How do you provide domain credentials to ansible's mount module?

Question

I've figured out how to use the shell module to create a mount on the network using the following command:

- name: mount image folder share
  shell: "mount -t cifs -o domain=MY_DOMAIN,username=USER,password=PASSWORD  //network_path/folder /local_path/folder
  sudo_user: root
  args:
    executable: /bin/bash

But it seems like it's better practice to use Ansible's mount module to do the same thing.

Specifically, I'm confused about going about providing the options for domain=MY_DOMAIN,username=USER,password=PASSWORD. I see there is a flag for opts, but I'm not quite sure how this would look.

Answer 1

Expanding on @adam-kalnas answer:

Creating an fstab entry and then calling mount will allow you to mount the file-system in more appropriate permission level (i.e. not 0777). By doing state: present ansible will only create the entry in /etc/fstab and then can be mounted by the user. From ansible mount module documentation:

absent and present only deal with fstab but will not affect current mounting.

Additionally, you'd want to avoid leaving credentials in the /etc/fstab file (as its readable by all, human or service). To avoid that, create a credential file that is appropriately secured.

All together looks something like this:

- name: Create credential file (used for fstab entry)
  copy:
    content: |
      username=USER
      password=PASSWORD
    dest: /home/myusername/.credential
    mode: 0600
  become: true
  become_user: myusername

- name: Create fstab entry for product image folder share
  mount: 
    state: present 
    fstype: cifs 
    opts: "credentials=/home/myusername/.credential,file_mode=0755,dir_mode=0755,user" 
    src="//network_path/folder" 
    path="/local_path/folder"
  become: true

- name: Mount product image folder share
  shell: |
    mount "/local_path/folder"
  become: true
  become_user: myusername

Answer 2

Here's the command I ended up going with:

- name: mount product image folder share
  mount: state="present" 
  fstype="cifs" 
  opts="domain= MY_DOMAIN,username=USER,password=PASSWORD,file_mode=0777,dir_mode=0777" src="//network_path/folder" name="/local_path/folder"
  sudo_user: root
  sudo: yes

A few notes about it:

1. I don't think the file_mode=0777,dir_mode=0777 should have to be required, but in my situation is was needed in order for me to have write access to the folder. I could read the folder without specifying the permissions, but I couldn't write to it.

2. This snippet is required right not because of this ansible bug I tested this on 1.9.0 and 1.9.1, and it was an issue in both versions.
   sudo_user: root sudo: yes