Home dir automation with Ansible PowerScale / Isilon

ansible-isilon eases the admin tasks on Isilon / PowerScale ; watch how cool it can be on Youtube and how to use it below.

The premise

In my old days at the university, I used to work Sun Ray thin client. Students and teachers were all connected to the same SPARC server to work. Each of us had its own home directory accessible from the NFS server.

More than 15 years later, enterprises of any size still use home directories on NFS for their users!

In the following article, we will show how to use Ansible to manage home directories hosted on a PowerScale array in a university.

The predicate is that Active Directory is the reference for the userbase. Each LDAP user can be either in the student group or the teacher group.

Any student or teacher in AD must have his homedir in PowerScale and be accessible via NFS exports. Any student who is no longer enrolled and not in AD will have their homedir removed.

The ansible playbook will:

• Get the list of students and teachers from AD
• Create a unix home directory in PowerScale/Isilon for each user
• Set different quotas if the user is a student or a teacher
• Have daily snapshots of the home directories with varying policies of retention if for the students and teachers
• Mount the home directories in a list of UNIX server
• Cleanup the home directories of students that are not in the AD anymore

The implementation

In this chapter I will not detail all the tasks as most of them are self-explanatory, but, describe a few tips & tricks that can be reused in other playbooks.

Install Ansible modules for PowerScale/Isilon

The Product Guide documents the module installation and usage.

This example comes with a Dockerfile that has the required dependencies to run the playbook.

As the ansible-isilon is very specific about Isilon SDK version, the most important line is:

RUN pip3 install isi-sdk-8-1-1 pywinrm && \
    git clone https://github.com/dell/ansible-isilon.git

Once docker build-ed, you can execute the playbook with:

podman run --security-opt label=disable -e ANSIBLE_HOST_KEY_CHECKING=False \
           -v ~/.ssh/id_rsa.emc.pub:/root/.ssh/id_rsa.pub -v ~/.ssh/id_rsa.emc:/root/.ssh/id_rsa \
           -v "$(pwd)"/homedir/:/ansible-isilon \
           -ti docker.io/coulof/ansible-isilon:1.1.0 ansible-playbook \
           -i /ansible-isilon/hosts.ini /ansible-isilon/create_homedir_for_ad_users_in_isilon.yml

Note that on my Fedora 32 machine, the --security-opt label=disable is mandatory to be able to mount the volumes.

The files

To use the playbook, you will have to update a couple of files:

• hosts.ini ; which has the inventory of Unix and Domain Controller
• credentials-isi.yml ; which has the details of the PowerScale
• create_homedir_for_ad_users_in_isilon.yml ; which is the playbook with all the tasks

UnionFS

To stick with the usual /home/<username> file system hierarchy, I wanted to mount the students and teachers sub-dirs within the same /home:

/mnt/nfs_teachers/      /mnt/nfs_students/      /home
├── alice               ├── carol               ├── alice
└── bob                 └── dan                 ├── bob
                                                ├── carol
                                                └── dan

The capability of writing in lowerdirs live is available in AuFS and UnionFS but not in the very popular OverlayFS .

I used unionfs-fuse which is available from Ubuntu repo or CentOS third-party repo.

Video

For a live demo, check the video here: