From 8549204093402b1ed191cec1e195e042c20c1af7 Mon Sep 17 00:00:00 2001 From: Bert Van Vreckem Date: Fri, 13 Mar 2015 21:55:33 +0100 Subject: [PATCH] Initial commit, basic install and template. Works without setting variables --- .gitignore | 11 ++++++ CHANGELOG.md | 14 +++++++ LICENSE.md | 13 +++++++ README.md | 59 ++++++++++++++++++++++++++++ defaults/main.yml | 11 ++++++ handlers/main.yml | 11 ++++++ meta/main.yml | 16 ++++++++ tasks/main.yml | 91 +++++++++++++++++++++++++++++++++++++++++++ templates/smb.conf.j2 | 64 ++++++++++++++++++++++++++++++ tests/Vagrantfile | 17 ++++++++ tests/inventory | 1 + tests/roles/samba | 1 + tests/test.yml | 7 ++++ 13 files changed, 316 insertions(+) create mode 100644 .gitignore create mode 100644 CHANGELOG.md create mode 100644 LICENSE.md create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 tasks/main.yml create mode 100644 templates/smb.conf.j2 create mode 100644 tests/Vagrantfile create mode 100644 tests/inventory create mode 120000 tests/roles/samba create mode 100644 tests/test.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7d57677 --- /dev/null +++ b/.gitignore @@ -0,0 +1,11 @@ +# .gitignore + +# Hidden Vagrant-directory +.vagrant + +# Backup files (e.g. Vim, Gedit, etc.) +*~ + +# Vagrant base boxes (you never know when someone puts one in the repository) +*.box + diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..b91d182 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,14 @@ +# Change log + +This file contains al notable changes to the bertvv.samba Ansible role. + +This file adheres to the guidelines of [http://keepachangelog.com/](http://keepachangelog.com/). Versioning follows [Semantic Versioning](http://semver.org/). + +## 1.0.0 - YYYY-MM-DD + +First release! + +### Added + +- FEATURE + diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..8411892 --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,13 @@ +# BSD License + +Copyright (c) 2014, Bert Van Vreckem, (bert.vanvreckem@gmail.com) + +All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..5094a6d --- /dev/null +++ b/README.md @@ -0,0 +1,59 @@ +# Ansible role `bertvv.samba` + +An Ansible role for setting up Samba as a file server. Specifically, the responsibilities of this role are to: + +- Install the necessary packages +- Configure SELinux settings +- Create share directories +- Manage users and passwords +- Manage access to shares + +## Requirements + +SELinux is expected to be running and the firewall should be active. + +## Role Variables + + +| Variable | Required | Default | Comments (type) | +| :--- | :--- | :--- | :--- | +| `role_var` | no | - | (scalar) PURPOSE | + +## Dependencies + +No dependencies. + +## Example Playbook + +See the [test playbook](tests/test.yml) + +## Testing + +The `tests` directory contains acceptance tests for this role in the form of a Vagrant environment. The directory `tests/roles/samba` is a symbolic link that should point to the root of this project in order to work. To create it, do + +```ShellSession +$ cd tests/ +$ mkdir roles +$ ln -frs ../../PROJECT_DIR roles/samba +``` + +You may want to change the base box into one that you like. The current one is based on Box-Cutter's [CentOS Packer template](https://github.com/boxcutter/centos). + +The playbook [`test.yml`](tests/test.yml) applies the role to a VM, setting role variables. + +## See also + +If you are looking for a Samba role for Debian or Ubuntu, take a look at this [comprehensive role](https://galaxy.ansible.com/list#/roles/1597) by Debops. Jeff Geerling also has written a [Samba role for EL](https://galaxy.ansible.com/list#/roles/438), but at the time of writing this, it is very basic. + +## Contributing + +Issues, feature requests, ideas are appreciated and can be posted in the Issues section. Pull requests are also very welcome. Preferably, create a topic branch and when submitting, squash your commits into one (with a descriptive message). + +## License + +BSD + +## Author Information + +Bert Van Vreckem (bert.vanvreckem@gmail.com) + diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..e9e0e3d --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,11 @@ +# roles/samba/defaults/main.yml +--- + +samba_workgroup: 'WORKGROUP' +samba_server_string: 'Fileserver %m' +samba_log_size: 5000 +samba_security: 'user' +samba_passdb_backend: 'tdbsam' +samba_map_to_guest: 'bad user' +samba_load_printers: 'no' +samba_load_homes: 'no' diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..faf6924 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,11 @@ +# File: roles/samba/handlers/main.yml +--- +- name: Restart Samba + service: + name: smb + state: restarted + +- name: Restart WinBind + service: + name: nmb + state: restarted diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..906d5ac --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Bert Van Vreckem + description: This role installs and configures Samba as a file server. + company: + license: BSD + min_ansible_version: 1.7 + platforms: + - name: EL + versions: + - 7 + categories: + - system + - networking +dependencies: [] + diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..d98a0c7 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,91 @@ +# File: roles/fileserver/tasks/main.yml +--- + +- name: Install Samba packages + yum: + pkg: "{{ item }}" + state: installed + with_items: + - libsemanage-python + - samba-common + - samba + - samba-client + tags: samba + +- name: Make sure SELinux boolean settings are correct + seboolean: + name: "{{ item }}" + state: yes + persistent: yes + with_items: + - samba_enable_home_dirs + - samba_export_all_rw + tags: samba + +- name: Create share directories + with_items: samba_shares + file: + state: directory + path: "{{ item.path }}" + owner: root + group: "{{ item.force_group }}" + mode: "{{ item.directory_mode }}" + setype: "{{ item.setype|default('samba_share_t') }}" + when: samba_shares is defined + tags: samba + +- name: Check if /var/www/html exists + when: samba_create_varwww_symlinks is defined and samba_create_varwww_symlinks == true + stat: path=/var/www/html + register: var_www_html + tags: samba + +- name: Create link to shares in /var/www/html + when: var_www_html.stat.isdir is defined and var_www_html.stat.isdir == true + file: + state: link + path: "/var/www/html/{{ item.name }}" + src: "{{ item.path }}" + with_items: samba_shares + tags: samba + +- name: Samba configuration + template: + dest: /etc/samba/smb.conf + src: smb.conf.j2 + validate: 'testparm -s %s' + notify: Restart Samba + tags: samba + +- name: Start Samba service + service: + name: smb + state: started + enabled: yes + tags: samba + +- name: Start WindBind service + service: + name: nmb + state: started + enabled: yes + tags: samba + +- name: Firewall rules for Samba file share + firewalld: + service: "{{ item[0] }}" + permanent: "{{ item[1] }}" + state: enabled + with_nested: + - [ samba ] + - [ true, false ] + tags: samba + +- name: Create Samba users if they don't exist yet + shell: > + (pdbedit -L | grep {{ item.name }} 2>&1 > /dev/null) \ + || (echo {{ item.password }}; echo {{ item.password }}) \ + | smbpasswd -s -a {{ item.name }} + with_items: samba_users + when: samba_users is defined + tags: samba diff --git a/templates/smb.conf.j2 b/templates/smb.conf.j2 new file mode 100644 index 0000000..429e669 --- /dev/null +++ b/templates/smb.conf.j2 @@ -0,0 +1,64 @@ +# Samba configuration -- Managed by Ansible, please don't edit manually +# vim: ft=samba +# +# {{ ansible_managed }} + +[global] + # Server information + netbios name = {{ samba_netbios_name }} + workgroup = {{ samba_workgroup }} + server string = {{ samba_server_string }} + + # Logging +{% if samba_log is defined %} + log file = {{ samba_log }} + max log size = {{ samba_log_size }} +{% else %} + syslog only = yes + syslog = 1 +{% endif %} + + # Authentication + security = {{ samba_security }} + passdb backend = {{ samba_passdb_backend }} + map to guest = {{ samba_map_to_guest }} + + # Name resolution: make sure \\NETBIOS_NAME\ works + wins support = yes + local master = yes + domain master = yes + preferred master = yes + +{% if samba_load_printers == 'no' %} + # Don't load printers + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes +{% endif %} + +{% if samba_load_homes == 'yes' %} +## Make home directories accessible +[homes] + comment = Home Directories + browseable = no + writable = yes +{% endif %} + +{% if samba_shares is defined %} +{% for share in samba_shares %} +[{{ share.name }}] + comment = {{ share.comment }} + path = {{ share.path }} + public = {{ share.public }} + write list = {{ share.write_list }} + + force group = +{{ share.force_group }} + create mask = {{ share.create_mask }} + create mode = {{ share.create_mode }} + force create mode = {{ share.force_create_mode }} + directory mask = {{ share.directory_mask }} + directory mode = {{ share.directory_mode }} + force directory mode = {{ share.force_directory_mode }} +{% endfor %} +{% endif%} diff --git a/tests/Vagrantfile b/tests/Vagrantfile new file mode 100644 index 0000000..aea4ad7 --- /dev/null +++ b/tests/Vagrantfile @@ -0,0 +1,17 @@ +# vi: set ft=ruby + +require 'rbconfig' + +ROLE_NAME = 'samba' +HOST_NAME = 'test' + ROLE_NAME +VAGRANTFILE_API_VERSION = '2' + +Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| + config.vm.box = 'centos70-nocm' + config.vm.define HOST_NAME do |node| + node.vm.provision 'ansible' do |ansible| + ansible.playbook = 'test.yml' + end + end +end + diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..2302eda --- /dev/null +++ b/tests/inventory @@ -0,0 +1 @@ +localhost ansible_connection=local diff --git a/tests/roles/samba b/tests/roles/samba new file mode 120000 index 0000000..c25bddb --- /dev/null +++ b/tests/roles/samba @@ -0,0 +1 @@ +../.. \ No newline at end of file diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..0dd7dd9 --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,7 @@ +--- +- hosts: all + sudo: true + vars: + samba_netbios_name: SAMBA_TEST + roles: + - samba