aboutsummaryrefslogtreecommitdiff
path: root/manifests/server
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/server')
-rw-r--r--manifests/server/ads.pp81
-rw-r--r--manifests/server/config.pp12
-rw-r--r--manifests/server/install.pp4
-rw-r--r--manifests/server/option.pp21
-rw-r--r--manifests/server/params.pp38
-rw-r--r--manifests/server/service.pp43
-rwxr-xr-x[-rw-r--r--]manifests/server/share.pp288
-rw-r--r--manifests/server/user.pp15
-rw-r--r--manifests/server/winbind.pp17
9 files changed, 295 insertions, 224 deletions
diff --git a/manifests/server/ads.pp b/manifests/server/ads.pp
index 1f8e602..757d091 100644
--- a/manifests/server/ads.pp
+++ b/manifests/server/ads.pp
@@ -1,8 +1,6 @@
+# == Class samba::server::ads
# This module join samba server to Active Dirctory
#
-# Copyright (c) 2013 Lebedev Vadim, abraham1901 at g mail dot c o m
-# Licensed under the MIT License, http://opensource.org/licenses/MIT
-
class samba::server::ads($ensure = present,
$winbind_acct = 'admin',
$winbind_pass = 'SecretPass',
@@ -25,30 +23,47 @@ class samba::server::ads($ensure = present,
$map_readonly = 'no',
$target_ou = 'Nix_Mashine') {
+ $krb5_user_package = $::osfamily ? {
+ 'RedHat' => 'krb5-workstation',
+ default => 'krb5-user',
+ }
+
+ if $::osfamily == 'RedHat' {
+ if $::operatingsystemrelease =~ /^6\./ {
+ $winbind_package = 'samba-winbind'
+ } else {
+ $winbind_package = 'samba-common'
+ }
+ } else {
+ $winbind_package = 'winbind'
+ }
+
package{
- 'krb5-user': ensure => installed;
- 'winbind': ensure => installed;
- 'expect': ensure => installed;
+ $krb5_user_package: ensure => installed;
+ $winbind_package: ensure => installed;
+ 'expect': ensure => installed;
}
include samba::server::config
include samba::server::winbind
- $signal = 'samba::server::winbind'
+ # notify winbind
+ samba::server::option {
+ 'realm': value => $realm,
+ notify => Class['Samba::Server::Winbind'];
+ 'winbind uid': value => $winbind_uid,
+ notify => Class['Samba::Server::Winbind'];
+ 'winbind gid': value => $winbind_gid,
+ notify => Class['Samba::Server::Winbind'];
+ 'winbind enum groups': value => $winbind_enum_groups,
+ notify => Class['Samba::Server::Winbind'];
+ 'winbind enum users': value => $winbind_enum_users,
+ notify => Class['Samba::Server::Winbind'];
+ 'winbind use default domain': value => $winbind_use_default_domain,
+ notify => Class['Samba::Server::Winbind'];
+ }
- set_samba_option {
- 'realm': value => $realm,
- signal => $signal;
- 'winbind uid': value => $winbind_uid,
- signal => $signal;
- 'winbind gid': value => $winbind_gid,
- signal => $signal;
- 'winbind enum groups': value => $winbind_enum_groups,
- signal => $signal;
- 'winbind enum users': value => $winbind_enum_users,
- signal => $signal;
- 'winbind use default domain': value => $winbind_use_default_domain,
- signal => $signal;
+ samba::server::option {
'acl group control': value => $acl_group_control;
'map acl inherit': value => $map_acl_inherit;
'inherit acls': value => $inherit_acls;
@@ -61,14 +76,14 @@ class samba::server::ads($ensure = present,
'map readonly': value => $map_readonly;
}
- $nss_file='etc/nsswitch.conf'
+ $nss_file = 'etc/nsswitch.conf'
- $changes=$nsswitch ? {
+ $changes = $nsswitch ? {
true => [
- "set database[. = 'passwd']/service[1] compat",
- "set database[. = 'passwd']/service[2] winbind",
- "set database[. = 'group']/service[1] compat",
- "set database[. = 'group']/service[2] winbind",
+ 'set database[. = "passwd"]/service[1] compat',
+ 'set database[. = "passwd"]/service[2] winbind',
+ 'set database[. = "group"]/service[1] compat',
+ 'set database[. = "group"]/service[2] winbind',
],
false => [
"rm /files/${nss_file}/database[. = 'passwd']/service[. = 'winbind']",
@@ -86,12 +101,12 @@ class samba::server::ads($ensure = present,
path => '/sbin/verify_active_directory',
owner => root,
group => root,
- mode => "0755",
+ mode => '0755',
content => template("${module_name}/verify_active_directory.erb"),
- require => [ Package['krb5-user', 'winbind', 'expect'],
+ require => [ Package[$krb5_user_package, $winbind_package, 'expect'],
Augeas['samba-realm', 'samba-security', 'samba-winbind enum users',
'samba-winbind enum groups', 'samba-winbind uid', 'samba-winbind gid',
- 'samba-winbind use default domain'] ],
+ 'samba-winbind use default domain'], Service['winbind'] ],
}
file {'configure_active_directory':
@@ -99,18 +114,18 @@ class samba::server::ads($ensure = present,
path => '/sbin/configure_active_directory',
owner => root,
group => root,
- mode => "0755",
+ mode => '0755',
content => template("${module_name}/configure_active_directory.erb"),
- require => [ Package['krb5-user', 'winbind', 'expect'],
+ require => [ Package[$krb5_user_package, $winbind_package, 'expect'],
Augeas['samba-realm', 'samba-security', 'samba-winbind enum users',
'samba-winbind enum groups', 'samba-winbind uid', 'samba-winbind gid',
- 'samba-winbind use default domain'] ],
+ 'samba-winbind use default domain'], Service['winbind'] ],
}
exec {'join-active-directory':
# join the domain configured in samba.conf
command => '/sbin/configure_active_directory -j',
unless => '/sbin/verify_active_directory',
- require => [ File['configure_active_directory', 'verify_active_directory'], Class['samba::server::winbind'] ],
+ require => [ File['configure_active_directory', 'verify_active_directory'], Service['winbind'] ],
}
}
diff --git a/manifests/server/config.pp b/manifests/server/config.pp
index d51e432..eb9b78e 100644
--- a/manifests/server/config.pp
+++ b/manifests/server/config.pp
@@ -1,10 +1,11 @@
+# == Class samba::server::config
+#
class samba::server::config {
-
file { '/etc/samba':
- ensure => directory,
- owner => 'root',
- group => 'root',
- mode => '0755',
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
}
file { '/etc/samba/smb.conf':
@@ -15,5 +16,4 @@ class samba::server::config {
require => [File['/etc/samba'], Class['samba::server::install']],
notify => Class['samba::server::service']
}
-
}
diff --git a/manifests/server/install.pp b/manifests/server/install.pp
index 1454bfe..ec98a49 100644
--- a/manifests/server/install.pp
+++ b/manifests/server/install.pp
@@ -1,5 +1,7 @@
+# == Class samba::server::install
+#
class samba::server::install {
package { 'samba':
ensure => installed
}
-} \ No newline at end of file
+}
diff --git a/manifests/server/option.pp b/manifests/server/option.pp
new file mode 100644
index 0000000..bf491e8
--- /dev/null
+++ b/manifests/server/option.pp
@@ -0,0 +1,21 @@
+# == Define samba::server::option
+#
+define samba::server::option ( $value = '' ) {
+ $incl = $samba::server::incl
+ $context = $samba::server::context
+ $target = $samba::server::target
+
+ $changes = $value ? {
+ '' => "rm ${target}/${name}",
+ default => "set \"${target}/${name}\" \"${value}\"",
+ }
+
+ augeas { "samba-${name}":
+ incl => $incl,
+ lens => 'Samba.lns',
+ context => $context,
+ changes => $changes,
+ require => Augeas['global-section'],
+ notify => Class['Samba::Server::Service']
+ }
+}
diff --git a/manifests/server/params.pp b/manifests/server/params.pp
new file mode 100644
index 0000000..be9e01b
--- /dev/null
+++ b/manifests/server/params.pp
@@ -0,0 +1,38 @@
+# == Class samba::server::params
+#
+class samba::server::params {
+ case $::osfamily {
+ 'Redhat': { $service_name = 'smb' }
+ 'Debian': {
+ case $::operatingsystem {
+ 'Debian': {
+ case $::operatingsystemmajrelease {
+ '8' : { $service_name = 'smbd' }
+ default: { $service_name = 'samba' }
+ }
+ }
+ 'Ubuntu': {
+ $service_name = 'smbd'
+ $nmbd_name = 'nmbd'
+ }
+ default: { $service_name = 'samba' }
+ }
+ }
+ 'Gentoo': { $service_name = 'samba' }
+ 'Archlinux': {
+ $service_name = 'smbd'
+ $nmbd_name = 'nmbd'
+ }
+
+ # Currently Gentoo has $::osfamily = "Linux". This should change in
+ # Factor 1.7.0 <http://projects.puppetlabs.com/issues/17029>, so
+ # adding workaround.
+ 'Linux': {
+ case $::operatingsystem {
+ 'Gentoo': { $service_name = 'samba' }
+ default: { fail("${::operatingsystem} is not supported by this module.") }
+ }
+ }
+ default: { fail("${::osfamily} is not supported by this module.") }
+ }
+}
diff --git a/manifests/server/service.pp b/manifests/server/service.pp
index 6d24cad..68db2d6 100644
--- a/manifests/server/service.pp
+++ b/manifests/server/service.pp
@@ -1,27 +1,24 @@
-class samba::server::service ($ensure = running, $enable = true) {
- case $::osfamily {
- Redhat: { $service_name = 'smb' }
- Debian: { $service_name = 'samba' }
- Gentoo: { $service_name = 'samba' }
+# == Class samba::server::server
+#
+class samba::server::service (
+ $ensure = running,
+ $enable = true
+) inherits samba::server::params {
- # Currently Gentoo has $::osfamily = "Linux". This should change in
- # Factor 1.7.0 <http://projects.puppetlabs.com/issues/17029>, so
- # adding workaround.
- Linux: {
- case $::operatingsystem {
- Gentoo: { $service_name = 'samba' }
- default: { fail("$::operatingsystem is not supported by this module.") }
- }
- }
- default: { fail("$::osfamily is not supported by this module.") }
- }
-
- service { "$service_name" :
- ensure => $ensure,
- hasstatus => true,
- hasrestart => true,
- enable => $enable,
- require => Class['samba::server::config']
+ service { $samba::server::params::service_name :
+ ensure => $ensure,
+ hasstatus => true,
+ hasrestart => true,
+ enable => $enable,
+ require => Class['samba::server::config']
}
+ if $samba::server::params::nmbd_name != undef {
+ service { $samba::server::params::nmbd_name :
+ ensure => $ensure,
+ hasrestart => false,
+ enable => $enable,
+ require => Class['samba::server::config'],
+ }
+ }
}
diff --git a/manifests/server/share.pp b/manifests/server/share.pp
index b4eb02f..b0690bb 100644..100755
--- a/manifests/server/share.pp
+++ b/manifests/server/share.pp
@@ -1,209 +1,195 @@
+# == Define samba::server::share
+#
define samba::server::share($ensure = present,
+ $available = '',
$browsable = '',
$comment = '',
$copy = '',
$create_mask = '',
$directory_mask = '',
$force_create_mask = '',
- $force_directory_mask = '',
+ $force_directory_mode = '',
$force_group = '',
$force_user = '',
- $guest_account = '',
$guest_ok = '',
$guest_only = '',
+ $hide_unreadable = '',
$path = '',
+ $op_locks = '',
+ $level2_oplocks = '',
+ $veto_oplock_files = '',
$read_only = '',
$public = '',
+ $write_list = '',
$writable = '',
- $printable = '') {
-
+ $printable = '',
+ $valid_users = '',
+ $follow_symlinks = '',
+ $wide_links = '',
+ $map_acl_inherit = '',
+ $store_dos_attributes = '',
+ $strict_allocate = '',
+ $hide_dot_files = '',
+ ) {
+
+ $incl = $samba::server::incl
$context = $samba::server::context
- $target = "target[. = '${name}']"
+ $target = "target[. = '${name}']"
+
+ $section_changes = $ensure ? {
+ present => "set ${target} '${name}'",
+ default => "rm ${target} '${name}'",
+ }
augeas { "${name}-section":
+ incl => $incl,
+ lens => 'Samba.lns',
context => $context,
- changes => $ensure ? {
- present => "set ${target} '${name}'",
- default => "rm ${target} '${name}'",
- },
+ changes => $section_changes,
require => Class['samba::server::config'],
notify => Class['samba::server::service']
}
if $ensure == 'present' {
- augeas { "${name}-browsable":
- context => $context,
- changes => $browsable ? {
- true => "set ${target}/browsable yes",
- false => "set ${target}/browsable no",
- default => "rm ${target}/browsable",
- },
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-comment":
- context => $context,
- changes => $comment ? {
- default => "set ${target}/comment '${comment}'",
- '' => "rm ${target}/comment",
- },
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-copy":
- context => $context,
- changes => $copy ? {
- default => "set ${target}/copy '${copy}'",
- '' => "rm ${target}/copy",
- },
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-create_mask":
- context => $context,
- changes => $create_mask ? {
+ $changes = [
+ $available ? {
+ true => "set \"${target}/available\" yes",
+ false => "set \"${target}/available\" no",
+ default => "rm \"${target}/available\"",
+ },
+ $browsable ? {
+ true => "set \"${target}/browsable\" yes",
+ false => "set \"${target}/browsable\" no",
+ default => "rm \"${target}/browsable\"",
+ },
+ $comment ? {
+ default => "set \"${target}/comment\" '${comment}'",
+ '' => "rm \"${target}/comment\"",
+ },
+ $copy ? {
+ '' => "rm \"${target}/copy\"",
+ default => "set \"${target}/copy\" '${copy}'",
+ },
+ $create_mask ? {
+ '' => "rm \"${target}/create mask\"",
default => "set \"${target}/create mask\" '${create_mask}'",
- '' => "rm \"${target}/create mask\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-directory_mask":
- context => $context,
- changes => $directory_mask ? {
+ $directory_mask ? {
+ '' => "rm \"${target}/directory mask\"",
default => "set \"${target}/directory mask\" '${directory_mask}'",
- '' => "rm \"${target}/directory mask\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-force_create_mask":
- context => $context,
- changes => $force_create_mask ? {
+ $force_create_mask ? {
+ '' => "rm \"${target}/force create mask\"",
default => "set \"${target}/force create mask\" '${force_create_mask}'",
- '' => "rm \"${target}/force create mask\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-force_directory_mask":
- context => $context,
- changes => $force_directory_mask ? {
- default => "set \"${target}/force directory mask\" '${force_directory_mask}'",
- '' => "rm \"${target}/force directory mask\"",
+ $force_directory_mode ? {
+ '' => "rm \"${target}/force directory mode\"",
+ default => "set \"${target}/force directory mode\" '${force_directory_mode}'",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-force_group":
- context => $context,
- changes => $force_group ? {
+ $force_group ? {
+ '' => "rm \"${target}/force group\"",
default => "set \"${target}/force group\" '${force_group}'",
- '' => "rm \"${target}/force group\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-force_user":
- context => $context,
- changes => $force_user ? {
+ $force_user ? {
+ '' => "rm \"${target}/force user\"",
default => "set \"${target}/force user\" '${force_user}'",
- '' => "rm \"${target}/force user\"",
- },
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-guest_account":
- context => $context,
- changes => $guest_account ? {
- default => "set \"${target}/guest account\" '${guest_account}'",
- '' => "rm \"${target}/guest account\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-guest_ok":
- context => $context,
- changes => $guest_ok ? {
+ $guest_ok ? {
true => "set \"${target}/guest ok\" yes",
false => "set \"${target}/guest ok\" no",
- default => "rm \"${target}/guest ok\"",
+ default => "rm \"${target}/guest ok\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-guest_only":
- context => $context,
- changes => $guest_only ? {
+ $guest_only ? {
true => "set \"${target}/guest only\" yes",
false => "set \"${target}/guest only\" no",
- default => "rm \"${target}/guest only\"",
+ default => "rm \"${target}/guest only\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-path":
- context => $context,
- changes => $path ? {
+ $hide_unreadable ? {
+ true => "set \"${target}/hide unreadable\" yes",
+ false => "set \"${target}/hide unreadable\" no",
+ default => "rm \"${target}/hide unreadable\"",
+ },
+ $path ? {
default => "set ${target}/path '${path}'",
- '' => "rm ${target}/path",
+ '' => "rm ${target}/path",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-read_only":
- context => $context,
- changes => $read_only ? {
+ $read_only ? {
true => "set \"${target}/read only\" yes",
false => "set \"${target}/read only\" no",
- default => "rm \"${target}/read_only\"",
+ default => "rm \"${target}/read only\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-public":
- context => $context,
- changes => $public ? {
+ $public ? {
true => "set \"${target}/public\" yes",
false => "set \"${target}/public\" no",
- default => "rm \"${target}/public\"",
+ default => "rm \"${target}/public\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-writable":
- context => $context,
- changes => $writable ? {
+ $writable ? {
true => "set \"${target}/writable\" yes",
false => "set \"${target}/writable\" no",
- default => "rm \"${target}/writable\"",
+ default => "rm \"${target}/writable\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-printable":
- context => $context,
- changes => $printable ? {
+ $printable ? {
true => "set \"${target}/printable\" yes",
false => "set \"${target}/printable\" no",
- default => "rm \"${target}/printable\"",
+ default => "rm \"${target}/printable\"",
+ },
+ $follow_symlinks ? {
+ true => "set \"${target}/follow symlinks\" yes",
+ false => "set \"${target}/follow symlinks\" no",
+ default => "rm \"${target}/follow symlinks\"",
},
+ $wide_links ? {
+ true => "set \"${target}/wide links\" yes",
+ false => "set \"${target}/wide links\" no",
+ default => "rm \"${target}/wide links\"",
+ },
+ $map_acl_inherit ? {
+ true => "set \"${target}/map acl inherit\" yes",
+ false => "set \"${target}/map acl inherit\" no",
+ default => "rm \"${target}/map acl inherit\"",
+ },
+ $store_dos_attributes ? {
+ true => "set \"${target}/store dos attributes\" yes",
+ false => "set \"${target}/store dos attributes\" no",
+ default => "rm \"${target}/store dos attributes\"",
+ },
+ $strict_allocate ? {
+ true => "set \"${target}/strict allocate\" yes",
+ false => "set \"${target}/strict allocate\" no",
+ default => "rm \"${target}/strict allocate\"",
+ },
+ $valid_users ? {
+ '' => "rm \"${target}/valid users\"",
+ default => "set \"${target}/valid users\" '${valid_users}'",
+ },
+ $op_locks ? {
+ '' => "rm \"${target}/oplocks\"",
+ default => "set \"${target}/oplocks\" '${op_locks}'",
+ },
+ $level2_oplocks ? {
+ '' => "rm \"${target}/level2 oplocks\"",
+ default => "set \"${target}/level2 oplocks\" '${level2_oplocks}'",
+ },
+ $veto_oplock_files ? {
+ '' => "rm \"${target}/veto oplock files\"",
+ default => "set \"${target}/veto oplock files\" '${veto_oplock_files}'",
+ },
+ $write_list ? {
+ '' => "rm \"${target}/write list\"",
+ default => "set \"${target}/write list\" '${write_list}'",
+ },
+ $hide_dot_files ? {
+ true => "set \"${target}/hide dot files\" yes",
+ false => "set \"${target}/hide dot files\" no",
+ default => "rm \"${target}/hide dot files\"",
+ },
+ ]
+
+ augeas { "${name}-changes":
+ incl => $incl,
+ lens => 'Samba.lns',
+ context => $context,
+ changes => $changes,
require => Augeas["${name}-section"],
notify => Class['samba::server::service']
}
diff --git a/manifests/server/user.pp b/manifests/server/user.pp
new file mode 100644
index 0000000..d10a602
--- /dev/null
+++ b/manifests/server/user.pp
@@ -0,0 +1,15 @@
+# == Class samba::server::user
+#
+define samba::server::user (
+ $password,
+ $user_name = $name,
+) {
+ require ::samba::server::install
+
+ exec { "add smb account for ${user_name}":
+ command => "/bin/echo -e '${password}\\n${password}\\n' | /usr/bin/pdbedit --password-from-stdin -a '${user_name}'",
+ unless => "/usr/bin/pdbedit '${user_name}'",
+ require => [ User[$user_name] ],
+ notify => Class['samba::server::service'] #TODO: Is this really required??
+ }
+}
diff --git a/manifests/server/winbind.pp b/manifests/server/winbind.pp
index 76136b9..a379bb7 100644
--- a/manifests/server/winbind.pp
+++ b/manifests/server/winbind.pp
@@ -1,16 +1,13 @@
+# == Class samba::server::winbind
+#
class samba::server::winbind ($ensure = running, $enable = true) {
$service_name = 'winbind'
- notify { 'winbind-service':
- message => 'Check winbind service',
- }
-
service { $service_name:
- ensure => $ensure,
- hasstatus => true,
- hasrestart => true,
- enable => $enable,
- require => Class['samba::server::config']
+ ensure => $ensure,
+ hasstatus => true,
+ hasrestart => true,
+ enable => $enable,
+ require => Class['samba::server::config']
}
-
}