This role deploy a Standalone Samba Server.
It can be deployed either to a regular GNU/Linux box or by creating a
Podman Quadlet container.
The role uses ansible tags that allows use host mode or quadlet mode.
Use ansible-playbook playbook.yml --tags host to install the Samba Server in a
host machine.
Use ansible-playbook playbook.yml --tags quadlet to build a Samba Server
Container which will run as a Quadlet. When using quadlet the service
samba-server will manage the SMB and NMB services
podman- version4.7.2+
samba_mode: (str) - Define the samba server installation method. Supporthostorquadlet. (defaulthost)samba_workgroup: (str) - Defines the samba server workgroup. (defaultWORKGROUP).samba_home: (bool) - Toggle the Home User shares. (default:false)samba_protocol: (str) - Define the minimal client and server protocol. It can be one ofCORE,COREPLUS,LANMAN1,LANMAN2,NT1,SMB2_02,SMB2_10,SMB3_00,SMB3_02,SMB3_11orSMB2_FFsamba_server_string: (str) - Defines the samba server stringsamba_netbios: (str) - Define the netbios namesamba_all_printers: (bool) - Toggle to enable all system printers shares (defaultfalse)samba_listen: (str) - A list of interfaces for listening e.glo eth0samba_hosts_allow: (str) - A space separated list of allowed addressessamba_shares: (list) - A list of shares to be created.samba_shares.name: The name of share to be created.samba_shares.comment: Define a comment description to the sharesamba_shares.path: Creates the path in the OS and the share in smb.conf file.samba_shares.mode: The OS directory permission modesamba_shares.owner: The OS directory owner. (if undeclared defaultroot)samba_shares.group: The OS directory group owner. (if undeclared defaultroot)samba_shares.browseable: Toggle the sharebrowseableflagsamba_shares.guest: Toggle samba shareguest okflagsamba_shares.force_user: Define the share user ownersamba_shares.read_only: Toggle the samba shareread_onlyflagsamba_shares.writable: Toggle the samba sharewritableflagsamba_shares.dir_mask: Define the directory creation mask to the sharesamba_shares.create_mask: Define the creation mask to the sharesamba_packages: The list of packages to be installedsamba_services: The list ofsmbservices, defaultsmb, nmbsamba_quadlet_rebuild: (bool) - Remove the previous container image to trigger a clean rebuild (default:false) when set tofalsespeeds up the process however if new changes were made in the templates, it's recommended set it totruesamba_selinux: (bool) - Toggle SELinux configurations on the target server, this will manipulatesebooleansand set the proper context type for the sharessamba_booleans: (dict) - Define a list of SELinux booleans to be enable or disable
For more information of SMB share flags refere the samba official
docs
The smb.conf template also support custom user share
inclusion. The drop-in file /etc/samba/usershares.conf can be created with
additional custom shares. When using quadlet this file will be mounted.
A Public and CDROM Shares are being created by default, those shares can be mounted via
cifs e.g:
sudo mount -t cifs //myserver/public ./public/ -o uid=nobody,gid=nobody,guest,nopermWhen using quadlet the selinux relabel will not be used since the quadlet
container runs with --security-opt label=disable. All shares are using the shared
propagation
method, to allow the mounting to be in sync from the host to the
container and vice-versa.
- SELinux Notes:
In case you're having strange issues with your shares, make sure to check the audit logs e.g:audit2allow -a -wWhen using quadlet this discussion with cifs and selinux might help you.
None
- Creating a public share:
---
- name: "Creating a Standalone Samba Server with a Public Share"
hosts: homelab
gather_facts: false
vars:
samba_workgroup: "HomeLab"
samba_server_string: "Samba Box"
samba_shares:
- name: "Public"
path: "/mnt/public"
mode: "1777"
owner: root
group: root
browseable: true
guest: true
force_user: nobody
read_only: false
writable: true
roles:
- role: sambawhen using the role from the
server
collection call the role as mrbrandao.server.samba e.g:
---
- name: "Creating a Standalone Samba Server Using the Collection"
hosts: homelab
gather_facts: false
vars:
samba_workgroup: "HomeLab"
samba_server_string: "Samba Box"
samba_shares:
- name: "Public"
path: "/mnt/public"
mode: "1777"
owner: root
group: root
browseable: true
guest: true
force_user: nobody
read_only: false
writable: true
roles:
- role: mrbrandao.server.samba- Example playbook using the
quadletmode:
---
- name: "Creating a Quadlet Samba Server Using the Collection"
hosts: homelab
gather_facts: false
vars:
samba_mode: "quadlet"
samba_workgroup: "HomeLab"
samba_server_string: "Samba Box"
samba_shares:
- name: "Public"
path: "/mnt/public"
mode: "1777"
owner: root
group: root
browseable: true
guest: true
force_user: nobody
read_only: false
writable: true
roles:
- role: mrbrandao.server.samba
- Example playbook using SELinux and Quadlet:
---
- name: "Deploy Samba Server"
hosts:
- mysamba
become: true
tasks:
- name: "Install missing packages"
ansible.builtin.dnf:
name: rsync
state: present
tags:
- quadlet
- name: "Importing Samba Role"
ansible.builtin.import_role:
name: mrbrandao.server.samba
vars:
samba_mode: "quadlet"
samba_protocol: "NT1"
samba_listen: "lo eth0 192.168.1.252/24"
samba_hosts_allow: 192.168.1.0/24
samba_selinux: truethis role uses the tags host or quadlet, when using the above playbooks
in to install a samba server in a host machine use the tag host e.g:
ansible-playbook playbook.yml --tags hostTo install the samba server in a container use the quadlet tag, e.g:
ansible-playbook playbook.yml --tags quadletThis role was developed using ansible molecule. The use of molecule is optional but recommended.
- Testing:
Unit tests for checking code regression are available in thetestsdirectory. use theverifyortestcommands, e.g:
molecule testwhile developing use verify instead:
molecule create
molecule verify@mrbrandao - Igor Brandão