PageRenderTime 48ms CodeModel.GetById 20ms RepoModel.GetById 0ms app.codeStats 0ms

/samba/manifests/init.pp

https://bitbucket.org/tmakinen/puppet
Puppet | 445 lines | 311 code | 54 blank | 80 comment | 7 complexity | 9e5c1cb041447493e47c0ad995c413de MD5 | raw file
  1. # Install Samba client tools
  2. #
  3. class samba::client {
  4. case $::operatingsystem {
  5. "openbsd": { $package = "samba" }
  6. default: { $package = "samba-client" }
  7. }
  8. package { $package:
  9. ensure => installed,
  10. }
  11. }
  12. # Add included samba configuration files
  13. #
  14. # This class is used internally by samba to override various configs.
  15. #
  16. class samba::server::configs {
  17. file { "/etc/samba/smb.conf.d/print.conf":
  18. ensure => present,
  19. content => "load printers = no\nprintcap name = /dev/null\n",
  20. mode => "0644",
  21. owner => "root",
  22. group => $::operatingsystem ? {
  23. "openbsd" => "wheel",
  24. default => "root",
  25. },
  26. require => File["/etc/samba/smb.conf.d"],
  27. notify => Service["smb"],
  28. }
  29. file { "/etc/samba/smb.conf.d/domain.conf":
  30. ensure => present,
  31. content => "os level = 20\n",
  32. mode => "0644",
  33. owner => "root",
  34. group => $::operatingsystem ? {
  35. "openbsd" => "wheel",
  36. default => "root",
  37. },
  38. require => File["/etc/samba/smb.conf.d"],
  39. notify => Service["smb"],
  40. }
  41. file { "/etc/samba/smb.conf.d/wins.conf":
  42. ensure => present,
  43. content => $samba_wins ? {
  44. "" => "name resolve order = lmhosts host bcast\n",
  45. default => "name resolve order = lmhosts host wins bcast\nwins server = ${samba_wins}\n",
  46. },
  47. mode => "0644",
  48. owner => "root",
  49. group => $::operatingsystem ? {
  50. "openbsd" => "wheel",
  51. default => "root",
  52. },
  53. require => File["/etc/samba/smb.conf.d"],
  54. notify => Service["smb"],
  55. }
  56. }
  57. # Install Samba server
  58. #
  59. # === Parameters
  60. #
  61. # $auth:
  62. # Server authentication type. Valid values are tdbsam, ldap, ad and
  63. # domain. Default is tdbsam.
  64. # $description:
  65. # Server description. Defaults to "Samba Server Version %v".
  66. # $interfaces:
  67. # Array of intefaces samba should listen to. See "interfaces" option
  68. # from smb.conf manual page for syntax. Localhost interface is
  69. # added automatically. Defaults to all active interfaces.
  70. # $names:
  71. # Array of NetBIOS names that host will be advertised. Defaults to
  72. # [$::hostname].
  73. # $workgroup:
  74. # Workgroup or domain name. For ad authentication this needs to be
  75. # full ad realm name.
  76. # $localconf:
  77. # Source of optional local configuration.
  78. # $charset:
  79. # Charset the unix machine Samba runs on uses. Defaults to iso-8859-1.
  80. #
  81. # === Global variables
  82. #
  83. # $samba_wins:
  84. # WINS server address
  85. #
  86. # $ldap_server:
  87. # LDAP server URI's to use. Only used when $auth is set to ldap.
  88. # $ldap_basedn:
  89. # LDAP basedn. Only used when $auth is set to ldap.
  90. #
  91. # $samba_join_user:
  92. # Username to use when joining to domain. Only used when $auth is
  93. # set to domain.
  94. # $samba_join_pass:
  95. # Password to use when joining to domain. Only used when $auth is
  96. # set to domain.
  97. #
  98. class samba::server(
  99. $names=[$::hostname],
  100. $auth="tdbsam",
  101. $workgroup="WORKGROUP",
  102. $description="Samba Server Version %v",
  103. $charset="iso-8859-1",
  104. $interfaces=undef,
  105. $localconf=undef,
  106. ) {
  107. require samba::client
  108. include samba::server::configs
  109. if $::operatingsystem != "OpenBSD" {
  110. package { "samba":
  111. ensure => installed,
  112. }
  113. }
  114. file { "/etc/samba/smb.conf":
  115. ensure => present,
  116. content => template("samba/smb.conf.erb"),
  117. mode => "0644",
  118. owner => "root",
  119. group => $::operatingsystem ? {
  120. "openbsd" => "wheel",
  121. default => "root",
  122. },
  123. require => Package["samba"],
  124. notify => Service["smb"],
  125. }
  126. file { "/etc/samba/smb.conf.d":
  127. ensure => directory,
  128. mode => "0755",
  129. owner => "root",
  130. group => $::operatingsystem ? {
  131. "openbsd" => "wheel",
  132. default => "root",
  133. },
  134. purge => true,
  135. require => Package["samba"],
  136. }
  137. exec { "generate-samba-shares-conf":
  138. command => "find /etc/samba/smb.conf.d/share-*.conf -exec echo 'include = {}' \\; > /etc/samba/smb.conf.d/shares.conf",
  139. path => "/bin:/usr/bin:/sbin:/usr/sbin",
  140. refreshonly => true,
  141. notify => Service["smb"],
  142. }
  143. file { "/etc/samba/smb.conf.d/shares.conf":
  144. ensure => present,
  145. mode => "0644",
  146. owner => "root",
  147. group => $::operatingsystem ? {
  148. "openbsd" => "wheel",
  149. default => "root",
  150. },
  151. }
  152. if $localconf {
  153. file { "/etc/samba/smb.conf.d/local.conf":
  154. ensure => present,
  155. mode => "0644",
  156. owner => "root",
  157. group => $::operatingsystem ? {
  158. "openbsd" => "wheel",
  159. default => "root",
  160. },
  161. source => $localconf,
  162. notify => Service["smb"],
  163. }
  164. }
  165. file { "/etc/samba/lmhosts":
  166. ensure => present,
  167. source => [ "puppet:///files/samba/lmhosts.${::homename}",
  168. "puppet:///files/samba/lmhosts",
  169. "puppet:///modules/samba/lmhosts", ],
  170. mode => "0644",
  171. owner => "root",
  172. group => $::operatingsystem ? {
  173. "openbsd" => "wheel",
  174. default => "root",
  175. },
  176. require => Package["samba"],
  177. }
  178. case $auth {
  179. "ldap": {
  180. exec { "smbpasswd -w":
  181. command => "smbpasswd -w \"\${SECRET}\"",
  182. environment => "SECRET=${samba_ldap_pass}",
  183. path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
  184. unless => "fgrep SECRETS/LDAP_BIND_PW /var/lib/samba/private/secrets.tdb",
  185. require => File["/etc/samba/smb.conf"],
  186. notify => Service["smb"],
  187. }
  188. }
  189. "domain": {
  190. exec { "net join":
  191. command => "net join -U ${samba_join_user}%\"\${SECRET}\"",
  192. environment => "SECRET=${samba_join_pass}",
  193. path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
  194. unless => "net rpc testjoin",
  195. require => Service["smb"],
  196. }
  197. }
  198. "ad": {
  199. exec { "net ads join":
  200. command => "net ads join -U ${samba_join_user}%\"\${SECRET}\"",
  201. environment => "SECRET=${samba_join_pass}",
  202. path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
  203. unless => "net ads testjoin",
  204. require => Service["smb"],
  205. }
  206. }
  207. }
  208. service { "smb":
  209. ensure => running,
  210. enable => true,
  211. name => $::operatingsystem ? {
  212. "openbsd" => "smbd",
  213. "ubuntu" => "smbd",
  214. default => "smb",
  215. },
  216. }
  217. service { "nmb":
  218. name => $::operatingsystem ? {
  219. "openbsd" => "nmbd",
  220. "ubuntu" => "nmbd",
  221. default => "nmb",
  222. },
  223. ensure => running,
  224. enable => true,
  225. subscribe => Service["smb"],
  226. }
  227. }
  228. # Add WINS server role to Samba server
  229. #
  230. class samba::server::wins inherits samba::server::configs {
  231. File["/etc/samba/smb.conf.d/wins.conf"] {
  232. content => "name resolve order = lmhosts host wins bcast\nwins support = true\ndns proxy = true\n",
  233. }
  234. }
  235. # Add Primary Domain Controller role to Samba server
  236. #
  237. class samba::server::pdc($datadir="/srv/netlogon") inherits samba::server::configs {
  238. if $datadir != "/srv/netlogon" {
  239. file { "/srv/netlogon":
  240. ensure => link,
  241. target => $datadir,
  242. owner => "root",
  243. group => $::operatingsystem ? {
  244. "openbsd" => "wheel",
  245. default => "root",
  246. },
  247. seltype => "samba_share_t",
  248. before => Service["smb"],
  249. }
  250. selinux::manage_fcontext { "/srv/netlogon(/.*)?":
  251. type => "samba_share_t",
  252. before => File["/srv/netlogon"],
  253. }
  254. }
  255. file { $datadir:
  256. ensure => directory,
  257. mode => "0755",
  258. owner => "root",
  259. group => $::operatingsystem ? {
  260. "openbsd" => "wheel",
  261. default => "root",
  262. },
  263. seltype => "samba_share_t",
  264. before => Service["smb"],
  265. }
  266. selinux::manage_fcontext { "${datadir}(/.*)?":
  267. type => "samba_share_t",
  268. before => File[$datadir],
  269. }
  270. samba::server::share { "netlogon":
  271. path => "/srv/netlogon",
  272. comment => "Network Logon Service",
  273. readonly => true,
  274. options => [ "locking = no", "guest ok = yes", ],
  275. }
  276. File["/etc/samba/smb.conf.d/domain.conf"] {
  277. content => template("samba/domain.conf-pdc.erb"),
  278. }
  279. }
  280. # Add Backup Domain Controller role to Samba server
  281. #
  282. class samba::server::bdc inherits samba::server::pdc {
  283. file { "/usr/local/sbin/sync-netlogon":
  284. ensure => present,
  285. source => "puppet:///modules/samba/sync-netlogon",
  286. mode => "0755",
  287. owner => "root",
  288. group => "root",
  289. }
  290. cron { "sync-netlogon":
  291. command => "/usr/local/sbin/sync-netlogon",
  292. minute => "52",
  293. user => "root",
  294. require => File["/usr/local/sbin/sync-netlogon"],
  295. }
  296. File["/etc/samba/smb.conf.d/domain.conf"] {
  297. content => template("samba/domain.conf-bdc.erb"),
  298. }
  299. }
  300. # Add Home directory server role to Samba server
  301. #
  302. class samba::server::homes {
  303. if !defined(Selinux::Boolean["samba_enable_home_dirs"]) {
  304. selinux::boolean { "samba_enable_home_dirs":
  305. value => "on",
  306. before => Service["smb"],
  307. }
  308. }
  309. samba::server::share { "homes":
  310. path => "%H",
  311. comment => "Home Directories",
  312. options => [ "veto files = /.windows/", "browseable = no", ],
  313. }
  314. }
  315. # Add Profile server role to Samba server
  316. #
  317. class samba::server::profiles {
  318. if !defined(Selinux::Boolean["samba_enable_home_dirs"]) {
  319. selinux::boolean { "samba_enable_home_dirs":
  320. value => "on",
  321. before => Service["smb"],
  322. }
  323. }
  324. selinux::boolean { "samba_create_home_dirs":
  325. value => on,
  326. before => Service["smb"],
  327. }
  328. file { "/srv/profiles":
  329. ensure => directory,
  330. mode => "0755",
  331. owner => "root",
  332. group => $::operatingsystem ? {
  333. "openbsd" => "wheel",
  334. default => "root",
  335. },
  336. seltype => "samba_share_t",
  337. before => Service["smb"],
  338. }
  339. selinux::manage_fcontext { "/srv/profiles(/.*)?":
  340. type => "samba_share_t",
  341. before => File["/srv/profiles"],
  342. }
  343. samba::server::share { "profiles":
  344. path => "/srv/profiles",
  345. comment => "Roaming Profiles",
  346. options => [
  347. "wide links = yes",
  348. "profile acls = yes",
  349. "root preexec = sh -c 'umask 022 ; ( [ -h /srv/profiles/%U ] || ln -s %H/.windows/profile /srv/profiles/%U ) ; ( [ -h /srv/profiles/%U.V2 ] || ln -s %H/.windows/vista /srv/profiles/%U.V2 )'",
  350. "preexec = sh -c 'umask 077; mkdir -p %H/.windows/profile %H/.windows/vista'",
  351. ],
  352. }
  353. }
  354. # Add new share to Samba server
  355. #
  356. # === Parameters
  357. #
  358. # $name:
  359. # Share name
  360. # $path:
  361. # Directory to share
  362. # $comment:
  363. # Share description. Defaults to $name.
  364. # $readonly:
  365. # Set to true to make share read only.
  366. # $options:
  367. # Array of extra options to add for share.
  368. #
  369. # === Sample usage
  370. #
  371. # samba::server::share { "r-sysadm":
  372. # comment => "Role: sysadm",
  373. # path => "/roles/sysadm",
  374. # options => [ "hide files = /desktop.ini/Desktop.ini/" ],
  375. # }
  376. #
  377. define samba::server::share($path, $comment=undef, $readonly=undef,
  378. $options=[]) {
  379. file { "/etc/samba/smb.conf.d/share-${name}.conf":
  380. ensure => present,
  381. content => template("samba/share.conf.erb"),
  382. mode => "0644",
  383. owner => "root",
  384. group => $::operatingsystem ? {
  385. "openbsd" => "wheel",
  386. default => "root",
  387. },
  388. require => File["/etc/samba/smb.conf.d"],
  389. notify => Exec["generate-samba-shares-conf"]
  390. }
  391. }