roles/fileserver: Deploy Samba file server

The *fileserver* role configures Samba as a file sharing server. It uses the *samba* role to handle cross-distribution installation of Samba itself, and is focused primarily on configuring shared folders.
2018-08-01 22:04:07 -05:00 · 2018-08-01 22:04:07 -05:00 · 84a5d66b7a
parent f078522d97
commit 84a5d66b7a
4 changed files with 67 additions and 0 deletions
--- a/roles/fileserver/defaults/main.yml
+++ b/roles/fileserver/defaults/main.yml
@ -0,0 +1,2 @@
+file_shares: []
+samba_use_smbd: true
--- a/roles/fileserver/handlers/main.yml
+++ b/roles/fileserver/handlers/main.yml
@ -0,0 +1,2 @@
+- name: save firewalld configuration
+  command: firewall-cmd --runtime-to-permanent
--- a/roles/fileserver/tasks/main.yml
+++ b/roles/fileserver/tasks/main.yml
@ -0,0 +1,46 @@
+- name: ensure samba is installed
+  package:
+    name=samba
+    state=present
+  tags:
+  - install
+
+- name: ensure shared paths exist
+  file:
+    path={{ item.path }}
+    mode={{ item.dir_mode|d('0755') }}
+    state=directory
+  with_items: '{{ samba_shares|selectattr("path", "defined")|list }}'
+
+- name: ensure samba shares are configured
+  template:
+    src=shares.conf.j2
+    dest=/etc/samba/shares.conf
+    mode=0644
+  notify: restart smbd
+
+- name: ensure smb service starts at boot
+  service:
+    name={{ smbd_svc }}
+    enabled=yes
+- meta: flush_handlers
+- name: ensure smb service is running
+  service:
+    name={{ smbd_svc }}
+    state=started
+
+- name: ensure samba is allowed in the firewall
+  firewalld:
+    service=samba
+    permanent=no
+    immediate=yes
+    state=enabled
+  notify: save firewalld configuration
+  tags:
+  - firewalld
+
+- name: ensure selinux allows samba to share home directories
+  seboolean:
+    name=samba_enable_home_dirs
+    persistent=yes
+    state=yes
--- a/roles/fileserver/templates/shares.conf.j2
+++ b/roles/fileserver/templates/shares.conf.j2
@ -0,0 +1,17 @@
+{% macro yesno(value) %}{{ 'Yes' if value|bool else 'No' }}{% endmacro %}
+{% for share in samba_shares %}
+
+[{{ share.name }}]
+{% if share.path is defined %}
+path = {{ share.path }}
+{% endif %}
+{% if share.browseable is defined %}
+browseable = {{ yesno(share.browseable) }}
+{% endif %}
+{% if share.writable is defined %}
+writable = {{ yesno(share.writable) }}
+{% endif %}
+{% if share.guest_ok is defined %}
+guest ok = {{ yesno(share.guest_ok) }}
+{% endif %}
+{% endfor %}