diff options
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/init.pp | 4 | ||||
| -rw-r--r-- | manifests/server.pp | 62 | ||||
| -rw-r--r-- | manifests/server/ads.pp | 81 | ||||
| -rw-r--r-- | manifests/server/config.pp | 12 | ||||
| -rw-r--r-- | manifests/server/install.pp | 4 | ||||
| -rw-r--r-- | manifests/server/option.pp | 21 | ||||
| -rw-r--r-- | manifests/server/params.pp | 38 | ||||
| -rw-r--r-- | manifests/server/service.pp | 43 | ||||
| -rwxr-xr-x[-rw-r--r--] | manifests/server/share.pp | 288 | ||||
| -rw-r--r-- | manifests/server/user.pp | 15 | ||||
| -rw-r--r-- | manifests/server/winbind.pp | 17 |
11 files changed, 340 insertions, 245 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 8a914a4..4fbac9a 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,7 +1,9 @@ +# == Class samba +# class samba { include samba::server if samba::server::security == 'ads' { include samba::server::ads } -}
\ No newline at end of file +} diff --git a/manifests/server.pp b/manifests/server.pp index bc1e3d7..cbc61a9 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,46 +1,68 @@ +# == Class samba::server +# class samba::server($interfaces = '', $security = '', $server_string = '', $unix_password_sync = '', - $workgroup = '') { + $netbios_name = '', + $workgroup = '', + $socket_options = '', + $deadtime = '', + $keepalive = '', + $load_printers = '', + $printing = '', + $printcap_name = '', + $map_to_guest = 'Never', + $guest_account = '', + $disable_spoolss = '', + $kernel_oplocks = '', + $pam_password_change = '', + $os_level = '', + $preferred_master = '', + $bind_interfaces_only = 'yes', + $shares = {}, + $users = {}, ) { include samba::server::install include samba::server::config include samba::server::service + $incl = '/etc/samba/smb.conf' $context = '/files/etc/samba/smb.conf' - $target = "target[. = 'global']" + $target = 'target[. = "global"]' augeas { 'global-section': + incl => $incl, + lens => 'Samba.lns', context => $context, changes => "set ${target} global", require => Class['samba::server::config'], notify => Class['samba::server::service'] } - - set_samba_option { + samba::server::option { 'interfaces': value => $interfaces; - 'bind interfaces only': value => 'yes'; + 'bind interfaces only': value => $bind_interfaces_only; 'security': value => $security; 'server string': value => $server_string; 'unix password sync': value => $unix_password_sync; + 'netbios name': value => $netbios_name; 'workgroup': value => $workgroup; - } -} - -define set_samba_option ( $value = '', $signal = 'samba::server::service' ) { - $context = $samba::server::context - $target = $samba::server::target - $changes = $value ? { - default => "set \"${target}/$name\" \"$value\"", - '' => "rm ${target}/$name", + 'socket options': value => $socket_options; + 'deadtime': value => $deadtime; + 'keepalive': value => $keepalive; + 'load printers': value => $load_printers; + 'printing': value => $printing; + 'printcap name': value => $printcap_name; + 'map to guest': value => $map_to_guest; + 'guest account': value => $guest_account; + 'disable spoolss': value => $disable_spoolss; + 'kernel oplocks': value => $kernel_oplocks; + 'pam password change': value => $pam_password_change; + 'os level': value => $os_level; + 'preferred master': value => $preferred_master; } - augeas { "samba-$name": - context => $context, - changes => $changes, - require => Augeas['global-section'], - notify => Class[$signal] - } + create_resources(samba::server::share, $shares) + create_resources(samba::server::user, $users) } diff --git a/manifests/server/ads.pp b/manifests/server/ads.pp index 1f8e602..757d091 100644 --- a/manifests/server/ads.pp +++ b/manifests/server/ads.pp @@ -1,8 +1,6 @@ +# == Class samba::server::ads # This module join samba server to Active Dirctory # -# Copyright (c) 2013 Lebedev Vadim, abraham1901 at g mail dot c o m -# Licensed under the MIT License, http://opensource.org/licenses/MIT - class samba::server::ads($ensure = present, $winbind_acct = 'admin', $winbind_pass = 'SecretPass', @@ -25,30 +23,47 @@ class samba::server::ads($ensure = present, $map_readonly = 'no', $target_ou = 'Nix_Mashine') { + $krb5_user_package = $::osfamily ? { + 'RedHat' => 'krb5-workstation', + default => 'krb5-user', + } + + if $::osfamily == 'RedHat' { + if $::operatingsystemrelease =~ /^6\./ { + $winbind_package = 'samba-winbind' + } else { + $winbind_package = 'samba-common' + } + } else { + $winbind_package = 'winbind' + } + package{ - 'krb5-user': ensure => installed; - 'winbind': ensure => installed; - 'expect': ensure => installed; + $krb5_user_package: ensure => installed; + $winbind_package: ensure => installed; + 'expect': ensure => installed; } include samba::server::config include samba::server::winbind - $signal = 'samba::server::winbind' + # notify winbind + samba::server::option { + 'realm': value => $realm, + notify => Class['Samba::Server::Winbind']; + 'winbind uid': value => $winbind_uid, + notify => Class['Samba::Server::Winbind']; + 'winbind gid': value => $winbind_gid, + notify => Class['Samba::Server::Winbind']; + 'winbind enum groups': value => $winbind_enum_groups, + notify => Class['Samba::Server::Winbind']; + 'winbind enum users': value => $winbind_enum_users, + notify => Class['Samba::Server::Winbind']; + 'winbind use default domain': value => $winbind_use_default_domain, + notify => Class['Samba::Server::Winbind']; + } - set_samba_option { - 'realm': value => $realm, - signal => $signal; - 'winbind uid': value => $winbind_uid, - signal => $signal; - 'winbind gid': value => $winbind_gid, - signal => $signal; - 'winbind enum groups': value => $winbind_enum_groups, - signal => $signal; - 'winbind enum users': value => $winbind_enum_users, - signal => $signal; - 'winbind use default domain': value => $winbind_use_default_domain, - signal => $signal; + samba::server::option { 'acl group control': value => $acl_group_control; 'map acl inherit': value => $map_acl_inherit; 'inherit acls': value => $inherit_acls; @@ -61,14 +76,14 @@ class samba::server::ads($ensure = present, 'map readonly': value => $map_readonly; } - $nss_file='etc/nsswitch.conf' + $nss_file = 'etc/nsswitch.conf' - $changes=$nsswitch ? { + $changes = $nsswitch ? { true => [ - "set database[. = 'passwd']/service[1] compat", - "set database[. = 'passwd']/service[2] winbind", - "set database[. = 'group']/service[1] compat", - "set database[. = 'group']/service[2] winbind", + 'set database[. = "passwd"]/service[1] compat', + 'set database[. = "passwd"]/service[2] winbind', + 'set database[. = "group"]/service[1] compat', + 'set database[. = "group"]/service[2] winbind', ], false => [ "rm /files/${nss_file}/database[. = 'passwd']/service[. = 'winbind']", @@ -86,12 +101,12 @@ class samba::server::ads($ensure = present, path => '/sbin/verify_active_directory', owner => root, group => root, - mode => "0755", + mode => '0755', content => template("${module_name}/verify_active_directory.erb"), - require => [ Package['krb5-user', 'winbind', 'expect'], + require => [ Package[$krb5_user_package, $winbind_package, 'expect'], Augeas['samba-realm', 'samba-security', 'samba-winbind enum users', 'samba-winbind enum groups', 'samba-winbind uid', 'samba-winbind gid', - 'samba-winbind use default domain'] ], + 'samba-winbind use default domain'], Service['winbind'] ], } file {'configure_active_directory': @@ -99,18 +114,18 @@ class samba::server::ads($ensure = present, path => '/sbin/configure_active_directory', owner => root, group => root, - mode => "0755", + mode => '0755', content => template("${module_name}/configure_active_directory.erb"), - require => [ Package['krb5-user', 'winbind', 'expect'], + require => [ Package[$krb5_user_package, $winbind_package, 'expect'], Augeas['samba-realm', 'samba-security', 'samba-winbind enum users', 'samba-winbind enum groups', 'samba-winbind uid', 'samba-winbind gid', - 'samba-winbind use default domain'] ], + 'samba-winbind use default domain'], Service['winbind'] ], } exec {'join-active-directory': # join the domain configured in samba.conf command => '/sbin/configure_active_directory -j', unless => '/sbin/verify_active_directory', - require => [ File['configure_active_directory', 'verify_active_directory'], Class['samba::server::winbind'] ], + require => [ File['configure_active_directory', 'verify_active_directory'], Service['winbind'] ], } } diff --git a/manifests/server/config.pp b/manifests/server/config.pp index d51e432..eb9b78e 100644 --- a/manifests/server/config.pp +++ b/manifests/server/config.pp @@ -1,10 +1,11 @@ +# == Class samba::server::config +# class samba::server::config { - file { '/etc/samba': - ensure => directory, - owner => 'root', - group => 'root', - mode => '0755', + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755', } file { '/etc/samba/smb.conf': @@ -15,5 +16,4 @@ class samba::server::config { require => [File['/etc/samba'], Class['samba::server::install']], notify => Class['samba::server::service'] } - } diff --git a/manifests/server/install.pp b/manifests/server/install.pp index 1454bfe..ec98a49 100644 --- a/manifests/server/install.pp +++ b/manifests/server/install.pp @@ -1,5 +1,7 @@ +# == Class samba::server::install +# class samba::server::install { package { 'samba': ensure => installed } -}
\ No newline at end of file +} diff --git a/manifests/server/option.pp b/manifests/server/option.pp new file mode 100644 index 0000000..bf491e8 --- /dev/null +++ b/manifests/server/option.pp @@ -0,0 +1,21 @@ +# == Define samba::server::option +# +define samba::server::option ( $value = '' ) { + $incl = $samba::server::incl + $context = $samba::server::context + $target = $samba::server::target + + $changes = $value ? { + '' => "rm ${target}/${name}", + default => "set \"${target}/${name}\" \"${value}\"", + } + + augeas { "samba-${name}": + incl => $incl, + lens => 'Samba.lns', + context => $context, + changes => $changes, + require => Augeas['global-section'], + notify => Class['Samba::Server::Service'] + } +} diff --git a/manifests/server/params.pp b/manifests/server/params.pp new file mode 100644 index 0000000..be9e01b --- /dev/null +++ b/manifests/server/params.pp @@ -0,0 +1,38 @@ +# == Class samba::server::params +# +class samba::server::params { + case $::osfamily { + 'Redhat': { $service_name = 'smb' } + 'Debian': { + case $::operatingsystem { + 'Debian': { + case $::operatingsystemmajrelease { + '8' : { $service_name = 'smbd' } + default: { $service_name = 'samba' } + } + } + 'Ubuntu': { + $service_name = 'smbd' + $nmbd_name = 'nmbd' + } + default: { $service_name = 'samba' } + } + } + 'Gentoo': { $service_name = 'samba' } + 'Archlinux': { + $service_name = 'smbd' + $nmbd_name = 'nmbd' + } + + # Currently Gentoo has $::osfamily = "Linux". This should change in + # Factor 1.7.0 <http://projects.puppetlabs.com/issues/17029>, so + # adding workaround. + 'Linux': { + case $::operatingsystem { + 'Gentoo': { $service_name = 'samba' } + default: { fail("${::operatingsystem} is not supported by this module.") } + } + } + default: { fail("${::osfamily} is not supported by this module.") } + } +} diff --git a/manifests/server/service.pp b/manifests/server/service.pp index 6d24cad..68db2d6 100644 --- a/manifests/server/service.pp +++ b/manifests/server/service.pp @@ -1,27 +1,24 @@ -class samba::server::service ($ensure = running, $enable = true) { - case $::osfamily { - Redhat: { $service_name = 'smb' } - Debian: { $service_name = 'samba' } - Gentoo: { $service_name = 'samba' } +# == Class samba::server::server +# +class samba::server::service ( + $ensure = running, + $enable = true +) inherits samba::server::params { - # Currently Gentoo has $::osfamily = "Linux". This should change in - # Factor 1.7.0 <http://projects.puppetlabs.com/issues/17029>, so - # adding workaround. - Linux: { - case $::operatingsystem { - Gentoo: { $service_name = 'samba' } - default: { fail("$::operatingsystem is not supported by this module.") } - } - } - default: { fail("$::osfamily is not supported by this module.") } - } - - service { "$service_name" : - ensure => $ensure, - hasstatus => true, - hasrestart => true, - enable => $enable, - require => Class['samba::server::config'] + service { $samba::server::params::service_name : + ensure => $ensure, + hasstatus => true, + hasrestart => true, + enable => $enable, + require => Class['samba::server::config'] } + if $samba::server::params::nmbd_name != undef { + service { $samba::server::params::nmbd_name : + ensure => $ensure, + hasrestart => false, + enable => $enable, + require => Class['samba::server::config'], + } + } } diff --git a/manifests/server/share.pp b/manifests/server/share.pp index b4eb02f..b0690bb 100644..100755 --- a/manifests/server/share.pp +++ b/manifests/server/share.pp @@ -1,209 +1,195 @@ +# == Define samba::server::share +# define samba::server::share($ensure = present, + $available = '', $browsable = '', $comment = '', $copy = '', $create_mask = '', $directory_mask = '', $force_create_mask = '', - $force_directory_mask = '', + $force_directory_mode = '', $force_group = '', $force_user = '', - $guest_account = '', $guest_ok = '', $guest_only = '', + $hide_unreadable = '', $path = '', + $op_locks = '', + $level2_oplocks = '', + $veto_oplock_files = '', $read_only = '', $public = '', + $write_list = '', $writable = '', - $printable = '') { - + $printable = '', + $valid_users = '', + $follow_symlinks = '', + $wide_links = '', + $map_acl_inherit = '', + $store_dos_attributes = '', + $strict_allocate = '', + $hide_dot_files = '', + ) { + + $incl = $samba::server::incl $context = $samba::server::context - $target = "target[. = '${name}']" + $target = "target[. = '${name}']" + + $section_changes = $ensure ? { + present => "set ${target} '${name}'", + default => "rm ${target} '${name}'", + } augeas { "${name}-section": + incl => $incl, + lens => 'Samba.lns', context => $context, - changes => $ensure ? { - present => "set ${target} '${name}'", - default => "rm ${target} '${name}'", - }, + changes => $section_changes, require => Class['samba::server::config'], notify => Class['samba::server::service'] } if $ensure == 'present' { - augeas { "${name}-browsable": - context => $context, - changes => $browsable ? { - true => "set ${target}/browsable yes", - false => "set ${target}/browsable no", - default => "rm ${target}/browsable", - }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-comment": - context => $context, - changes => $comment ? { - default => "set ${target}/comment '${comment}'", - '' => "rm ${target}/comment", - }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-copy": - context => $context, - changes => $copy ? { - default => "set ${target}/copy '${copy}'", - '' => "rm ${target}/copy", - }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-create_mask": - context => $context, - changes => $create_mask ? { + $changes = [ + $available ? { + true => "set \"${target}/available\" yes", + false => "set \"${target}/available\" no", + default => "rm \"${target}/available\"", + }, + $browsable ? { + true => "set \"${target}/browsable\" yes", + false => "set \"${target}/browsable\" no", + default => "rm \"${target}/browsable\"", + }, + $comment ? { + default => "set \"${target}/comment\" '${comment}'", + '' => "rm \"${target}/comment\"", + }, + $copy ? { + '' => "rm \"${target}/copy\"", + default => "set \"${target}/copy\" '${copy}'", + }, + $create_mask ? { + '' => "rm \"${target}/create mask\"", default => "set \"${target}/create mask\" '${create_mask}'", - '' => "rm \"${target}/create mask\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-directory_mask": - context => $context, - changes => $directory_mask ? { + $directory_mask ? { + '' => "rm \"${target}/directory mask\"", default => "set \"${target}/directory mask\" '${directory_mask}'", - '' => "rm \"${target}/directory mask\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-force_create_mask": - context => $context, - changes => $force_create_mask ? { + $force_create_mask ? { + '' => "rm \"${target}/force create mask\"", default => "set \"${target}/force create mask\" '${force_create_mask}'", - '' => "rm \"${target}/force create mask\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-force_directory_mask": - context => $context, - changes => $force_directory_mask ? { - default => "set \"${target}/force directory mask\" '${force_directory_mask}'", - '' => "rm \"${target}/force directory mask\"", + $force_directory_mode ? { + '' => "rm \"${target}/force directory mode\"", + default => "set \"${target}/force directory mode\" '${force_directory_mode}'", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-force_group": - context => $context, - changes => $force_group ? { + $force_group ? { + '' => "rm \"${target}/force group\"", default => "set \"${target}/force group\" '${force_group}'", - '' => "rm \"${target}/force group\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-force_user": - context => $context, - changes => $force_user ? { + $force_user ? { + '' => "rm \"${target}/force user\"", default => "set \"${target}/force user\" '${force_user}'", - '' => "rm \"${target}/force user\"", - }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-guest_account": - context => $context, - changes => $guest_account ? { - default => "set \"${target}/guest account\" '${guest_account}'", - '' => "rm \"${target}/guest account\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-guest_ok": - context => $context, - changes => $guest_ok ? { + $guest_ok ? { true => "set \"${target}/guest ok\" yes", false => "set \"${target}/guest ok\" no", - default => "rm \"${target}/guest ok\"", + default => "rm \"${target}/guest ok\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-guest_only": - context => $context, - changes => $guest_only ? { + $guest_only ? { true => "set \"${target}/guest only\" yes", false => "set \"${target}/guest only\" no", - default => "rm \"${target}/guest only\"", + default => "rm \"${target}/guest only\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-path": - context => $context, - changes => $path ? { + $hide_unreadable ? { + true => "set \"${target}/hide unreadable\" yes", + false => "set \"${target}/hide unreadable\" no", + default => "rm \"${target}/hide unreadable\"", + }, + $path ? { default => "set ${target}/path '${path}'", - '' => "rm ${target}/path", + '' => "rm ${target}/path", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-read_only": - context => $context, - changes => $read_only ? { + $read_only ? { true => "set \"${target}/read only\" yes", false => "set \"${target}/read only\" no", - default => "rm \"${target}/read_only\"", + default => "rm \"${target}/read only\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-public": - context => $context, - changes => $public ? { + $public ? { true => "set \"${target}/public\" yes", false => "set \"${target}/public\" no", - default => "rm \"${target}/public\"", + default => "rm \"${target}/public\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-writable": - context => $context, - changes => $writable ? { + $writable ? { true => "set \"${target}/writable\" yes", false => "set \"${target}/writable\" no", - default => "rm \"${target}/writable\"", + default => "rm \"${target}/writable\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-printable": - context => $context, - changes => $printable ? { + $printable ? { true => "set \"${target}/printable\" yes", false => "set \"${target}/printable\" no", - default => "rm \"${target}/printable\"", + default => "rm \"${target}/printable\"", + }, + $follow_symlinks ? { + true => "set \"${target}/follow symlinks\" yes", + false => "set \"${target}/follow symlinks\" no", + default => "rm \"${target}/follow symlinks\"", }, + $wide_links ? { + true => "set \"${target}/wide links\" yes", + false => "set \"${target}/wide links\" no", + default => "rm \"${target}/wide links\"", + }, + $map_acl_inherit ? { + true => "set \"${target}/map acl inherit\" yes", + false => "set \"${target}/map acl inherit\" no", + default => "rm \"${target}/map acl inherit\"", + }, + $store_dos_attributes ? { + true => "set \"${target}/store dos attributes\" yes", + false => "set \"${target}/store dos attributes\" no", + default => "rm \"${target}/store dos attributes\"", + }, + $strict_allocate ? { + true => "set \"${target}/strict allocate\" yes", + false => "set \"${target}/strict allocate\" no", + default => "rm \"${target}/strict allocate\"", + }, + $valid_users ? { + '' => "rm \"${target}/valid users\"", + default => "set \"${target}/valid users\" '${valid_users}'", + }, + $op_locks ? { + '' => "rm \"${target}/oplocks\"", + default => "set \"${target}/oplocks\" '${op_locks}'", + }, + $level2_oplocks ? { + '' => "rm \"${target}/level2 oplocks\"", + default => "set \"${target}/level2 oplocks\" '${level2_oplocks}'", + }, + $veto_oplock_files ? { + '' => "rm \"${target}/veto oplock files\"", + default => "set \"${target}/veto oplock files\" '${veto_oplock_files}'", + }, + $write_list ? { + '' => "rm \"${target}/write list\"", + default => "set \"${target}/write list\" '${write_list}'", + }, + $hide_dot_files ? { + true => "set \"${target}/hide dot files\" yes", + false => "set \"${target}/hide dot files\" no", + default => "rm \"${target}/hide dot files\"", + }, + ] + + augeas { "${name}-changes": + incl => $incl, + lens => 'Samba.lns', + context => $context, + changes => $changes, require => Augeas["${name}-section"], notify => Class['samba::server::service'] } diff --git a/manifests/server/user.pp b/manifests/server/user.pp new file mode 100644 index 0000000..d10a602 --- /dev/null +++ b/manifests/server/user.pp @@ -0,0 +1,15 @@ +# == Class samba::server::user +# +define samba::server::user ( + $password, + $user_name = $name, +) { + require ::samba::server::install + + exec { "add smb account for ${user_name}": + command => "/bin/echo -e '${password}\\n${password}\\n' | /usr/bin/pdbedit --password-from-stdin -a '${user_name}'", + unless => "/usr/bin/pdbedit '${user_name}'", + require => [ User[$user_name] ], + notify => Class['samba::server::service'] #TODO: Is this really required?? + } +} diff --git a/manifests/server/winbind.pp b/manifests/server/winbind.pp index 76136b9..a379bb7 100644 --- a/manifests/server/winbind.pp +++ b/manifests/server/winbind.pp @@ -1,16 +1,13 @@ +# == Class samba::server::winbind +# class samba::server::winbind ($ensure = running, $enable = true) { $service_name = 'winbind' - notify { 'winbind-service': - message => 'Check winbind service', - } - service { $service_name: - ensure => $ensure, - hasstatus => true, - hasrestart => true, - enable => $enable, - require => Class['samba::server::config'] + ensure => $ensure, + hasstatus => true, + hasrestart => true, + enable => $enable, + require => Class['samba::server::config'] } - } |