From 357ecd1b3e63094c7e16e2044a7390a84c659e30 Mon Sep 17 00:00:00 2001
From: chris <cg@zknt.org>
Date: Mon, 10 Feb 2020 12:41:30 +0100
Subject: [PATCH] bind rpc to private interface

---
 roles/gluster/tasks/main.yaml | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/roles/gluster/tasks/main.yaml b/roles/gluster/tasks/main.yaml
index f77a2e8..c79cd31 100644
--- a/roles/gluster/tasks/main.yaml
+++ b/roles/gluster/tasks/main.yaml
@@ -14,6 +14,27 @@
   with_items:
     - tcp
     - udp
+- name: bind rpcbind to vpn ip
+  lineinfile:
+     create: yes
+     path: /etc/rpcbind.conf
+     line: "OPTIONS=-w -h {{wg_ip}}"
+     regexp: "^OPTIONS.*"
+  notify: restart rpcbind
+- name: add vpn to hosts.allow
+  lineinfile:
+     path: /etc/hosts.allow
+     line: "rpcbind: 10.0.0.0/8"
+     regexp: "rpbcind.*"
+  notify: restart rpcbind
+- name: block everyone
+  lineinfile:
+     path: /etc/hosts.deny
+     line: "rpcbind: ALL"
+     regexp: "rpcbind.*"
+  notify: restart rpcbind
+- name: fire handlers
+  meta: flush_handlers
 - name: install gluster package
   apt:
     name: glusterfs-server
@@ -39,16 +60,19 @@
       - node01
       - node02
       - node03
+  when: ansible_nodename == "node01"
 - name: gluster volume
   gluster_volume:
     name: data
     replicas: 3
-    state: started
+    state: present
     bricks: /mnt/gluster/data
+    start_on_create: yes
     cluster:
       - node01
       - node02
       - node03
+  when: ansible_nodename == "node01"
 - name: gluster client package
   apt:
      name: glusterfs-client
@@ -56,6 +80,6 @@
   mount:
     path: /data
     src: "{{ansible_nodename}}:/data"
-    options: noatime
+    opts: noatime
     fstype: glusterfs
     state: mounted