Update: fileserver_smb auf dict statt einzelne Variablen (#277)

Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: mg/ansible#277 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de>
2021-12-14 20:26:49 +01:00 · 2021-12-14 20:26:49 +01:00 · f5dc006a84
commit f5dc006a84
parent 800997588f
8 changed files with 145 additions and 117 deletions
--- a/roles/mgrote.fileserver_smb/README.md
+++ b/roles/mgrote.fileserver_smb/README.md
@ -47,6 +47,22 @@ SMB3_11: Windows 10 technical preview SMB3 version (maybe final).
      path: '/shares_videos' # Pfad auf SMB-Server
      users_ro: ' win10 kodi' # Nutzer - Lesezugriff
      users_rw: 'annemariedroessler michaelgrote' # Nutzer - Schreibzugriff
      # Optional(+default-values)
      item.guest_ok: "no"
      item.read_only: "no"
      browseable: "yes"
      inherit_acls: "yes"
      inherit_permissions: "no"
      ea_support: "no"
      store_dos_attributes: "no"
      printable: "n"o
      create_mask: "0664"
      force_create_mode: "0664"
      directory_mask: "0775"
      force_directory_mode: "0775"
      hide_special_files: "yes"
      follow_symlinks: "yes"
      hide_dot_files: "no"
 ```
 ### weitere Variablen + Defaults
--- a/roles/mgrote.fileserver_smb/defaults/main.yml
+++ b/roles/mgrote.fileserver_smb/defaults/main.yml
@ -1,37 +1,74 @@
 ---
  # Global SMB options
-  smb_min_protocol: "SMB2_02"
+  ## "smb_global_options" = dict
-  smb_client_min_protocol: "SMB2_02"
+  ## -option: "smbd option name" <-- value
-  smb_client_max_protocol: "SMB3_00"
+  ##  value: "smbd value" <-- value
-  smb_log_level: "1"
+  ## neue Optionen konnen einfach angehangen werden bzw. alte entfernt werden
-  smb_server_string: "%h_server"
+  smb_global_options:
-  smb_log_file: "/var/log/samba/log"
+    - option: min_protocol
-  smb_max_log_size: "1000"
+      value: "SMB2_02"
-  smb_logging: "syslog"
+    - option: client_min_protocol
-  smb_panic_action: "/usr/share/samba/panic-action_%d"
+      value: "SMB2_02"
-  smb_passdb_backend: "tdbsam"
+    - option: client_max_protocol
-  smb_obey_pam_restrictions: "no"
+      value: "SMB3_00"
-  smb_unix_password_sync: "no"
+    - option: log_level
-  smb_passwd_program: "/usr/bin/passwd_%u"
+      value: "1"
-  smb_passwd_chat: '*Enter\snew\s*\spassword:*_%n\n_*Retype\snew\s*\spassword:*_%n\n_*password\supdated\ssuccessfully*_.'
+    - option: log_file
-  smb_pam_password_change: "yes"
+      value: "/var/log/samba/log"
-  smb_guest_account: "nobody"
+    - option: max_log_size
-  smb_load_printers: "no"
+      value: "1000"
-  smb_unix_extensions: "yes"
+    - option: logging
-  smb_wide_links: "no"
+      value: "syslog"
-  smb_create_mask: "0777"
+    - option: panic_action
-  smb_directory_mask: "0777"
+      value: "/usr/share/samba/panic-action_%d"
-  smb_map_to_guest: "Bad User"
+    - option: passdb_backend
-  smb_use_sendfile: "yes"
+      value: "tdbsam"
-  smb_aio_read_size: "16384"
+    - option: obey_pam_restrictions
-  smb_aio_write_size: "16384"
+      value: "no"
-  smb_local_master: "yes"
+    - option: unix_password_sync
-  smb_time_server: "no"
+      value: "no"
-  smb_wins_support: "no"
+    - option: passwd_program
-  smb_acl_allow_execute_always: "yes"
+      value: "/usr/bin/passwd_%u"
-  smb_force_user: "root"
+    - option: passwd_chat
-  smb_force_group: "users"
+      value: '*Enter\snew\s*\spassword:*_%n\n_*Retype\snew\s*\spassword:*_%n\n_*password\supdated\ssuccessfully*_.'
-  smb_workgroup: WORKGROUP
+    - option: pam_password_change
      value: "yes"
    - option: guest_account
      value: "nobody"
    - option: load_printers
      value: "no"
    - option: unix_extensions
      value: "yes"
    - option: wide_links
      value: "no"
    - option: create_mask
      value: "0777"
    - option: directory_mask
      value: "0777"
    - option: map_to_guest
      value: "Bad User"
    - option: use_sendfile
      value: "yes"
    - option: aio_read_size
      value: "16384"
    - option: aio_write_size
      value: "16384"
    - option: local_master
      value: "yes"
    - option: time_server
      value: "no"
    - option: wins_support
      value: "no"
    - option: acl_allow_execute_always
      value: "yes"
    - option: force_user
      value: "root"
    - option: force_group
      value: "users"
    - option: workgroup
      value: WORKGROUP
    - option: server_string
      value: "%h_server"
  # packages
  smb_packages:
--- a/roles/mgrote.fileserver_smb/handlers/main.yml
+++ b/roles/mgrote.fileserver_smb/handlers/main.yml
@ -1,12 +1,12 @@
 ---
-  - name: restart_smbd
+  - name: restart smbd
    become: yes
    systemd:
      name: smbd
      enabled: yes
      state: restarted
-  - name: set_samba_passwords
+  - name: set samba passwords
    become: yes
    shell: "printf '{{ item.password }}\n{{ item.password }}\n' | smbpasswd -a {{ item.name }}" # noqa 306 301 #pipefail: https://blog.christophersmart.com/2019/09/28/using-pipefail-with-shell-module-in-ansible/
    with_items:
--- a/roles/mgrote.fileserver_smb/tasks/main.yml
+++ b/roles/mgrote.fileserver_smb/tasks/main.yml
@ -1,9 +1,11 @@
 ---
  - name: include install tasks
    include_tasks: packages.yml
  - name: include user tasks
    include_tasks: users.yml
    when: smb_users is defined
  - name: include share tasks
    include_tasks: shares.yml
    when: smb_shares is defined
--- a/roles/mgrote.fileserver_smb/tasks/packages.yml
+++ b/roles/mgrote.fileserver_smb/tasks/packages.yml
@ -1,5 +1,5 @@
 ---
-  - name: install packages
+  - name: ensure packages are installed
    become: yes
    ansible.builtin.package:
      name: "{{ smb_packages }}"
--- a/roles/mgrote.fileserver_smb/tasks/shares.yml
+++ b/roles/mgrote.fileserver_smb/tasks/shares.yml
@ -1,14 +1,14 @@
 ---
-  - name: create smb shares directories
+  - name: ensure smb share directories exist
    become: yes
    ansible.builtin.file:
      path: "{{ item.path }}"
      state: directory
      mode: 0777
    loop: "{{ smb_shares }}"
-    notify: set_samba_passwords
+    notify: set samba passwords
-  - name: configure shares
+  - name: template share configuration
    become: yes
    ansible.builtin.template:
      src: smb.conf.j2
@ -17,5 +17,5 @@
    with_items:
      - "{{ smb_shares }}"
    notify:
-      - restart_smbd
+      - restart smbd
-      - set_samba_passwords
+      - set samba passwords
--- a/roles/mgrote.fileserver_smb/tasks/users.yml
+++ b/roles/mgrote.fileserver_smb/tasks/users.yml
@ -1,5 +1,5 @@
 ---
-  - name: create group
+  - name: ensure group exist
    become: yes
    ansible.builtin.group:
      name: smb_users
@ -15,4 +15,4 @@
      create_home: no
    loop: "{{ smb_users }}"
    no_log: True
-    notify: set_samba_passwords
+    notify: set samba passwords
--- a/roles/mgrote.fileserver_smb/templates/smb.conf.j2
+++ b/roles/mgrote.fileserver_smb/templates/smb.conf.j2
@ -1,45 +1,18 @@
 {{ file_header | default () }}
 {% if smb_global_options is defined %}
 #======================= Global Settings =======================
-[global]
+{% for item in smb_global_options %}
-min protocol              = {{ smb_min_protocol }}
+{{ item.option }} = {{ item.value }}
-client min protocol       = {{ smb_client_min_protocol }}
+{% endfor %}
-client max protocol       = {{ smb_client_max_protocol }}
+{% endif %}
 workgroup                 = {{ smb_workgroup }}
 server string             = {{ smb_server_string }}
 log level                 = {{ smb_log_level }}
 log file                  = {{ smb_log_file }}
 max log size              = {{ smb_max_log_size }}
 logging                   = {{ smb_logging }}
 panic action              = {{ smb_panic_action }}
 passdb backend            = {{ smb_passdb_backend }}
 obey pam restrictions     = {{ smb_obey_pam_restrictions }}
 unix password sync        = {{ smb_unix_password_sync }}
 passwd program            = {{ smb_passwd_program }}
 passwd chat               = {{ smb_passwd_chat }}
 pam password change       = {{ smb_pam_password_change }}
 guest account             = {{ smb_guest_account }}
 load printers             = {{ smb_load_printers }}
 unix extensions           = {{ smb_unix_extensions }}
 wide links                = {{ smb_wide_links }}
 create mask               = {{ smb_create_mask }}
 directory mask            = {{ smb_directory_mask }}
 map to guest              = {{ smb_map_to_guest }}
 use sendfile              = {{ smb_use_sendfile }}
 aio read size             = {{ smb_aio_read_size }}
 aio write size            = {{ smb_aio_write_size }}
 local master              = {{ smb_local_master }}
 time server               = {{ smb_time_server }}
 wins support              = {{ smb_wins_support }}
 acl allow execute always  = {{ smb_acl_allow_execute_always }}
 force user                = {{ smb_force_user }}
 force group               = {{ smb_force_group }}
 {% if smb_enable_snapshots_dir is sameas true and smb_enable_snapshots_shadow is sameas false %}
-#======================= Snapshots als Ordner =======================
+##======================= catia =======================
 vfs objects = catia
 catia: mappings = {{ smb_catia_mappings }}
 {% elif smb_enable_snapshots_shadow is sameas true and smb_enable_snapshots_dir is sameas false %}
-#======================= Snapshots als Schattenkopien =======================
+##======================= shadow_copy2 =======================
 vfs objects = {{ smb_shadow_vfs_objects }}
 shadow: snapdir = {{ smb_shadow_snapdir }}
 shadow: sort = {{ smb_shadow_sort }}
@ -48,11 +21,11 @@ shadow: snapprefix        = {{ smb_shadow_snapprefix }}
 shadow: delimiter = {{ smb_shadow_delimiter }}
 shadow: localtime = {{ smb_shadow_localtime }}
 {% elif smb_enable_snapshots_shadow is sameas true and smb_enable_snapshots_dir is sameas true %}
-#======================= Snapshots =======================
+#======================= vfs objects =======================
 vfs objects = shadow_copy2, catia
-#======================= Snapshots als Ordner =======================
+##======================= catia =======================
 catia: mappings = {{ smb_catia_mappings }}
-#======================= Snapshots als Schattenkopien =======================
+##======================= shadow_copy2 =======================
 shadow: snapdir = {{ smb_shadow_snapdir }}
 shadow: sort = {{ smb_shadow_sort }}
 shadow: format = {{ smb_shadow_format }}
@ -67,21 +40,21 @@ shadow: localtime         = {{ smb_shadow_localtime }}
 [{{ item.name }}]
    path = {{ item.path }}
-  guest ok                = no
+    guest ok = {{ item.guest_ok | default('no') }}
-  read only               = no
+    read only = {{ item.read_only | default('no') }}
-  browseable              = yes
+    browseable = {{ item.browseable | default('yes') }}
-  inherit acls            = yes
+    inherit acls = {{ item.inherit_acls | default('yes') }}
-  inherit permissions     = no
+    inherit permissions = {{ item.inherit_permissions | default('no') }}
-  ea support              = no
+    ea support = {{ item.ea_support | default('no') }}
-  store dos attributes    = no
+    store dos attributes = {{ item.store_dos_attributes | default('no') }}
-  printable               = no
+    printable = {{ item.printable | default('no') }}
-  create mask             = 0664
+    create mask = {{ item.create_mask | default('0664') }}
-  force create mode       = 0664
+    force create mode = {{ item.force_create_mode | default('0664') }}
-  directory mask          = 0775
+    directory mask = {{ item.directory_mask | default('0775') }}
-  force directory mode    = 0775
+    force directory mode = {{ item.force_directory_mode | default('0775') }}
-  hide special files      = yes
+    hide special files = {{ item.hide_special_files | default('yes') }}
-  follow symlinks         = yes
+    follow symlinks = {{ item.follow_symlinks | default('yes') }}
-  hide dot files          = no
+    hide dot files = {{ item.hide_dot_files | default('no') }}
    valid users = {{ item.users_ro }} {{ item.users_rw }}
    invalid users =
    read list = {{ item.users_ro }}