diff --git a/.gitignore b/.gitignore index a4563bf..898003d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ .DS_Store -pkg/ \ No newline at end of file +pkg/ +.idea/ +*~ diff --git a/README.md b/README.md index 6bb9a79..fb7b834 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Module for provisioning Samba -Tested on Ubuntu 12.04, CentOS 6.3, patches to support other operating systems are welcome. +Tested on Ubuntu 12.04, CentOS 6.3, SLES 11 SP2 patches to support other operating systems are welcome. ## Installation @@ -34,7 +34,7 @@ Tweak and add the following to your site manifest: guest_account => "guest", browsable => false, create_mask => 0777, - force_create_mask => 0777, + force_create_mode => 0777, directory_mask => 0777, force_directory_mask => 0777, force_group => 'group', @@ -86,3 +86,4 @@ Most configuration options are optional. This module is released under the MIT license: * [http://www.opensource.org/licenses/MIT](http://www.opensource.org/licenses/MIT) + diff --git a/manifests/init.pp b/manifests/init.pp index 8a914a4..0de6d91 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,7 +1,7 @@ -class samba { +class samba inherits samba::params { include samba::server if samba::server::security == 'ads' { include samba::server::ads } -} \ No newline at end of file +} diff --git a/manifests/params.pp b/manifests/params.pp new file mode 100644 index 0000000..ebf834b --- /dev/null +++ b/manifests/params.pp @@ -0,0 +1,28 @@ +# Class: samba::params +# +# This class defines default parameters used by the main module class samba +# Operating Systems differences in names and paths are addressed here +# +# == Variables +# +# Refer to samba class for the variables defined here. +# +# == Usage +# +# This class is not intended to be used directly. +# It may be imported or inherited by other classes +# +class samba::params { + $services = $::osfamily ? { + /(?i:RedHat)/ => 'smb', + /(?i:Debian)/ => 'smbd', + /(?i:Gentoo)/ => 'samba', + /(?i:Suse)/ => ['smb','nmb'], + default => 'smbd', + } + + $samba_config_dir = '/etc/samba' + $samba_config_file = '/etc/samba/smb.conf' +} + + diff --git a/manifests/server.pp b/manifests/server.pp index 0dfda00..2020754 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -2,18 +2,21 @@ $security = '', $server_string = '', $unix_password_sync = '', - $workgroup = '') { + $workgroup = '', + $bind_interfaces_only = true, + $realm = '', + $machine_password_timeout = '', + $unix_extensions = '') inherits samba { include samba::server::install include samba::server::config include samba::server::service - $incl = '/etc/samba/smb.conf' - $context = "/files/etc/samba/smb.conf" - $target = "target[. = 'global']" + $context = "/files${samba_config_file}" + $target = "target[. = 'global']" augeas { 'global-section': - incl => $incl, + incl => "${samba_config_file}", lens => 'Samba.lns', context => $context, changes => "set ${target} global", @@ -21,29 +24,38 @@ notify => Class['samba::server::service'] } - set_samba_option { - 'interfaces': value => $interfaces; - 'bind interfaces only': value => 'yes'; - 'security': value => $security; - 'server string': value => $server_string; - 'unix password sync': value => $unix_password_sync; - 'workgroup': value => $workgroup; + 'interfaces': value => $interfaces; + 'bind interfaces only': value => $bind_interfaces_only, bool => true; + 'security': value => $security; + 'server string': value => $server_string; + 'unix password sync': value => $unix_password_sync; + 'workgroup': value => $workgroup; + 'realm': value => $realm; + 'machine password timeout': value => $machine_password_timeout; + 'unix extensions': value => $unix_extensions, bool => true; } } -define set_samba_option ( $value = '', $signal = 'samba::server::service' ) { - $incl = $samba::server::incl +define set_samba_option ( $value = '', $signal = 'samba::server::service', $bool = false ) { $context = $samba::server::context $target = $samba::server::target - - $changes = $value ? { - default => "set \"${target}/$name\" \"$value\"", - '' => "rm ${target}/$name", + if ($bool) { + $changes = $value ? { + true => "set \"${target}/$name\" yes", + false => "set \"${target}/$name\" no", + default => "rm ${target}/$name" + } + } + else { + $changes = $value ? { + default => "set \"${target}/$name\" \"$value\"", + '' => "rm ${target}/$name", + } } augeas { "samba-$name": - incl => $incl, + incl => "${samba_config_file}", lens => 'Samba.lns', context => $context, changes => $changes, diff --git a/manifests/server/config.pp b/manifests/server/config.pp index d51e432..26b3399 100644 --- a/manifests/server/config.pp +++ b/manifests/server/config.pp @@ -1,19 +1,19 @@ -class samba::server::config { +class samba::server::config inherits samba { - file { '/etc/samba': + file { "${samba_config_dir}": ensure => directory, owner => 'root', group => 'root', mode => '0755', } - file { '/etc/samba/smb.conf': + file { "${samba_config_file}": ensure => present, owner => 'root', group => 'root', - mode => '0644', + mode => '0444', require => [File['/etc/samba'], Class['samba::server::install']], notify => Class['samba::server::service'] } - } + diff --git a/manifests/server/install.pp b/manifests/server/install.pp index 1454bfe..5e9fdb5 100644 --- a/manifests/server/install.pp +++ b/manifests/server/install.pp @@ -2,4 +2,4 @@ package { 'samba': ensure => installed } -} \ No newline at end of file +} diff --git a/manifests/server/service.pp b/manifests/server/service.pp index 4bbe47f..7a7b925 100644 --- a/manifests/server/service.pp +++ b/manifests/server/service.pp @@ -1,27 +1,10 @@ -class samba::server::service ($ensure = running, $enable = true) { - case $::osfamily { - Redhat: { $service_name = 'smb' } - Debian: { $service_name = 'smbd' } - Gentoo: { $service_name = 'samba' } - - # Currently Gentoo has $::osfamily = "Linux". This should change in - # Factor 1.7.0 , so - # adding workaround. - Linux: { - case $::operatingsystem { - Gentoo: { $service_name = 'samba' } - default: { fail("$::operatingsystem is not supported by this module.") } - } - } - default: { fail("$::osfamily is not supported by this module.") } - } - - service { "$service_name" : +class samba::server::service ($ensure = running, $enable = true) inherits samba { + service { $services: ensure => $ensure, hasstatus => true, hasrestart => true, enable => $enable, require => Class['samba::server::config'] } - } + diff --git a/manifests/server/share.pp b/manifests/server/share.pp index b8e508c..c15f6fd 100644 --- a/manifests/server/share.pp +++ b/manifests/server/share.pp @@ -4,8 +4,8 @@ $copy = '', $create_mask = '', $directory_mask = '', - $force_create_mask = '', - $force_directory_mask = '', + $force_create_mode = '', + $force_directory_mode = '', $force_group = '', $force_user = '', $guest_account = '', @@ -15,13 +15,16 @@ $read_only = '', $public = '', $writable = '', - $printable = '') { - $incl = $samba::server::incl - $context = $samba::server::context - $target = "target[. = '${name}']" + $printable = '', + $wide_links = '', + $follow_symlinks = '', + $valid_users = '') { + $config_file = $samba::params::samba_config_file + $target = "target[. = '${name}']" + $context = $samba::server::context augeas { "${name}-section": - incl => $incl, + incl => "${config_file}", lens => 'Samba.lns', context => $context, changes => $ensure ? { @@ -35,17 +38,17 @@ if $ensure == 'present' { $changes = [ $browsable ? { - true => "set \"${target}/browsable\" yes", - false => "set \"${target}/browsable\" no", - default => "rm \"${target}/browsable\"", + true => "set \"${target}/browsable\" yes", + false => "set \"${target}/browsable\" no", + default => "rm \"${target}/browsable\"", }, $comment ? { - default => "set \"${target}/comment\" '${comment}'", - '' => "rm \"${target}/comment\"", + default => "set \"${target}/comment\" '${comment}'", + '' => "rm \"${target}/comment\"", }, $copy ? { - default => "set \"${target}/copy\" '${copy}'", - '' => "rm \"${target}/copy\"", + default => "set \"${target}/copy\" '${copy}'", + '' => "rm \"${target}/copy\"", }, $create_mask ? { default => "set \"${target}/create mask\" '${create_mask}'", @@ -55,13 +58,13 @@ default => "set \"${target}/directory mask\" '${directory_mask}'", '' => "rm \"${target}/directory mask\"", }, - $force_create_mask ? { - default => "set \"${target}/force create mask\" '${force_create_mask}'", - '' => "rm \"${target}/force create mask\"", + $force_create_mode ? { + default => "set \"${target}/force create mode\" '${force_create_mode}'", + '' => "rm \"${target}/force create mode\"", }, - $force_directory_mask ? { - default => "set \"${target}/force directory mask\" '${force_directory_mask}'", - '' => "rm \"${target}/force directory mask\"", + $force_directory_mode ? { + default => "set \"${target}/force directory mode\" '${force_directory_mode}'", + '' => "rm \"${target}/force directory mode\"", }, $force_group ? { default => "set \"${target}/force group\" '${force_group}'", @@ -109,10 +112,24 @@ false => "set \"${target}/printable\" no", default => "rm \"${target}/printable\"", }, + $wide_links ? { + true => "set \"${target}/wide links\" yes", + false => "set \"${target}/wide links\" no", + default => "rm \"${target}/wide links\"", + }, + $follow_symlinks ? { + true => "set \"${target}/follow symlinks\" yes", + false => "set \"${target}/follow symlinks\" no", + default => "rm \"${target}/follow symlinks\"", + }, + $valid_users ? { + default => "set \"${target}/valid users\" '${valid_users}'", + '' => "rm \"${target}/valid users\"", + }, ] augeas { "${name}-changes": - incl => $incl, + incl => "${config_file}", lens => 'Samba.lns', context => $context, changes => $changes, @@ -121,3 +138,4 @@ } } } + diff --git a/manifests/server/winbind.pp b/manifests/server/winbind.pp index 76136b9..9210e91 100644 --- a/manifests/server/winbind.pp +++ b/manifests/server/winbind.pp @@ -14,3 +14,4 @@ } } + diff --git a/templates/configure_active_directory.erb b/templates/configure_active_directory.erb index c860c78..4e80883 100644 --- a/templates/configure_active_directory.erb +++ b/templates/configure_active_directory.erb @@ -146,3 +146,4 @@ rm -f $KRB5CCNAME &> /dev/null || : fi [ "$success" = "true" ] && exit 0 || exit 1 + diff --git a/templates/verify_active_directory.erb b/templates/verify_active_directory.erb index 5a2a506..2284d27 100644 --- a/templates/verify_active_directory.erb +++ b/templates/verify_active_directory.erb @@ -105,3 +105,4 @@ fi [[ $success == "false" ]] && exit 1 exit 0 +