Create missing mountpoint without permissions?

[c0xc]

SUMMARY

In some environments, it's common practice to create mountpoints without read/write permissions to prevent admins and services from using them as local directories, filling up the local disk. With Ansible's mount module, a missing mountpoint is created with the default umask instead, so it may be mistaken for a mounted share if the mount failed. Is it possible to have missing mountpoints created without permissions?

ISSUE TYPE

• Feature Idea

COMPONENT NAME

mount

ADDITIONAL INFORMATION

Manual approach:

mkdir /mnt/xyz && chmod 0 /mnt/xyz
mount /mnt/xyz

Ansible workaround:

- name: Check for /mnt/xyz
  stat:
    path: /mnt/xyz
  register: st_mount_xyz
  ignore_errors: "yes"

- name: Create /mnt/xyz
  file:
    path: /mnt/xyz
    state: directory
    owner: root
    group: root
    mode: 0000
  when:
    - st_mount_xyz.stat is defined
    - st_mount_xyz.stat.exists == false

- name: Mount /mnt/xyz
  mount:
    src: "filer:/data/xyz"
    path: /mnt/xyz
    state: mounted
    fstype: nfs

[quidame]

@c0xc, thanks for reporting this. For me, it's also related to #163 since these two issues refer to permissions/ownership of directories created by the module in a one-shot way, with no user control over what is done. Especially in this case, once the filesystem is mounted, the underlying directory (same path than the mountpoint, and hidden by the mount) is nearly inaccessible, or at least non trivial to modify. Implementing control/changes over this directory mode at playbook-level or role-level is no less than tricky, so it seems fair to implement it in the module.