add role for samba-install, grub-config, update network and handlers

2017-02-23 13:15:04 +01:00
parent 9fe824e452
commit 228ac70b5e
16 changed files with 530 additions and 71 deletions
--- a/roles/grub-config/defaults/main.yml
+++ b/roles/grub-config/defaults/main.yml
@@ -0,0 +1,4 @@
+system:
+    shutdown: poweroff
+    grub:
+        timeout: 0
--- a/roles/grub-config/handlers/main.yml
+++ b/roles/grub-config/handlers/main.yml
@@ -0,0 +1,7 @@
+- name: Update GRUB
+  command: update-grub
+  failed_when: ('error' in grub_register_update.stderr)
+  register: grub_register_update
+
+  # TODO: Do we need to use grub-set-default?
+  # https://github.com/yavdr/yavdr-utils/blob/master/events/actions/update-grub
--- a/roles/grub-config/tasks/main.yml
+++ b/roles/grub-config/tasks/main.yml
@@ -0,0 +1,16 @@
+- name: custom grub configuration for timeout and reboot halt
+  template:
+    src: templates/50_custom.j2
+    dest: /etc/grub.d/50_custom
+    mode: '0775'
+  notify: [ 'Update GRUB' ]
+
+# TODO: add special case if plymouth is used
+- name: let the system boot quietly
+  lineinfile:
+      dest: /etc/default/grub
+      state: present
+      regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=")'
+      line: '\1{{ system.grub.boot_options}}"'
+      backrefs: yes
+  notify: [ 'Update GRUB' ]
--- a/roles/grub-config/templates/50-custom.j2
+++ b/roles/grub-config/templates/50-custom.j2
@@ -0,0 +1,16 @@
+#!/bin/sh
+exec tail -n +3 $0
+
+# This file is configured by the ansible configuration for yaVDR
+
+{% if system.shutdown is defined and system.shutdown == 'reboot' %}
+menuentry "PowerOff" {
+    halt
+}
+{% endif %}
+
+if [ "${recordfail}" = 1 ]; then
+    set timeout={{ 3 if system.grub.timeout < 3 else system.grub.timeout }}
+else
+    set timeout={{ system.grub.timeout if system.grub.timeout is defined else 0 }}
+fi
--- a/roles/samba-config/tasks/main.yml
+++ b/roles/samba-config/tasks/main.yml
@@ -0,0 +1,17 @@
+# file: roles/samba-config/tasks/main.yml
+
+# TODO:
+#- name: divert original smbd.conf
+
+- name: create smb.conf.custom
+  file:
+    state: touch
+    dest: '/etc/samba/smb.conf.custom'
+  notify: [ 'Restart Samba' ]
+    
+- name: expand template for smb.conf
+  template:
+    src: 'templates/smb.conf.j2'
+    dest: '/etc/samba/smb.conf'
+    #validate: 'testparm -s %s'
+  notify: [ 'Restart Samba' ]
--- a/roles/samba-config/templates/smb.conf.j2
+++ b/roles/samba-config/templates/smb.conf.j2
@@ -0,0 +1,91 @@
+# {{ ansible_managed_file }}
+
+#======================= Global Settings =======================
+
+[global]
+
+## Browsing/Identification ###
+
+# Change this to the workgroup/NT-domain name your Samba server will part of
+   workgroup = {{ samba.workgroup }}
+
+# server string is the equivalent of the NT Description field
+   server string = %h server (Samba, Ubuntu)
+
+# This will prevent nmbd to search for NetBIOS names through DNS.
+   dns proxy = no
+
+#### Debugging/Accounting ####
+
+# This tells Samba to use a separate log file for each machine
+# that connects
+   log file = /var/log/samba/log.%m
+
+# Cap the size of the individual log files (in KiB).
+   max log size = 1000
+
+# We want Samba to log a minimum amount of information to syslog. Everything
+# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
+# through syslog you should set the following parameter to something higher.
+   syslog = 0
+
+# Do something sensible when Samba crashes: mail the admin a backtrace
+   panic action = /usr/share/samba/panic-action %d
+
+
+####### Authentication #######
+
+# "security = user" is always a good idea. This will require a Unix account
+# in this server for every user accessing the server. See
+# /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html
+# in the samba-doc package for details.
+#   security = user
+
+# You may wish to use password encryption.  See the section on
+# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
+   encrypt passwords = true
+
+# If you are using encrypted passwords, Samba will need to know what
+# password database type you are using.  
+   passdb backend = tdbsam
+
+   obey pam restrictions = yes
+
+# This boolean parameter controls whether Samba attempts to sync the Unix
+# password with the SMB password when the encrypted SMB password in the
+# passdb is changed.
+   unix password sync = yes
+
+# For Unix password sync to work on a Debian GNU/Linux system, the following
+# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
+# sending the correct chat script for the passwd program in Debian Sarge).
+   passwd program = /usr/bin/passwd %u
+   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
+
+# This boolean controls whether PAM will be used for password changes
+# when requested by an SMB client instead of the program listed in
+# 'passwd program'. The default is 'no'.
+   pam password change = yes
+
+# This option controls how unsuccessful authentication attempts are mapped 
+# to anonymous connections
+   map to guest = bad user
+
+{% for name, path in media_dirs.iteritems() %}
+[{{ name }}]
+   path = {{ path }}
+   comment = {{ name }} on %h
+   browseable = yes
+   guest ok = yes
+   writeable = yes
+   browseable = yes
+   create mode = 0664
+   directory mode = 0775
+   force user = {{ vdr.user }}
+   force group = {{ vdr.group }}
+   follow symlinks = yes
+   wide links = yes
+
+{% endfor %}
+
+include = /etc/samba/smb.conf.custom
--- a/roles/samba-install/tasks/main.yml
+++ b/roles/samba-install/tasks/main.yml
@@ -0,0 +1,12 @@
+# file: roles/samba-install/tasks/main.yml
+
+- name: install samba server
+  apt:
+    name: '{{ item }}'
+    state: present
+    install_recommends: no
+  with_items:
+    - samba
+    - samba-common
+    - samba-common-bin
+    - tdb-tools
--- a/roles/yavdr-common/files/90-norecommends.j2
+++ b/roles/yavdr-common/files/90-norecommends.j2
@@ -0,0 +1,4 @@
+// {{ ansible_managed_file }}
+// Recommends are as of now still abused in many packages
+APT::Install-Recommends "0";
+APT::Install-Suggests "0";
--- a/roles/yavdr-common/tasks/main.yml
+++ b/roles/yavdr-common/tasks/main.yml
@@ -1,16 +1,11 @@
 ---
 # This playbook sets up the basic packages an directories for a yaVDR installation
+# file: roles/yavdr-common/tasks/main.yml

 - name: apt | prevent automatic installation of recommended packages
-  blockinfile:
+  template:
+      src: templates/90-norecommends.j2
      dest: /etc/apt/apt.conf.d/90norecommends
-      create: yes
-      state: present
-      marker: "// *** {mark} ANSIBLE MANAGED BLOCK ***"
-      block: |
-          // Recommends are as of now still abused in many packages
-          APT::Install-Recommends "0";
-          APT::Install-Suggests "0";

 - name: add yaVDR PPAs
  apt_repository:
--- a/roles/yavdr-common/templates/90-norecommends.j2
+++ b/roles/yavdr-common/templates/90-norecommends.j2
@@ -0,0 +1,4 @@
+// {{ ansible_managed_file }}
+// Recommends are as of now still abused in many packages
+APT::Install-Recommends "0";
+APT::Install-Suggests "0";
--- a/roles/yavdr-network/tasks/main.yml
+++ b/roles/yavdr-network/tasks/main.yml
@@ -15,16 +15,6 @@
      - vdr-addon-avahi-linker
      - wakeonlan

- name: install and configure nfs-kernel-server
-  apt:
-      name: "{{ item }}"
-      state: present
-      install_recommends: no
-  with_items:
-      - nfs-kernel-server
-  when:
-      - '{{ install_nfs_server }}'
-
 # Does this really work? We need a way to check if an interface supports WOL - Python Skript?
 # - name: check WOL capabilities of network interfaces
 #   shell: 'ethtool {{ item }} | grep -Po "(?<=Supports\sWake-on:\s).*$"'