lines
1.5 KiB
YAML
48 lines
1.5 KiB
YAML
---
|
|
- name: Configure /etc/default/nfs-common for NFSv4-only
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/default/nfs-common
|
|
regexp: '^(# *)?{{ item.key }}=.*'
|
|
line: '{{ item.key }}={{ item.val }}'
|
|
loop:
|
|
- { key: NEED_STATD, val: '"no"' }
|
|
- { key: NEED_IDMAPD, val: '"yes"' }
|
|
become: true
|
|
notify: Reload nfs service
|
|
|
|
- name: Configure /etc/default/nfs-kernel-server for NFSv4-only
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/default/nfs-kernel-server
|
|
regexp: '^(# *)?{{ item.key }}=.*'
|
|
line: '{{ item.key }}={{ item.val }}'
|
|
create: true # in case the file or the var is missing
|
|
loop:
|
|
- { key: RPCNFSDOPTS, val: '"--no-nfs-version 2 --no-nfs-version 3"' }
|
|
- { key: RPCMOUNTDOPTS, val: '"--manage-gids --no-nfs-version 2 --no-nfs-version 3"' }
|
|
become: true
|
|
notify: Reload nfs service
|
|
|
|
# This _can_ be used on very modern kernels, but disables
|
|
# the rpcbind fallback if nfsdctl lockd configuration fails.
|
|
# Debian 13 still requires this so it is disabled by default
|
|
- name: Mask rpcbind units (not needed for NFSv4)
|
|
ansible.builtin.systemd:
|
|
name: "{{ item }}"
|
|
masked: true
|
|
state: stopped
|
|
loop:
|
|
- rpcbind.service
|
|
- rpcbind.socket
|
|
become: true
|
|
when: "nfs_v4_disable_rpcbind_fallback"
|
|
|
|
- name: Unmask rpcbind units to keep as fallback
|
|
ansible.builtin.systemd:
|
|
name: "{{ item }}"
|
|
masked: false
|
|
state: started
|
|
loop:
|
|
- rpcbind.socket
|
|
- rpcbind.service
|
|
become: true
|
|
when: "not nfs_v4_disable_rpcbind_fallback"
|