Refactor samba-install.yml: update conditions for group checks and some further minor changes.

2026-05-26 13:15:09 +02:00
parent eed58ba811
commit 63344a4a29
1 changed files with 51 additions and 51 deletions
@@ -9,12 +9,43 @@
    pkg: "{{ apt_install_server_samba }}"
    state: present
  when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
  tags:
    - samba-server
 - name: (samba-install.yml) Ensure quarantine directory exists
  file:
    path: /data/samba/QUARANTINE
    owner: root
    group: root
    mode: "0750"
    state: directory
  when:
    - inventory_hostname in groups['samba_server']
    - samba_shares | selectattr('vfs_object_virusfilter', 'defined') |
      selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0
  tags:
    - samba-server
    - samba-virusfilter
 - name: (samba-install.yml) Ensure samba share directories exists
  file:
    path: "{{ item.path }}"
    owner: "root"
    group: "{{ item.group_write_list }}"
    mode: "{{ item.dir_create_mask | default('2770', true) }}"
    state: directory
    recurse: no
  with_items: "{{ samba_shares }}"
  loop_control:
    label: "{{ item.name }}"
  when:
    - inventory_hostname in groups['samba_server']
  tags:
    - samba-shares
 # ---
-# Virusfilter (ClamAV) — only when at least one share has vfs_object_virusfilter: true
+# Virusfilter (ClamAV) - only when at least one share has vfs_object_virusfilter: true
 # ---
 - name: (samba-install.yml) Ensure virusfilter (ClamAV) packages are installed
@@ -22,7 +53,7 @@
    pkg: "{{ apt_install_server_samba_virusfilter }}"
    state: present
  when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
    - samba_shares | selectattr('vfs_object_virusfilter', 'defined') |
      selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0
  tags:
@@ -37,27 +68,12 @@
    - clamav-daemon
    - clamav-freshclam
  when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
    - samba_shares | selectattr('vfs_object_virusfilter', 'defined') | selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0
  tags:
    - samba-server
    - samba-virusfilter
 - name: (samba-install.yml) Ensure quarantine directory exists
  file:
    path: /data/samba/QUARANTINE
    owner: root
    group: root
    mode: "0750"
    state: directory
  when:
    - "groups['samba_server']|string is search(inventory_hostname)"
    - samba_shares | selectattr('vfs_object_virusfilter', 'defined') |
      selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0
  tags:
    - samba-server
    - samba-virusfilter
 - name: (samba-install.yml) Ensure clamav user is member of all NIS groups
  user:
    name: clamav
@@ -67,7 +83,7 @@
  loop_control:
    label: "{{ item.name }}"
  when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
    - samba_shares | selectattr('vfs_object_virusfilter', 'defined') |
      selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0
    - nis_groups | length > 0
@@ -88,7 +104,7 @@
      /data/samba/QUARANTINE/** rw,
  notify: Reload AppArmor profile clamd
  when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
    - samba_shares | selectattr('vfs_object_virusfilter', 'defined') |
      selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0
  tags:
@@ -103,27 +119,13 @@
    state: present
  notify: Restart clamav-daemon
  when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
    - samba_shares | selectattr('vfs_object_virusfilter', 'defined') |
      selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0
  tags:
    - samba-server
    - samba-virusfilter
 - name: (samba-install.yml) Ensure samba share directories exists
  file:
    path: "{{ item.path }}"
    owner: "root"
    group: "{{ item.group_write_list }}"
    mode: "2770"
    state: directory
  with_items: "{{ samba_shares }}"
  loop_control:
    label: "{{ item.name }}"
  when:
    - "groups['samba_server']|string is search(inventory_hostname)"
  tags:
    - samba-shares
 # ---
 # /etc/samba/smb.conf
@@ -134,14 +136,14 @@
    path: /etc/samba/smb.conf.ORIG
  register: smb_conf_exists
  when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
  tags:
    - samba-server
 - name: (samba-install.yml) Backup existing file /etc/samba/smb.conf
  command: cp -a /etc/samba/smb.conf /etc/samba/smb.conf.ORIG
  when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
    - smb_conf_exists.stat.exists == False
  tags:
    - samba-server
@@ -154,7 +156,7 @@
    group: root
    mode: 644
  when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
  notify:
    - Restart smbd
    - Restart nmbd
@@ -169,7 +171,7 @@
    group: root
    mode: 644
  when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
  notify:
    - Restart smbd
    - Restart nmbd
@@ -180,25 +182,26 @@
 # Cronjob for cleaning up samba trash dirs
 # ---
- name: (samba-install.yml) Check if file '/root/bin/samba/clean_samba_trash.sh'
+- name: (samba-install.yml) Check if file '/root/bin/samba/clean_samba_trash.sh' exists
    exists
  stat:
    path: /root/bin/samba/clean_samba_trash.sh
  register: clean_samba_trash_exists
  when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
  tags:
    - samba-server
    - samba-cron
 - name: (samba-install.yml) Adjust configuration for script 'clean_samba_trash.sh'
  template:
    dest: /root/bin/samba/conf/clean_samba_trash.conf
    src: root/bin/samba/conf/clean_samba_trash.conf.j2
  when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
    - clean_samba_trash_exists.stat.exists|bool
  tags:
    - samba-server
    - samba-cron
 - name: (samba-config-server.yml) Check if cleaning up trash dirs is configured
  ansible.builtin.lineinfile:
@@ -232,8 +235,7 @@
 # Cronjob for setting permissions on samba shares
 # ---
- name: (samba-config-server.yml) Check if file
+- name: (samba-config-server.yml) Check if file '/root/bin/samba/set_permissions_samba_shares.sh' exists
    '/root/bin/samba/set_permissions_samba_shares.sh' exists
  ansible.builtin.stat:
    path: /root/bin/samba/set_permissions_samba_shares.sh
  register: set_permissions_on_samba_shares_exists
@@ -241,8 +243,7 @@
    - inventory_hostname in groups['samba_server']
  tags: [ samba-server, samba-cron ]
- name: (samba-config-server.yml) Adjust configuration for script
+- name: (samba-config-server.yml) Adjust configuration for script 'set_permissions_samba_shares.sh'
    'set_permissions_samba_shares.sh'
  ansible.builtin.template:
    dest: /root/bin/samba/conf/set_permissions_samba_shares.conf
    src: root/bin/samba/conf/set_permissions_samba_shares.conf.j2
@@ -251,8 +252,7 @@
    - set_permissions_on_samba_shares_exists.stat.exists | bool
  tags: [ samba-server, samba-cron ]
- name: (samba-config-server.yml) Creates a cron job for setting permissions to
+- name: (samba-config-server.yml) Creates a cron job for setting permissions to samba dirs
    samba dirs
  ansible.builtin.cron:
    name: "{{ samba_cronjob_permissions.name }}"
    minute: "{{ samba_cronjob_permissions.minute }}"
@@ -276,7 +276,7 @@
    pkg: "{{ apt_install_client_samba }}"
    state: present
  when:
-    - "groups['nis_client']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['nis_client']
    - ansible_distribution == "Ubuntu"
  tags:
    - samba-client