document support for cvmfs_server role

Author: sjpb

ansible/roles/compute_init/README.md

@@ -73,6 +73,7 @@ it also requires an image build with the role name added to the
 | filesystems.yml          | manila                  | All functionality               | No [5]              |
 | filesystems.yml          | lustre                  | All functionality               | Yes                 |
 | extras.yml               | basic_users             | All functionality [6]           | No                  |
+| extras.yml               | cvmfs_server            | Not relevant for compute nodes  | n/a                 |
 | extras.yml               | eessi                   | All functionality [7]           | No                  |
 | extras.yml               | cuda                    | None required - use image build | Yes [8]             |
 | extras.yml               | vgpu                    | All functionality               | Yes                 |

docs/experimental/isolated-clusters.md

@@ -20,10 +20,13 @@ network is shown in the table below. Note that:
     ```
 
 2. Using [EESSI](https://www.eessi.io/docs/) necessarily requires outbound
-   network access for the CernVM File System. However this can be provided
-   via an authenticated proxy. While the proxy configuration on the cluster node
-   is readable by all users, this proxy could be limited via acls to only provide
-   access to EESSI's CVMFS Stratum 1 servers.
+   network access for the CernVM File System. If security groups are not
+   sufficent to restrict this:
+    a. If outbound http is available, an authenticated proxy could be used,
+       limited via acls to only provide access to EESSI's CVMFS Stratum 1 servers,
+       The proxy configuration should be via the `eessi` role variables.
+    b. If only outbound https is available, the [cvmfs_server](../../ansible/roles/cvmfs_server/README.md)
+       role can be used to provide a Stratum 1 server on the cluster network.
 
 ## Support by feature for isolated networks