From ac64ae234133665b1293c1889ada05a39ae15eb7 Mon Sep 17 00:00:00 2001 From: mg Date: Tue, 14 Dec 2021 17:05:09 +0100 Subject: [PATCH] SMB: Schattenkopien deaktiviert + Snaps als Unterordner eingebaut (#275) Co-authored-by: Michael Grote Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/275 Co-authored-by: mg Co-committed-by: mg --- group_vars/fileserver.yml | 1 + roles/mgrote.fileserver_smb/README.md | 9 +- roles/mgrote.fileserver_smb/defaults/main.yml | 37 ++++- .../templates/smb.conf.j2 | 139 ++++++++++-------- 4 files changed, 114 insertions(+), 72 deletions(-) diff --git a/group_vars/fileserver.yml b/group_vars/fileserver.yml index 31aee286..960b3c53 100644 --- a/group_vars/fileserver.yml +++ b/group_vars/fileserver.yml @@ -132,3 +132,4 @@ smb_min_protocol: "SMB2" smb_client_min_protocol: "SMB2" smb_client_max_protocol: "SMB3_11" + smb_enable_snapshots_dir: true diff --git a/roles/mgrote.fileserver_smb/README.md b/roles/mgrote.fileserver_smb/README.md index bd04cbdd..05a18a67 100644 --- a/roles/mgrote.fileserver_smb/README.md +++ b/roles/mgrote.fileserver_smb/README.md @@ -1,7 +1,7 @@ ## mgrote.fileserver_smb ### Beschreibung -Installiert und Konfiguriert einen Fileserver mit Samba. +Installiert und konfiguriert einen Fileserver mit Samba. #### Rechte Rechte im Dateisystem sind @@ -14,7 +14,7 @@ Rechte im Dateisystem sind Damit werden die Nutzer mit Ihrem Konto auf die SAMBA-Freigabe berechtigt, aber die Lese/Schreiboperationen auf dem Dateisystem als "root" durchgefuehrt. ### getestet auf -- [x] Ubuntu (>=18.04) +- [x] Ubuntu (>=20.04) ### Samba Version ``` @@ -44,7 +44,10 @@ SMB3_11: Windows 10 technical preview SMB3 version (maybe final). ``` smb_shares: - name: 'videos' # Freigabename - path: '/shares_videos' # Pfad aus SMB-Server + path: '/shares_videos' # Pfad auf SMB-Server users_ro: ' win10 kodi' # Nutzer - Lesezugriff users_rw: 'annemariedroessler michaelgrote' # Nutzer - Schreibzugriff ``` + +### weitere Variablen + Defaults +siehe [defaults](./defaults/main.yml) diff --git a/roles/mgrote.fileserver_smb/defaults/main.yml b/roles/mgrote.fileserver_smb/defaults/main.yml index dab56d5a..741e7c10 100644 --- a/roles/mgrote.fileserver_smb/defaults/main.yml +++ b/roles/mgrote.fileserver_smb/defaults/main.yml @@ -32,14 +32,7 @@ smb_force_user: "root" smb_force_group: "users" smb_workgroup: WORKGROUP - # Global shadow_copy2 options - smb_vfs_objects: "shadow_copy2" - smb_shadow_snapdir: ".zfs/snapshot" - smb_shadow_sort: "desc" - smb_shadow_format: "_%Y-%m-%d_%H:%M:%S" - smb_shadow_snapprefix: "^autosnap" - smb_shadow_delimiter: "_" - smb_shadow_localtime: "no" + # packages smb_packages: - samba @@ -47,3 +40,31 @@ - samba-common - samba-common-bin - samba-vfs-modules + + # zfs-snapshots einbinden + ## als \.zfs\snapshot einbinden + ## sorgt dafur das statt "A0KDC9~F" die Ordnernamen als "autosnap_2021-11-04_23÷59÷02_daily" angezeigt werden + ## https://www.samba.org/samba/docs/current/man-html/vfs_catia.8.html + # aktiv? + smb_enable_snapshots_dir: true + # welche Character/zeichen-Ersetzungen soll catia ausführen + smb_catia_mappings: "0x3a:0xf7" # ersetzt ":" durch "÷" + + # als Windows-Shattenkopien einbinden + ## https://www.samba.org/samba/docs/current/man-html/vfs_shadow_copy2.8.html + ## BUG: Windows sieht die Schattenkopien, kann die Ausgewählte Datei aber nicht öffnen wenn sie seit dem Snapshot gelöscht wurde, vmtl da Windows nicht den kompletten Snapshot-Pfad verwendet + ## Format ist passend fur sanoid-Snapshots + # aktiv? + smb_enable_snapshots_shadow: false + # wo liegen die Snapshots + smb_shadow_snapdir: ".zfs/snapshot" + # Sortierung + smb_shadow_sort: "desc" + # Datumsformat der Snapshots + smb_shadow_format: "_%Y-%m-%d_%H:%M:%S" + # Snapshot-Präfix + smb_shadow_snapprefix: "^autosnap" + # Snapshot-"Trenner" + smb_shadow_delimiter: "_" + # zeitformat Snapshots + smb_shadow_localtime: "no" diff --git a/roles/mgrote.fileserver_smb/templates/smb.conf.j2 b/roles/mgrote.fileserver_smb/templates/smb.conf.j2 index 8a0c9ad4..68979b9e 100644 --- a/roles/mgrote.fileserver_smb/templates/smb.conf.j2 +++ b/roles/mgrote.fileserver_smb/templates/smb.conf.j2 @@ -1,72 +1,89 @@ {{ file_header | default () }} #======================= Global Settings ======================= [global] -min protocol = {{ smb_min_protocol }} -client min protocol = {{ smb_client_min_protocol }} -client max protocol = {{ smb_client_max_protocol }} -workgroup = {{ smb_workgroup }} -server string = {{ smb_server_string }} -log level = {{ smb_log_level }} -log file = {{ smb_log_file }} -max log size = {{ smb_max_log_size }} -logging = {{ smb_logging }} -panic action = {{ smb_panic_action }} -passdb backend = {{ smb_passdb_backend }} -obey pam restrictions = {{ smb_obey_pam_restrictions }} -unix password sync = {{ smb_unix_password_sync }} -passwd program = {{ smb_passwd_program }} -passwd chat = {{ smb_passwd_chat }} -pam password change = {{ smb_pam_password_change }} -guest account = {{ smb_guest_account }} -load printers = {{ smb_load_printers }} -unix extensions = {{ smb_unix_extensions }} -wide links = {{ smb_wide_links }} -create mask = {{ smb_create_mask }} -directory mask = {{ smb_directory_mask }} -map to guest = {{ smb_map_to_guest }} -use sendfile = {{ smb_use_sendfile }} -aio read size = {{ smb_aio_read_size }} -aio write size = {{ smb_aio_write_size }} -local master = {{ smb_local_master }} -time server = {{ smb_time_server }} -wins support = {{ smb_wins_support }} -acl allow execute always = {{ smb_acl_allow_execute_always }} -force user = {{ smb_force_user }} -force group = {{ smb_force_group }} +min protocol = {{ smb_min_protocol }} +client min protocol = {{ smb_client_min_protocol }} +client max protocol = {{ smb_client_max_protocol }} +workgroup = {{ smb_workgroup }} +server string = {{ smb_server_string }} +log level = {{ smb_log_level }} +log file = {{ smb_log_file }} +max log size = {{ smb_max_log_size }} +logging = {{ smb_logging }} +panic action = {{ smb_panic_action }} +passdb backend = {{ smb_passdb_backend }} +obey pam restrictions = {{ smb_obey_pam_restrictions }} +unix password sync = {{ smb_unix_password_sync }} +passwd program = {{ smb_passwd_program }} +passwd chat = {{ smb_passwd_chat }} +pam password change = {{ smb_pam_password_change }} +guest account = {{ smb_guest_account }} +load printers = {{ smb_load_printers }} +unix extensions = {{ smb_unix_extensions }} +wide links = {{ smb_wide_links }} +create mask = {{ smb_create_mask }} +directory mask = {{ smb_directory_mask }} +map to guest = {{ smb_map_to_guest }} +use sendfile = {{ smb_use_sendfile }} +aio read size = {{ smb_aio_read_size }} +aio write size = {{ smb_aio_write_size }} +local master = {{ smb_local_master }} +time server = {{ smb_time_server }} +wins support = {{ smb_wins_support }} +acl allow execute always = {{ smb_acl_allow_execute_always }} +force user = {{ smb_force_user }} +force group = {{ smb_force_group }} +{% if smb_enable_snapshots_dir is sameas true and smb_enable_snapshots_shadow is sameas false %} +#======================= Snapshots als Ordner ======================= +vfs objects = catia +catia: mappings = {{ smb_catia_mappings }} +{% elif smb_enable_snapshots_shadow is sameas true and smb_enable_snapshots_dir is sameas false %} +#======================= Snapshots als Schattenkopien ======================= +vfs objects = {{ smb_shadow_vfs_objects }} +shadow: snapdir = {{ smb_shadow_snapdir }} +shadow: sort = {{ smb_shadow_sort }} +shadow: format = {{ smb_shadow_format }} +shadow: snapprefix = {{ smb_shadow_snapprefix }} +shadow: delimiter = {{ smb_shadow_delimiter }} +shadow: localtime = {{ smb_shadow_localtime }} +{% elif smb_enable_snapshots_shadow is sameas true and smb_enable_snapshots_dir is sameas true %} +#======================= Snapshots ======================= +vfs objects = shadow_copy2, catia +#======================= Snapshots als Ordner ======================= +catia: mappings = {{ smb_catia_mappings }} +#======================= Snapshots als Schattenkopien ======================= +shadow: snapdir = {{ smb_shadow_snapdir }} +shadow: sort = {{ smb_shadow_sort }} +shadow: format = {{ smb_shadow_format }} +shadow: snapprefix = {{ smb_shadow_snapprefix }} +shadow: delimiter = {{ smb_shadow_delimiter }} +shadow: localtime = {{ smb_shadow_localtime }} +{% endif %} -#======================= ZFS Snapshots ======================= -vfs objects = {{ smb_vfs_objects }} -shadow: snapdir = {{ smb_shadow_snapdir }} -shadow: sort = {{ smb_shadow_sort }} -shadow: format = {{ smb_shadow_format }} -shadow: snapprefix = {{ smb_shadow_snapprefix }} -shadow: delimiter = {{ smb_shadow_delimiter }} -shadow: localtime = {{ smb_shadow_localtime }} #======================= Share Definitions ======================= {% for item in smb_shares %} [{{ item.name }}] - path = {{ item.path }} - guest ok = no - read only = no - browseable = yes - inherit acls = yes - inherit permissions = no - ea support = no - store dos attributes = no - printable = no - create mask = 0664 - force create mode = 0664 - directory mask = 0775 - force directory mode = 0775 - hide special files = yes - follow symlinks = yes - hide dot files = no - valid users = {{ item.users_ro }} {{ item.users_rw }} - invalid users = - read list = {{ item.users_ro }} - write list = {{ item.users_rw }} - + path = {{ item.path }} + guest ok = no + read only = no + browseable = yes + inherit acls = yes + inherit permissions = no + ea support = no + store dos attributes = no + printable = no + create mask = 0664 + force create mode = 0664 + directory mask = 0775 + force directory mode = 0775 + hide special files = yes + follow symlinks = yes + hide dot files = no + valid users = {{ item.users_ro }} {{ item.users_rw }} + invalid users = + read list = {{ item.users_ro }} + write list = {{ item.users_rw }} {% endfor %}