updates to samba roles

todo: set samba acl - currently manual via compmgmt.msc
todo: dynamic dns update?

roles/role-samba4-ad-member/defaults/main.yml

@@ -53,3 +53,11 @@ smb_multicastdns    : 'no'
 smb_dnssec          : 'no'
 smb_cache           : 'yes'
 smb_dnsstublistener : 'yes'
+
+#share defaults
+public_share_name: share
+public_share_path: /media/share
+private_share_name: private
+private_share_path: /media/private
+samba_group_name: Domain\ Users
+

roles/role-samba4-ad-member/tasks/main.yml

@@ -8,7 +8,18 @@
 #   Samba is the standard Windows interoperability 
 #   suite of programs for Linux and Unix.
 #
-
+- name: update hosts file
+  become: true
+  blockinfile:
+          dest: /etc/hosts
+          content: "{{ lookup('template', '{{ role_path }}/templates/hosts.j2') }}"
+          state: present
+  tags: update_hosts
+- name: set hostname
+  become: true
+  hostname:
+    name: '{{ inventory_hostname }}'
+  tags: set_hostname
 - name: "IFor OS: Ubuntu 20.04LTS, Arch: amd64"
   import_tasks: ubt-2004-amd64.yml
   when:
@@ -26,3 +37,35 @@
   when:
     - ansible_distribution_version == "18.04"
     - ansible_architecture == "x86_64"
+
+- name: "Check that {{ public_share_path }} exist"
+  stat:
+    path: "{{ public_share_path }}"
+  register: public_dir_exists
+
+- name: "Create {{ public_share_path }} directory"
+  become: yes
+  file:
+    state: directory
+    path: "{{ public_share_path }}"
+    owner: nobody
+    group: nogroup
+    mode: 0755
+    recurse: yes
+  when: public_dir_exists.stat.exists == False
+
+- name: "Check that {{ private_share_path }} exist"
+  stat:
+    path: "{{ private_share_path }}"
+  register: private_dir_exists
+
+- name: "Create {{ private_share_path }} directory"
+  become: yes
+  file:
+    state: directory
+    path: "{{ private_share_path }}"
+    owner: root 
+    group: "{{ samba_group_name }}"
+    mode: 1770
+  when: private_dir_exists.stat.exists == False
+

roles/role-samba4-ad-member/tasks/ubt-2004-amd64.yml

@@ -59,7 +59,8 @@
 - name: "Edit Fstab"
   replace:
     path: /etc/fstab
-    regexp: 'errors=remount-ro 0'
+    #regexp: 'errors=remount-ro 0'
+    regexp: 'defaults'
     replace: 'user_xattr,acl,barrier=1,errors=remount-ro,relatime 0'
     backup: yes
  

roles/role-samba4-ad-member/templates/hosts.j2

@@ -0,0 +1,8 @@
+{% for item in ansible_play_batch %}
+{{ hostvars[item].ansible_host }}	{{ item }}.demo.dsfinancial.com
+{% endfor %}
+
+{% for item in ansible_play_batch %}
+{{ hostvars[item].ansible_host }}	{{ item }}
+{% endfor %}
+

roles/role-samba4-ad-member/templates/smb.conf.j2

@@ -21,3 +21,24 @@ winbind offline logon = yes
 vfs objects = acl_xattr
 map acl inherit = Yes
 store dos attributes = Yes
+
+#### Public Share ####
+[{{ public_share_name }}]
+ path = {{ public_share_path }}
+ browsable =yes
+ writable = yes
+ guest ok = yes
+ read only = no
+ acl_xattr:ignore system acl = yes
+
+#### Private Share ####
+[{{ private_share_name }}]
+ path = {{ private_share_path }}
+ valid users = @{{ samba_group_name }}
+ guest ok = no
+ writable = yes
+ browsable = yes
+ create mask = 0700
+ directory mask = 0700
+ acl_xattr:ignore system acl = yes
+

roles/role-samba4-primary-ad-dc/tasks/ubuntu-2004-amd64.yml

@@ -128,7 +128,8 @@
 - name: "Edit Fstab"
   replace:
     path: /etc/fstab
-    regexp: 'errors=remount-ro 0'
+    #regexp: 'errors=remount-ro 0'
+    regexp: 'defaults'
     replace: 'user_xattr,acl,barrier=1,errors=remount-ro,relatime 0'
     backup: yes
 
@@ -147,4 +148,4 @@
     - udp
 
 - name: "Ubuntu login"
-  import_tasks: ubuntu-1804-amd64-login.yml
+  import_tasks: ubuntu-1804-amd64-login.yml

roles/role-samba4-primary-ad-dc/templates/hosts.j2

@@ -0,0 +1,7 @@
+{% for item in ansible_play_batch %}
+{{ hostvars[item].ansible_host }}	{{ item }}.demo.dsfinancial.com
+{% endfor %}
+
+{% for item in ansible_play_batch %}
+{{ hostvars[item].ansible_host }}	{{ item }}
+{% endfor %}

samba-dc.yml

@@ -1,14 +1,14 @@
-- hosts: adc01
+- hosts: dc01
   become: true
 
   vars:
     # -- Custom settings: role-samba4-primary-ad-dc --
-    smb_workgroup : 'LAB'
+    smb_workgroup : 'VSRAPOC'
-    smb_realm     : 'LAB.LOCAL' 
+    smb_realm     : 'VSRAPOC.DSFINANCIAL.COMCAST.NET'
     smb_username  : 'administrator'
     smb_password  : 'Password123'
     smb_role      : 'primary'
-    smb_dns_servers: '10.100.100.12'
+    smb_dns_servers: '10.1.10.10'
     smb_dns_forwarder: '8.8.8.8'
 
   roles:

samba.yml

@@ -1,49 +1,30 @@
----
+- hosts: dc01
-- hosts: samba
+  become: true
-  tasks:
+
-    - name: Install Samba Packages
+  vars:
-      become: yes
+    # -- Custom settings: role-samba4-primary-ad-dc --
-      apt:
+    smb_workgroup : 'VSRAPOC'
-        name: ['samba', 'smbclient','winbind','krb5-user','krb5-config','krb5-locales','winbind','libpam-winbind','libnss-winbind','dnsutils']
+    smb_realm     : 'VSRAPOC.DSFINANCIAL.COMCAST.NET'
-        state: present
+    smb_username  : 'administrator'
-        update_cache: true
+    smb_password  : 'Password123'
-    - name: stop samba services
+    smb_role      : 'primary'
-      become: yes
+    smb_dns_servers: '10.1.10.10'
-      command: systemctl stop "{{ item }}"
+    smb_dns_forwarder: '8.8.8.8'
-      ignore_errors: true
+
-      with_items:
+  roles:
-              - samba-ad-dc.service
+    - role-samba4-primary-ad-dc
-              - smbd.service
+
-              - nmbd.service
+- hosts: server01 server02
-              - winbind.service
+  become: true
-    - name: disable samba services
+
-      become: yes
+  vars:
-      command: systemctl disable "{{ item }}"
+    # -- Custom settings: role-samba4-primary-ad-dc --
-      ignore_errors: true
+    smb_workgroup : 'VSRAPOC'
-      with_items:
+    smb_realm     : 'VSRAPOC.DSFINANCIAL.COMCAST.NET'
-              - samba-ad-dc.service
+    smb_username  : 'administrator'
-              - smbd.service
+    smb_password  : 'Password123'
-              - nmbd.service
+    smb_dns_servers: '10.1.10.10'
-              - winbind.service
+
-    - name: set nsswitch service to use DNS resolution
+  roles:
-      become: yes
+    - role-samba4-ad-member
-      lineinfile:
+
-              path: /etc/nsswitch.conf
-              state: present
-              regexp: '^hosts:'
-              line: 'hosts:          files dns mdns4_minimal [NOTFOUND=return]'
-    - name: check if smb.conf exists
-      stat:
-              path: /etc/samba/smb.conf
-      register: stat_result
-    - name: rename default smb.conf
-      become: yes
-      shell: mv /etc/samba/smb.conf /etc/samba/smb.conf.backup
-      ignore_errors: true
-      tags: remove_default_samba_config
-    - name: delete default kerberos configuration if it exists
-      become: yes
-      file:
-              state: absent
-              path: "/etc/krb5.conf"
-      tags: remove_default_samba_config

test.yml

@@ -0,0 +1,13 @@
+---
+  - hosts: server02
+    tasks:
+            - name: test acl
+              ansible.posix.acl:
+                      path: /media/share
+
+            - name: test dns
+              community.windows.win_dns_record:
+                      name: "server02.vsrapoc.dsfinancial.comcast.net"
+                      type: "A"
+                      value: "10.1.10.14"
+                      zone: "vsrapoc.dsfinancial.comcast.net"