1

I would like to mount Azure file share via Ansible. If I'm mounting manually then the command is as below:

sudo mount -t cifs //xxxxxxxxxx.file.core.windows.net/yyyyyyyyyy /<mount point> -o vers=2.1,username=<username>,password=<password>,dir_mode=0777,file_mode=0777,serverino

Can someone help me to make this mount via Ansible using the mount module.

Jerald Sabu M
  • 1,200
  • 3
  • 16
  • 19
Joice Joseph
  • 336
  • 3
  • 9

2 Answers2

3

Just use the syntax as described in ansible docs for Mount Module and it should work.

Example:

- name : Mount Azure files share's
  mount:
    fstype: cifs
    src: "//xxxxxxxxxx.file.core.windows.net/yyyyyyyyyy"
    path: /mountpoint
    opts: vers=2.1,username=<username>,password=<password>,dir_mode=0777,file_mode=0777,serverino
    state: mounted
Jerald Sabu M
  • 1,200
  • 3
  • 16
  • 19
  • 3
    For anyone coming across this answer more recently, if you have encrypted protocols enforced in your service account (Configuration > Secure transfer required) you will need to use vers=3.0 instead of 2.1 as show in this answer. – challett Sep 16 '20 at 19:21
0

Following code works fine in Ansible 2.7.5 on centos 7:

First, make sure the instance has the Storage Account Key Operator Service Role permission or a user assigned identity which has that permission. Also jq should be installed:

Then, check if the mount is already set up:

  - name: check mount
    command: "mountpoint /mymounts/mysmb"
    register: smb_check
    ignore_errors: True

Then, get a storage token:

  - name: get storage token
    shell: "curl -s 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F' -H Metadata:true | jq -r '.access_token'"
    register: storage_token
    no_log: true
    when: smb_check is failed

Then, get the storage key. Set your subscription_id, resource_group_name, and storage_account_name:

  - name: get storage key
    shell: "curl -s https://management.azure.com/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group_name }}/providers/Microsoft.Storage/storageAccounts/{{ storage_account_name }}/listKeys?api-version=2016-12-01 --request POST -d \"\" -H \"Authorization: Bearer {{ storage_token.stdout }}\" | jq -r '.keys[0].value'"
    register: storage_key
    no_log: true
    when: smb_check is failed

Add the lines into a file. Replace storage_account_name:

  - name: add SMB creds to file
    lineinfile:
      dest: "/etc/.smb"
      line: "{{ item }}"
      state: present
      create: yes
      owner: root
      group: root
      mode: '0600'
    no_log: true
    with_items:
      - "username={{ storage_account_name }}"
      - "password={{ storage_key.stdout }}"
    when: smb_check is failed

Now, mount the drive. Replace storage_account_name and file_share_name:

  - name : mount smb
    mount:
      fstype: cifs
      src: "//{{ storage_account_name }}.file.core.windows.net/{{ file_share_name }}"
      path: "/mymounts/mysmb"
      opts: "nofail,vers=3.0,credentials=/etc/.smb,serverino,dir_mode=0755,file_mode=0755"
      state: mounted
    when: smb_check is failed

Finally, set the proper permission for the mount:

  - name: set correct permissions
    file:
      path: "/mymount/mysmb"
      mode: "2755"
      recurse: yes
    when: smb_check is failed
hpaknia
  • 2,769
  • 4
  • 34
  • 63
  • I'm trying to [mount azure file share](https://stackoverflow.com/q/76874665/13198) in packer image (using ansible-local runner). I tried your method, but got error on creating .cred file. Also, I've read somewhere that I need to specify `domain` ? What will be the domain for azure file share? and any clue how can I fix error in creating creds file? – TheVillageIdiot Aug 14 '23 at 04:35
  • I set the smb mount from a blob without having any knowledge of "domain". It's hard to guess what's wrong. but is there a permission issue in the file creation? On a related note, is this a good idea in your case to keep the cred file in the image produced by packer? – hpaknia Aug 16 '23 at 02:28