From f5dc006a84149acd6ad7699f7787d055c7a6c097 Mon Sep 17 00:00:00 2001 From: mg Date: Tue, 14 Dec 2021 20:26:49 +0100 Subject: [PATCH] Update: fileserver_smb auf dict statt einzelne Variablen (#277) Co-authored-by: Michael Grote Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/277 Co-authored-by: mg Co-committed-by: mg --- roles/mgrote.fileserver_smb/README.md | 16 +++ roles/mgrote.fileserver_smb/defaults/main.yml | 101 +++++++++----- roles/mgrote.fileserver_smb/handlers/main.yml | 4 +- roles/mgrote.fileserver_smb/tasks/main.yml | 2 + .../mgrote.fileserver_smb/tasks/packages.yml | 2 +- roles/mgrote.fileserver_smb/tasks/shares.yml | 10 +- roles/mgrote.fileserver_smb/tasks/users.yml | 4 +- .../templates/smb.conf.j2 | 123 +++++++----------- 8 files changed, 145 insertions(+), 117 deletions(-) diff --git a/roles/mgrote.fileserver_smb/README.md b/roles/mgrote.fileserver_smb/README.md index 05a18a67..7b34e550 100644 --- a/roles/mgrote.fileserver_smb/README.md +++ b/roles/mgrote.fileserver_smb/README.md @@ -47,6 +47,22 @@ SMB3_11: Windows 10 technical preview SMB3 version (maybe final). path: '/shares_videos' # Pfad auf SMB-Server users_ro: ' win10 kodi' # Nutzer - Lesezugriff users_rw: 'annemariedroessler michaelgrote' # Nutzer - Schreibzugriff + # Optional(+default-values) + item.guest_ok: "no" + item.read_only: "no" + browseable: "yes" + inherit_acls: "yes" + inherit_permissions: "no" + ea_support: "no" + store_dos_attributes: "no" + printable: "n"o + create_mask: "0664" + force_create_mode: "0664" + directory_mask: "0775" + force_directory_mode: "0775" + hide_special_files: "yes" + follow_symlinks: "yes" + hide_dot_files: "no" ``` ### weitere Variablen + Defaults diff --git a/roles/mgrote.fileserver_smb/defaults/main.yml b/roles/mgrote.fileserver_smb/defaults/main.yml index 741e7c10..3996f9ac 100644 --- a/roles/mgrote.fileserver_smb/defaults/main.yml +++ b/roles/mgrote.fileserver_smb/defaults/main.yml @@ -1,37 +1,74 @@ --- # Global SMB options - smb_min_protocol: "SMB2_02" - smb_client_min_protocol: "SMB2_02" - smb_client_max_protocol: "SMB3_00" - smb_log_level: "1" - smb_server_string: "%h_server" - smb_log_file: "/var/log/samba/log" - smb_max_log_size: "1000" - smb_logging: "syslog" - smb_panic_action: "/usr/share/samba/panic-action_%d" - smb_passdb_backend: "tdbsam" - smb_obey_pam_restrictions: "no" - smb_unix_password_sync: "no" - smb_passwd_program: "/usr/bin/passwd_%u" - smb_passwd_chat: '*Enter\snew\s*\spassword:*_%n\n_*Retype\snew\s*\spassword:*_%n\n_*password\supdated\ssuccessfully*_.' - smb_pam_password_change: "yes" - smb_guest_account: "nobody" - smb_load_printers: "no" - smb_unix_extensions: "yes" - smb_wide_links: "no" - smb_create_mask: "0777" - smb_directory_mask: "0777" - smb_map_to_guest: "Bad User" - smb_use_sendfile: "yes" - smb_aio_read_size: "16384" - smb_aio_write_size: "16384" - smb_local_master: "yes" - smb_time_server: "no" - smb_wins_support: "no" - smb_acl_allow_execute_always: "yes" - smb_force_user: "root" - smb_force_group: "users" - smb_workgroup: WORKGROUP + ## "smb_global_options" = dict + ## -option: "smbd option name" <-- value + ## value: "smbd value" <-- value + ## neue Optionen konnen einfach angehangen werden bzw. alte entfernt werden + smb_global_options: + - option: min_protocol + value: "SMB2_02" + - option: client_min_protocol + value: "SMB2_02" + - option: client_max_protocol + value: "SMB3_00" + - option: log_level + value: "1" + - option: log_file + value: "/var/log/samba/log" + - option: max_log_size + value: "1000" + - option: logging + value: "syslog" + - option: panic_action + value: "/usr/share/samba/panic-action_%d" + - option: passdb_backend + value: "tdbsam" + - option: obey_pam_restrictions + value: "no" + - option: unix_password_sync + value: "no" + - option: passwd_program + value: "/usr/bin/passwd_%u" + - option: passwd_chat + value: '*Enter\snew\s*\spassword:*_%n\n_*Retype\snew\s*\spassword:*_%n\n_*password\supdated\ssuccessfully*_.' + - option: pam_password_change + value: "yes" + - option: guest_account + value: "nobody" + - option: load_printers + value: "no" + - option: unix_extensions + value: "yes" + - option: wide_links + value: "no" + - option: create_mask + value: "0777" + - option: directory_mask + value: "0777" + - option: map_to_guest + value: "Bad User" + - option: use_sendfile + value: "yes" + - option: aio_read_size + value: "16384" + - option: aio_write_size + value: "16384" + - option: local_master + value: "yes" + - option: time_server + value: "no" + - option: wins_support + value: "no" + - option: acl_allow_execute_always + value: "yes" + - option: force_user + value: "root" + - option: force_group + value: "users" + - option: workgroup + value: WORKGROUP + - option: server_string + value: "%h_server" # packages smb_packages: diff --git a/roles/mgrote.fileserver_smb/handlers/main.yml b/roles/mgrote.fileserver_smb/handlers/main.yml index 02e9dc59..ae6c0a59 100644 --- a/roles/mgrote.fileserver_smb/handlers/main.yml +++ b/roles/mgrote.fileserver_smb/handlers/main.yml @@ -1,12 +1,12 @@ --- - - name: restart_smbd + - name: restart smbd become: yes systemd: name: smbd enabled: yes state: restarted - - name: set_samba_passwords + - name: set samba passwords become: yes shell: "printf '{{ item.password }}\n{{ item.password }}\n' | smbpasswd -a {{ item.name }}" # noqa 306 301 #pipefail: https://blog.christophersmart.com/2019/09/28/using-pipefail-with-shell-module-in-ansible/ with_items: diff --git a/roles/mgrote.fileserver_smb/tasks/main.yml b/roles/mgrote.fileserver_smb/tasks/main.yml index 08a87266..0b808ce3 100644 --- a/roles/mgrote.fileserver_smb/tasks/main.yml +++ b/roles/mgrote.fileserver_smb/tasks/main.yml @@ -1,9 +1,11 @@ --- - name: include install tasks include_tasks: packages.yml + - name: include user tasks include_tasks: users.yml when: smb_users is defined + - name: include share tasks include_tasks: shares.yml when: smb_shares is defined diff --git a/roles/mgrote.fileserver_smb/tasks/packages.yml b/roles/mgrote.fileserver_smb/tasks/packages.yml index 42d3b302..a306a2ca 100644 --- a/roles/mgrote.fileserver_smb/tasks/packages.yml +++ b/roles/mgrote.fileserver_smb/tasks/packages.yml @@ -1,5 +1,5 @@ --- - - name: install packages + - name: ensure packages are installed become: yes ansible.builtin.package: name: "{{ smb_packages }}" diff --git a/roles/mgrote.fileserver_smb/tasks/shares.yml b/roles/mgrote.fileserver_smb/tasks/shares.yml index e2ce8832..3ad48a1c 100644 --- a/roles/mgrote.fileserver_smb/tasks/shares.yml +++ b/roles/mgrote.fileserver_smb/tasks/shares.yml @@ -1,14 +1,14 @@ --- - - name: create smb shares directories + - name: ensure smb share directories exist become: yes ansible.builtin.file: path: "{{ item.path }}" state: directory mode: 0777 loop: "{{ smb_shares }}" - notify: set_samba_passwords + notify: set samba passwords - - name: configure shares + - name: template share configuration become: yes ansible.builtin.template: src: smb.conf.j2 @@ -17,5 +17,5 @@ with_items: - "{{ smb_shares }}" notify: - - restart_smbd - - set_samba_passwords + - restart smbd + - set samba passwords diff --git a/roles/mgrote.fileserver_smb/tasks/users.yml b/roles/mgrote.fileserver_smb/tasks/users.yml index 5f6e945d..d20d81af 100644 --- a/roles/mgrote.fileserver_smb/tasks/users.yml +++ b/roles/mgrote.fileserver_smb/tasks/users.yml @@ -1,5 +1,5 @@ --- - - name: create group + - name: ensure group exist become: yes ansible.builtin.group: name: smb_users @@ -15,4 +15,4 @@ create_home: no loop: "{{ smb_users }}" no_log: True - notify: set_samba_passwords + notify: set samba passwords diff --git a/roles/mgrote.fileserver_smb/templates/smb.conf.j2 b/roles/mgrote.fileserver_smb/templates/smb.conf.j2 index 68979b9e..de48d34c 100644 --- a/roles/mgrote.fileserver_smb/templates/smb.conf.j2 +++ b/roles/mgrote.fileserver_smb/templates/smb.conf.j2 @@ -1,64 +1,37 @@ {{ file_header | default () }} + +{% if smb_global_options is defined %} #======================= Global Settings ======================= -[global] -min protocol = {{ smb_min_protocol }} -client min protocol = {{ smb_client_min_protocol }} -client max protocol = {{ smb_client_max_protocol }} -workgroup = {{ smb_workgroup }} -server string = {{ smb_server_string }} -log level = {{ smb_log_level }} -log file = {{ smb_log_file }} -max log size = {{ smb_max_log_size }} -logging = {{ smb_logging }} -panic action = {{ smb_panic_action }} -passdb backend = {{ smb_passdb_backend }} -obey pam restrictions = {{ smb_obey_pam_restrictions }} -unix password sync = {{ smb_unix_password_sync }} -passwd program = {{ smb_passwd_program }} -passwd chat = {{ smb_passwd_chat }} -pam password change = {{ smb_pam_password_change }} -guest account = {{ smb_guest_account }} -load printers = {{ smb_load_printers }} -unix extensions = {{ smb_unix_extensions }} -wide links = {{ smb_wide_links }} -create mask = {{ smb_create_mask }} -directory mask = {{ smb_directory_mask }} -map to guest = {{ smb_map_to_guest }} -use sendfile = {{ smb_use_sendfile }} -aio read size = {{ smb_aio_read_size }} -aio write size = {{ smb_aio_write_size }} -local master = {{ smb_local_master }} -time server = {{ smb_time_server }} -wins support = {{ smb_wins_support }} -acl allow execute always = {{ smb_acl_allow_execute_always }} -force user = {{ smb_force_user }} -force group = {{ smb_force_group }} +{% for item in smb_global_options %} +{{ item.option }} = {{ item.value }} +{% endfor %} +{% endif %} {% if smb_enable_snapshots_dir is sameas true and smb_enable_snapshots_shadow is sameas false %} -#======================= Snapshots als Ordner ======================= -vfs objects = catia -catia: mappings = {{ smb_catia_mappings }} +##======================= catia ======================= +vfs objects = catia +catia: mappings = {{ smb_catia_mappings }} {% elif smb_enable_snapshots_shadow is sameas true and smb_enable_snapshots_dir is sameas false %} -#======================= Snapshots als Schattenkopien ======================= -vfs objects = {{ smb_shadow_vfs_objects }} -shadow: snapdir = {{ smb_shadow_snapdir }} -shadow: sort = {{ smb_shadow_sort }} -shadow: format = {{ smb_shadow_format }} -shadow: snapprefix = {{ smb_shadow_snapprefix }} -shadow: delimiter = {{ smb_shadow_delimiter }} -shadow: localtime = {{ smb_shadow_localtime }} +##======================= shadow_copy2 ======================= +vfs objects = {{ smb_shadow_vfs_objects }} +shadow: snapdir = {{ smb_shadow_snapdir }} +shadow: sort = {{ smb_shadow_sort }} +shadow: format = {{ smb_shadow_format }} +shadow: snapprefix = {{ smb_shadow_snapprefix }} +shadow: delimiter = {{ smb_shadow_delimiter }} +shadow: localtime = {{ smb_shadow_localtime }} {% elif smb_enable_snapshots_shadow is sameas true and smb_enable_snapshots_dir is sameas true %} -#======================= Snapshots ======================= -vfs objects = shadow_copy2, catia -#======================= Snapshots als Ordner ======================= -catia: mappings = {{ smb_catia_mappings }} -#======================= Snapshots als Schattenkopien ======================= -shadow: snapdir = {{ smb_shadow_snapdir }} -shadow: sort = {{ smb_shadow_sort }} -shadow: format = {{ smb_shadow_format }} -shadow: snapprefix = {{ smb_shadow_snapprefix }} -shadow: delimiter = {{ smb_shadow_delimiter }} -shadow: localtime = {{ smb_shadow_localtime }} +#======================= vfs objects ======================= +vfs objects = shadow_copy2, catia +##======================= catia ======================= +catia: mappings = {{ smb_catia_mappings }} +##======================= shadow_copy2 ======================= +shadow: snapdir = {{ smb_shadow_snapdir }} +shadow: sort = {{ smb_shadow_sort }} +shadow: format = {{ smb_shadow_format }} +shadow: snapprefix = {{ smb_shadow_snapprefix }} +shadow: delimiter = {{ smb_shadow_delimiter }} +shadow: localtime = {{ smb_shadow_localtime }} {% endif %} @@ -66,24 +39,24 @@ shadow: localtime = {{ smb_shadow_localtime }} {% for item in smb_shares %} [{{ item.name }}] - path = {{ item.path }} - guest ok = no - read only = no - browseable = yes - inherit acls = yes - inherit permissions = no - ea support = no - store dos attributes = no - printable = no - create mask = 0664 - force create mode = 0664 - directory mask = 0775 - force directory mode = 0775 - hide special files = yes - follow symlinks = yes - hide dot files = no - valid users = {{ item.users_ro }} {{ item.users_rw }} - invalid users = - read list = {{ item.users_ro }} - write list = {{ item.users_rw }} + path = {{ item.path }} + guest ok = {{ item.guest_ok | default('no') }} + read only = {{ item.read_only | default('no') }} + browseable = {{ item.browseable | default('yes') }} + inherit acls = {{ item.inherit_acls | default('yes') }} + inherit permissions = {{ item.inherit_permissions | default('no') }} + ea support = {{ item.ea_support | default('no') }} + store dos attributes = {{ item.store_dos_attributes | default('no') }} + printable = {{ item.printable | default('no') }} + create mask = {{ item.create_mask | default('0664') }} + force create mode = {{ item.force_create_mode | default('0664') }} + directory mask = {{ item.directory_mask | default('0775') }} + force directory mode = {{ item.force_directory_mode | default('0775') }} + hide special files = {{ item.hide_special_files | default('yes') }} + follow symlinks = {{ item.follow_symlinks | default('yes') }} + hide dot files = {{ item.hide_dot_files | default('no') }} + valid users = {{ item.users_ro }} {{ item.users_rw }} + invalid users = + read list = {{ item.users_ro }} + write list = {{ item.users_rw }} {% endfor %}