Initial commit, basic install and template. Works without setting variables

.gitignore

@@ -0,0 +1,11 @@
+# .gitignore
+
+# Hidden Vagrant-directory
+.vagrant
+
+# Backup files (e.g. Vim, Gedit, etc.)
+*~
+
+# Vagrant base boxes (you never know when someone puts one in the repository)
+*.box
+

CHANGELOG.md

@@ -0,0 +1,14 @@
+# Change log
+
+This file contains al notable changes to the bertvv.samba Ansible role.
+
+This file adheres to the guidelines of [http://keepachangelog.com/](http://keepachangelog.com/). Versioning follows [Semantic Versioning](http://semver.org/).
+
+## 1.0.0 - YYYY-MM-DD
+
+First release!
+
+### Added
+
+- FEATURE
+

LICENSE.md

@@ -0,0 +1,13 @@
+# BSD License
+
+Copyright (c) 2014, Bert Van Vreckem, (bert.vanvreckem@gmail.com)
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

@@ -0,0 +1,59 @@
+# Ansible role `bertvv.samba`
+
+An Ansible role for setting up Samba as a file server. Specifically, the responsibilities of this role are to:
+
+- Install the necessary packages
+- Configure SELinux settings
+- Create share directories
+- Manage users and passwords
+- Manage access to shares
+
+## Requirements
+
+SELinux is expected to be running and the firewall should be active.
+
+## Role Variables
+
+
+| Variable   | Required | Default | Comments (type)  |
+| :---       | :---     | :---    | :---             |
+| `role_var` | no       | -       | (scalar) PURPOSE |
+
+## Dependencies
+
+No dependencies.
+
+## Example Playbook
+
+See the [test playbook](tests/test.yml)
+
+## Testing
+
+The `tests` directory contains acceptance tests for this role in the form of a Vagrant environment. The directory `tests/roles/samba` is a symbolic link that should point to the root of this project in order to work. To create it, do
+
+```ShellSession
+$ cd tests/
+$ mkdir roles
+$ ln -frs ../../PROJECT_DIR roles/samba
+```
+
+You may want to change the base box into one that you like. The current one is based on Box-Cutter's [CentOS Packer template](https://github.com/boxcutter/centos).
+
+The playbook [`test.yml`](tests/test.yml) applies the role to a VM, setting role variables.
+
+## See also
+
+If you are looking for a Samba role for Debian or Ubuntu, take a look at this [comprehensive role](https://galaxy.ansible.com/list#/roles/1597) by Debops. Jeff Geerling also has written a [Samba role for EL](https://galaxy.ansible.com/list#/roles/438), but at the time of writing this, it is very basic.
+
+## Contributing
+
+Issues, feature requests, ideas are appreciated and can be posted in the Issues section. Pull requests are also very welcome. Preferably, create a topic branch and when submitting, squash your commits into one (with a descriptive message).
+
+## License
+
+BSD
+
+## Author Information
+
+Bert Van Vreckem (bert.vanvreckem@gmail.com)
+

defaults/main.yml

@@ -0,0 +1,11 @@
+# roles/samba/defaults/main.yml
+---
+
+samba_workgroup: 'WORKGROUP'
+samba_server_string: 'Fileserver %m'
+samba_log_size: 5000
+samba_security: 'user'
+samba_passdb_backend: 'tdbsam'
+samba_map_to_guest: 'bad user'
+samba_load_printers: 'no'
+samba_load_homes: 'no'

handlers/main.yml

@@ -0,0 +1,11 @@
+# File: roles/samba/handlers/main.yml
+---
+- name: Restart Samba
+  service:
+    name: smb
+    state: restarted
+
+- name: Restart WinBind
+  service:
+    name: nmb
+    state: restarted

meta/main.yml

@@ -0,0 +1,16 @@
+---
+galaxy_info:
+  author: Bert Van Vreckem
+  description: This role installs and configures Samba as a file server.
+  company:
+  license: BSD
+  min_ansible_version: 1.7
+  platforms:
+  - name: EL
+    versions:
+      - 7
+  categories:
+    - system
+    - networking
+dependencies: []
+

tasks/main.yml

@@ -0,0 +1,91 @@
+# File: roles/fileserver/tasks/main.yml
+---
+
+- name: Install Samba packages
+  yum:
+    pkg: "{{ item }}"
+    state: installed
+  with_items:
+    - libsemanage-python
+    - samba-common
+    - samba
+    - samba-client
+  tags: samba
+
+- name: Make sure SELinux boolean settings are correct
+  seboolean:
+    name: "{{ item }}"
+    state: yes
+    persistent: yes
+  with_items:
+    - samba_enable_home_dirs
+    - samba_export_all_rw
+  tags: samba
+
+- name: Create share directories
+  with_items: samba_shares
+  file:
+    state: directory
+    path: "{{ item.path }}"
+    owner: root
+    group: "{{ item.force_group }}"
+    mode: "{{ item.directory_mode }}"
+    setype: "{{ item.setype|default('samba_share_t') }}"
+  when: samba_shares is defined
+  tags: samba
+
+- name: Check if /var/www/html exists
+  when: samba_create_varwww_symlinks is defined and samba_create_varwww_symlinks == true
+  stat: path=/var/www/html
+  register: var_www_html
+  tags: samba
+
+- name: Create link to shares in /var/www/html
+  when: var_www_html.stat.isdir is defined and var_www_html.stat.isdir == true
+  file:
+    state: link
+    path: "/var/www/html/{{ item.name }}"
+    src: "{{ item.path }}"
+  with_items: samba_shares
+  tags: samba
+
+- name: Samba configuration
+  template:
+    dest: /etc/samba/smb.conf
+    src: smb.conf.j2
+    validate: 'testparm -s %s'
+  notify: Restart Samba
+  tags: samba
+
+- name: Start Samba service
+  service:
+    name: smb
+    state: started
+    enabled: yes
+  tags: samba
+
+- name: Start WindBind service
+  service:
+    name: nmb
+    state: started
+    enabled: yes
+  tags: samba
+
+- name: Firewall rules for Samba file share
+  firewalld:
+    service: "{{ item[0] }}"
+    permanent: "{{ item[1] }}"
+    state: enabled
+  with_nested:
+    - [ samba ]
+    - [ true, false ]
+  tags: samba
+
+- name: Create Samba users if they don't exist yet
+  shell: >
+    (pdbedit -L | grep {{ item.name }} 2>&1 > /dev/null) \
+    || (echo {{ item.password }}; echo {{ item.password }}) \
+    | smbpasswd -s -a {{ item.name }}
+  with_items: samba_users
+  when: samba_users is defined
+  tags: samba

templates/smb.conf.j2

@@ -0,0 +1,64 @@
+# Samba configuration -- Managed by Ansible, please don't edit manually
+# vim: ft=samba
+#
+# {{ ansible_managed }}
+
+[global]
+  # Server information
+  netbios name = {{ samba_netbios_name }}
+  workgroup = {{ samba_workgroup }}
+  server string = {{ samba_server_string }}
+
+  # Logging
+{% if samba_log is defined %}
+  log file = {{ samba_log }}
+  max log size = {{ samba_log_size }}
+{% else %}
+  syslog only = yes
+  syslog = 1
+{% endif %}
+
+  # Authentication
+  security = {{ samba_security }}
+  passdb backend = {{ samba_passdb_backend }}
+  map to guest = {{ samba_map_to_guest }}
+
+  # Name resolution: make sure \\NETBIOS_NAME\ works
+  wins support = yes
+  local master = yes
+  domain master = yes
+  preferred master = yes
+
+{% if samba_load_printers == 'no' %}
+  # Don't load printers
+  load printers = no
+  printing = bsd
+  printcap name = /dev/null
+  disable spoolss = yes
+{% endif %}
+
+{% if samba_load_homes == 'yes' %}
+## Make home directories accessible
+[homes]
+  comment = Home Directories
+  browseable = no
+  writable = yes
+{% endif %}
+
+{% if samba_shares is defined %}
+{% for share in samba_shares %}
+[{{ share.name }}]
+   comment = {{ share.comment }}
+   path = {{ share.path }}
+   public = {{ share.public }}
+   write list = {{ share.write_list }}
+
+   force group = +{{ share.force_group }}
+   create mask = {{ share.create_mask }}
+   create mode = {{ share.create_mode }}
+   force create mode = {{ share.force_create_mode }}
+   directory mask = {{ share.directory_mask }}
+   directory mode = {{ share.directory_mode }}
+   force directory mode = {{ share.force_directory_mode }}
+{% endfor %}
+{% endif%}

tests/Vagrantfile

@@ -0,0 +1,17 @@
+# vi: set ft=ruby
+
+require 'rbconfig'
+
+ROLE_NAME = 'samba'
+HOST_NAME = 'test' + ROLE_NAME
+VAGRANTFILE_API_VERSION = '2'
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+  config.vm.box = 'centos70-nocm'
+  config.vm.define HOST_NAME do |node|
+    node.vm.provision 'ansible' do |ansible|
+      ansible.playbook = 'test.yml'
+    end
+  end
+end
+

tests/inventory

@@ -0,0 +1 @@
+localhost ansible_connection=local

tests/roles/samba

@@ -0,0 +1 @@
+../..

tests/test.yml

@@ -0,0 +1,7 @@
+---
+- hosts: all
+  sudo: true
+  vars:
+    samba_netbios_name: SAMBA_TEST
+  roles:
+    - samba