PVE CIFS Share

2021-02-13 20:00:26 +01:00 · 2021-02-13 20:00:26 +01:00 · b4a98f3c96
commit b4a98f3c96
parent 591793582f
9 changed files with 105 additions and 4 deletions
--- a/group_vars/fileserver.yml
+++ b/group_vars/fileserver.yml
@ -24,7 +24,7 @@
      password: "{{ lookup('keepass', 'fileserver_smb_user_docker', 'password') }}"
    - name: 'pve'
      groups: 'users'
-      password: "{{ lookup('keepass', 'fileserver_smb_user_docker', 'password') }}"
+      password: "{{ lookup('keepass', 'fileserver_smb_user_pve', 'password') }}"
    - name: 'brother_ads2700w'
      groups: 'users'
      password: "{{ lookup('keepass', 'fileserver_smb_user_brother_ads2700w', 'password') }}"
@ -73,13 +73,16 @@
      lese_nutzer: ''
      schreibe_nutzer: 'annemariedroessler michaelgrote'
    - freigabename: 'proxmox'
-      ordnerpfad: '/shares_pve_backup'
+      ordnerpfad: '/shares/proxmox'
      lese_nutzer: 'michaelgrote'
      schreibe_nutzer: 'pve'
  smb_workgroup: WORKGROUP
  smb_nutzer_loeschen:
    - { name: '' }
-    
+  smb_min_protocol: "SMB2"
  smb_client_min_protocol: "SMB2"
  smb_client_max_protocol: "SMB3_11"
  ### oefenweb.ufw
  ufw_rules:
    - rule: allow
--- a/keepass_db.kdbx
+++ b/keepass_db.kdbx
--- a/roles/mgrote.fileserver_smb/README.md
+++ b/roles/mgrote.fileserver_smb/README.md
@ -51,3 +51,27 @@ ist das gleiche wie:
  zfs_extra_zfs_pools:
    - { name: "ssd_vm_mirror", type: "ssd", cron_minute_zfs_trim: "5", cron_hour_zfs_trim: "22", cron_month_zfs_trim: "4,8,12", cron_day_zfs_trim: "2", cron_weekday_zfs_scrub: "6", cron_minutes_zfs_scrub: "0", cron_hour_zfs_scrub: "23"}
 ```
 ##### Samba Version
 ```
 Possible values are :
 CORE: Earliest version. No concept of user names.
 COREPLUS: Slight improvements on CORE for efficiency.
 LANMAN1: First modern version of the protocol. Long filename support.
 LANMAN2: Updates to Lanman1 protocol.
 NT1: Current up to date version of the protocol. Used by Windows NT. Known as CIFS.
 SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available.
 SMB2_02: The earliest SMB2 version.
 SMB2_10: Windows 7 SMB2 version.
 SMB2_22: Early Windows 8 SMB2 version.
 SMB2_24: Windows 8 beta SMB2 version.
 By default SMB2 selects the SMB2_10 variant.
 SMB3: The same as SMB2. Used by Windows 8. SMB3 has sub protocols available.
 SMB3_00: Windows 8 SMB3 version. (mostly the same as SMB2_24)
 SMB3_02: Windows 8.1 SMB3 version.
 SMB3_10: early Windows 10 technical preview SMB3 version.
 SMB3_11: Windows 10 technical preview SMB3 version (maybe final).
 ```
--- a/roles/mgrote.fileserver_smb/tasks/main.yml
+++ b/roles/mgrote.fileserver_smb/tasks/main.yml
@ -16,6 +16,7 @@
      state: present
    loop: "{{ smb_nutzer }}"
    no_log: True
    notify: set_samba_passwords
  - name: Erstelle Linux-Nutzer #kommt aus vars im playbook
    become: yes
@ -34,6 +35,7 @@
      name: "{{ item.name }}"
      state: absent
    loop: "{{ smb_nutzer_loeschen }}"
    notify: set_samba_passwords
  - name: Erstelle Freigabeordner
    become: yes
@ -42,6 +44,7 @@
      state: directory
      mode: 0777
    loop: "{{ smb_freigaben }}"
    notify: set_samba_passwords
  - name: "Konfiguriere Freigaben"
    become: yes
@ -51,4 +54,6 @@
      validate: 'testparm -s %s'
    with_items:
      - "{{ smb_freigaben }}"
-    notify: smbd neustarten
+    notify:
      - smbd neustarten
      - set_samba_passwords
--- a/roles/mgrote.mount_cifs/README.md
+++ b/roles/mgrote.mount_cifs/README.md
@ -0,0 +1,11 @@
 ## mgrote.cifs_mount
 ### Beschreibung
 Mounted ein cifs-share.
 ### Funktioniert auf
 - [x] Ubuntu (>=18.04)
 - [x] ProxMox 6.1
 ### Variablen + Defaults
 see [defaults](./defaults/main.yml)
--- a/roles/mgrote.mount_cifs/defaults/main.yml
+++ b/roles/mgrote.mount_cifs/defaults/main.yml
@ -0,0 +1,12 @@
 ---
  cifs_mounts:
    - name: pve_backup_mount_fileserver2
      type: cifs
      state: absent
      dest: /pve_backup_mount
      src: //fileserver2.grote.lan/proxmox
      user: pve
      password: XXXXXXXXXXXXXXX
      domain: grote.lan
      uid: 1000
      gid: 1000
--- a/roles/mgrote.mount_cifs/meta/main.yml
+++ b/roles/mgrote.mount_cifs/meta/main.yml
@ -0,0 +1,3 @@
 ---
  collections:
    - ansible.posix
--- a/roles/mgrote.mount_cifs/tasks/main.yml
+++ b/roles/mgrote.mount_cifs/tasks/main.yml
@ -0,0 +1,39 @@
 ---
  - name: install cifs-utils
    become: yes
    ansible.builtin.package:
      name: cifs-utils
      state: present
  - name: create mount directory
    become: yes
    ansible.builtin.file:
      path: "{{ item.dest }}"
      state: directory
      mode: 0777
    loop: "{{ cifs_mounts }}"
  - name: create credential-file
    become: yes
    ansible.builtin.template:
      src: smb_passwords
      dest: /root/.smb_passwords_{{ item.name }}
      owner: root
      group: root
      mode: '0400'
    loop: "{{ cifs_mounts }}"
    no_log: true
  - name: mount cifs volumes
    become: yes
    ansible.posix.mount:
      src: "{{ item.src }}"
      path: "{{ item.dest }}"
      opts: credentials=/root/.smb_passwords_{{ item.name }},domain={{ item.domain }},uid={{ item.uid | default('1000') }}",gid={{ item.gid | default('1000') }}"
      state: "{{ item.state }}"
      fstype: "{{ item.type }}"
      backup: yes
      dump: "0"
      passno: "0"
    loop: "{{ cifs_mounts }}"
    no_log: true
--- a/roles/mgrote.mount_cifs/templates/smb_passwords
+++ b/roles/mgrote.mount_cifs/templates/smb_passwords
@ -0,0 +1,4 @@
 {% for item in cifs_mounts %}
 username={{ item.user }}
 password={{ item.password }}
 {% endfor %}