ansible/nis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactor samba-install.yml: update conditions for group checks and some further minor changes.

Browse Source
This commit is contained in:
Christoph
2026-05-26 13:15:09 +02:00
parent eed58ba811
commit 63344a4a29
1 changed files with 51 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files
roles/common/tasks/samba-install.yml
+51 -51
View File
@@ -9,12 +9,43 @@
pkg: "{{ apt_install_server_samba }}"
state: present
when:
- "groups['samba_server']|string is search(inventory_hostname)"
- inventory_hostname in groups['samba_server']
tags:
- samba-server
- name: (samba-install.yml) Ensure quarantine directory exists
file:
path: /data/samba/QUARANTINE
owner: root
group: root
mode: "0750"
state: directory
when:
- inventory_hostname in groups['samba_server']
- samba_shares | selectattr('vfs_object_virusfilter', 'defined') |
selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0
tags:
- samba-server
- samba-virusfilter
- name: (samba-install.yml) Ensure samba share directories exists
file:
path: "{{ item.path }}"
owner: "root"
group: "{{ item.group_write_list }}"
mode: "{{ item.dir_create_mask | default('2770', true) }}"
state: directory
recurse: no
with_items: "{{ samba_shares }}"
loop_control:
label: "{{ item.name }}"
when:
- inventory_hostname in groups['samba_server']
tags:
- samba-shares
# ---
# Virusfilter (ClamAV) only when at least one share has vfs_object_virusfilter: true
# Virusfilter (ClamAV) - only when at least one share has vfs_object_virusfilter: true
# ---
- name: (samba-install.yml) Ensure virusfilter (ClamAV) packages are installed
@@ -22,7 +53,7 @@
pkg: "{{ apt_install_server_samba_virusfilter }}"
state: present
when:
- "groups['samba_server']|string is search(inventory_hostname)"
- inventory_hostname in groups['samba_server']
- samba_shares | selectattr('vfs_object_virusfilter', 'defined') |
selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0
tags:
@@ -37,27 +68,12 @@
- clamav-daemon
- clamav-freshclam
when:
- "groups['samba_server']|string is search(inventory_hostname)"
- inventory_hostname in groups['samba_server']
- samba_shares | selectattr('vfs_object_virusfilter', 'defined') | selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0
tags:
- samba-server
- samba-virusfilter
- name: (samba-install.yml) Ensure quarantine directory exists
file:
path: /data/samba/QUARANTINE
owner: root
group: root
mode: "0750"
state: directory
when:
- "groups['samba_server']|string is search(inventory_hostname)"
- samba_shares | selectattr('vfs_object_virusfilter', 'defined') |
selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0
tags:
- samba-server
- samba-virusfilter
- name: (samba-install.yml) Ensure clamav user is member of all NIS groups
user:
name: clamav
@@ -67,7 +83,7 @@
loop_control:
label: "{{ item.name }}"
when:
- "groups['samba_server']|string is search(inventory_hostname)"
- inventory_hostname in groups['samba_server']
- samba_shares | selectattr('vfs_object_virusfilter', 'defined') |
selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0
- nis_groups | length > 0
@@ -88,7 +104,7 @@
/data/samba/QUARANTINE/** rw,
notify: Reload AppArmor profile clamd
when:
- "groups['samba_server']|string is search(inventory_hostname)"
- inventory_hostname in groups['samba_server']
- samba_shares | selectattr('vfs_object_virusfilter', 'defined') |
selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0
tags:
@@ -103,27 +119,13 @@
state: present
notify: Restart clamav-daemon
when:
- "groups['samba_server']|string is search(inventory_hostname)"
- inventory_hostname in groups['samba_server']
- samba_shares | selectattr('vfs_object_virusfilter', 'defined') |
selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0
tags:
- samba-server
- samba-virusfilter
- name: (samba-install.yml) Ensure samba share directories exists
file:
path: "{{ item.path }}"
owner: "root"
group: "{{ item.group_write_list }}"
mode: "2770"
state: directory
with_items: "{{ samba_shares }}"
loop_control:
label: "{{ item.name }}"
when:
- "groups['samba_server']|string is search(inventory_hostname)"
tags:
- samba-shares
# ---
# /etc/samba/smb.conf
@@ -134,14 +136,14 @@
path: /etc/samba/smb.conf.ORIG
register: smb_conf_exists
when:
- "groups['samba_server']|string is search(inventory_hostname)"
- inventory_hostname in groups['samba_server']
tags:
- samba-server
- name: (samba-install.yml) Backup existing file /etc/samba/smb.conf
command: cp -a /etc/samba/smb.conf /etc/samba/smb.conf.ORIG
when:
- "groups['samba_server']|string is search(inventory_hostname)"
- inventory_hostname in groups['samba_server']
- smb_conf_exists.stat.exists == False
tags:
- samba-server
@@ -154,7 +156,7 @@
group: root
mode: 644
when:
- "groups['samba_server']|string is search(inventory_hostname)"
- inventory_hostname in groups['samba_server']
notify:
- Restart smbd
- Restart nmbd
@@ -169,7 +171,7 @@
group: root
mode: 644
when:
- "groups['samba_server']|string is search(inventory_hostname)"
- inventory_hostname in groups['samba_server']
notify:
- Restart smbd
- Restart nmbd
@@ -180,25 +182,26 @@
# Cronjob for cleaning up samba trash dirs
# ---
- name: (samba-install.yml) Check if file '/root/bin/samba/clean_samba_trash.sh'
exists
- name: (samba-install.yml) Check if file '/root/bin/samba/clean_samba_trash.sh' exists
stat:
path: /root/bin/samba/clean_samba_trash.sh
register: clean_samba_trash_exists
when:
- "groups['samba_server']|string is search(inventory_hostname)"
- inventory_hostname in groups['samba_server']
tags:
- samba-server
- samba-cron
- name: (samba-install.yml) Adjust configuration for script 'clean_samba_trash.sh'
template:
dest: /root/bin/samba/conf/clean_samba_trash.conf
src: root/bin/samba/conf/clean_samba_trash.conf.j2
when:
- "groups['samba_server']|string is search(inventory_hostname)"
- inventory_hostname in groups['samba_server']
- clean_samba_trash_exists.stat.exists|bool
tags:
- samba-server
- samba-cron
- name: (samba-config-server.yml) Check if cleaning up trash dirs is configured
ansible.builtin.lineinfile:
@@ -232,8 +235,7 @@
# Cronjob for setting permissions on samba shares
# ---
- name: (samba-config-server.yml) Check if file
'/root/bin/samba/set_permissions_samba_shares.sh' exists
- name: (samba-config-server.yml) Check if file '/root/bin/samba/set_permissions_samba_shares.sh' exists
ansible.builtin.stat:
path: /root/bin/samba/set_permissions_samba_shares.sh
register: set_permissions_on_samba_shares_exists
@@ -241,8 +243,7 @@
- inventory_hostname in groups['samba_server']
tags: [ samba-server, samba-cron ]
- name: (samba-config-server.yml) Adjust configuration for script
'set_permissions_samba_shares.sh'
- name: (samba-config-server.yml) Adjust configuration for script 'set_permissions_samba_shares.sh'
ansible.builtin.template:
dest: /root/bin/samba/conf/set_permissions_samba_shares.conf
src: root/bin/samba/conf/set_permissions_samba_shares.conf.j2
@@ -251,8 +252,7 @@
- set_permissions_on_samba_shares_exists.stat.exists | bool
tags: [ samba-server, samba-cron ]
- name: (samba-config-server.yml) Creates a cron job for setting permissions to
samba dirs
- name: (samba-config-server.yml) Creates a cron job for setting permissions to samba dirs
ansible.builtin.cron:
name: "{{ samba_cronjob_permissions.name }}"
minute: "{{ samba_cronjob_permissions.minute }}"
@@ -276,7 +276,7 @@
pkg: "{{ apt_install_client_samba }}"
state: present
when:
- "groups['nis_client']|string is search(inventory_hostname)"
- inventory_hostname in groups['nis_client']
- ansible_distribution == "Ubuntu"
tags:
- samba-client