diff --git a/README.md b/README.md index dd32bd0..85d1d20 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Module for provisioning Samba Supports: -* Ubuntu: 14.04, 12.04 +* Ubuntu: 14.04, 12.04, 16.04 LTS * Debian: 8.x, 7.x * CentOS: 7.x, 6.x @@ -29,26 +29,43 @@ Tweak and add the following to your site manifest: ```puppet node 'server.example.com' { class {'samba::server': - workgroup => 'example', - server_string => "Example Samba Server", - interfaces => "eth0 lo", - security => 'share' + workgroup => 'WORKGROUP', + server_string => "${::hostname}", + dns_proxy => 'no', + log_file => '/var/log/samba/log.%m', + max_log_size => '1000', + syslog => '0', + panic_action => '/usr/share/samba/panic-action %d', + server_role => 'standalone server', + passdb_backend => 'tdbsam', + obey_pam_restrictions => 'yes', + unix_password_sync => 'yes', + passwd_program => '/usr/bin/passwd %u', + passwd_chat => '*Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .', + pam_password_change => 'yes', + map_to_guest => 'Never', + usershare_allow_guests => 'yes', + #interfaces => "eth0 lo", + bind_interfaces_only => 'no', + security => 'user', } samba::server::share {'example-share': - comment => 'Example Share', - path => '/path/to/share', - guest_only => true, - guest_ok => true, - guest_account => "guest", - browsable => false, - create_mask => 0777, - force_create_mask => 0777, - directory_mask => 0777, - force_directory_mask => 0777, - force_group => 'group', - force_user => 'user', - copy => 'some-other-share', + comment => 'Example Share', + path => '/path/to/share', + guest_only => true, + guest_ok => true, + guest_account => "guest", + browsable => false, + create_mask => 0777, + force_create_mask => 0777, + directory_mask => 0777, + force_directory_mask => 0777, + force_group => 'group', + force_user => 'user', + copy => 'some-other-share', + hosts_allow => '127.0.0.1, 192.168.0.1' + acl_allow_execute_always => true, } } ``` diff --git a/manifests/server.pp b/manifests/server.pp index cbc61a9..47c7be5 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,27 +1,38 @@ # == Class samba::server # -class samba::server($interfaces = '', - $security = '', - $server_string = '', - $unix_password_sync = '', - $netbios_name = '', - $workgroup = '', - $socket_options = '', +class samba::server($bind_interfaces_only = 'yes', $deadtime = '', - $keepalive = '', - $load_printers = '', - $printing = '', - $printcap_name = '', - $map_to_guest = 'Never', - $guest_account = '', $disable_spoolss = '', + $dns_proxy = '', + $guest_account = '', + $keepalive = '', $kernel_oplocks = '', - $pam_password_change = '', + $load_printers = '', + $log_file = '', + $map_to_guest = '', + $max_log_size = '', + $netbios_name = '', + $obey_pam_restrictions = '', $os_level = '', + $pam_password_change = '', + $panic_action = '', + $passdb_backend = '', + $passwd_chat = '*Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .', + $passwd_program = '', $preferred_master = '', - $bind_interfaces_only = 'yes', + $printcap_name = '', + $printing = '', + $security = '', + $server_role = '', + $server_string = '', $shares = {}, - $users = {}, ) { + $socket_options = '', + $syslog = '', + $unix_password_sync = '', + $usershare_allow_guests = '', + $users = {}, + $workgroup = '', + $interfaces = '' ) { include samba::server::install include samba::server::config @@ -41,26 +52,37 @@ } samba::server::option { - 'interfaces': value => $interfaces; - 'bind interfaces only': value => $bind_interfaces_only; - 'security': value => $security; - 'server string': value => $server_string; - 'unix password sync': value => $unix_password_sync; - 'netbios name': value => $netbios_name; - 'workgroup': value => $workgroup; - 'socket options': value => $socket_options; - 'deadtime': value => $deadtime; - 'keepalive': value => $keepalive; - 'load printers': value => $load_printers; - 'printing': value => $printing; - 'printcap name': value => $printcap_name; - 'map to guest': value => $map_to_guest; - 'guest account': value => $guest_account; - 'disable spoolss': value => $disable_spoolss; - 'kernel oplocks': value => $kernel_oplocks; - 'pam password change': value => $pam_password_change; - 'os level': value => $os_level; - 'preferred master': value => $preferred_master; + 'bind interfaces only': value => $bind_interfaces_only; + 'deadtime': value => $deadtime; + 'disable spoolss': value => $disable_spoolss; + 'dns proxy': value => $dns_proxy; + 'guest account': value => $guest_account; + 'keepalive': value => $keepalive; + 'kernel oplocks': value => $kernel_oplocks; + 'load printers': value => $load_printers; + 'log file': value => $log_file; + 'map to guest': value => $map_to_guest; + 'max log size': value => $max_log_size; + 'netbios name': value => $netbios_name; + 'obey pam restrictions': value => $obey_pam_restrictions; + 'os level': value => $os_level; + 'pam password change': value => $pam_password_change; + 'panic action': value => $panic_action; + 'passdb backend': value => $passdb_backend; + 'passwd chat': value => $passwd_chat; + 'passwd program': value => $passwd_program; + 'preferred master': value => $preferred_master; + 'printcap name': value => $printcap_name; + 'printing': value => $printing; + 'security': value => $security; + 'server role': value => $server_role; + 'server string': value => $server_string; + 'socket options': value => $socket_options; + 'syslog': value => $syslog; + 'unix password sync': value => $unix_password_sync; + 'usershare allow guests': value => $usershare_allow_guests; + 'workgroup': value => $workgroup; + 'interfaces': value => $interfaces; } create_resources(samba::server::share, $shares) diff --git a/manifests/server/share.pp b/manifests/server/share.pp index 5544caf..34d6946 100644 --- a/manifests/server/share.pp +++ b/manifests/server/share.pp @@ -40,6 +40,8 @@ $printer_name = '', $msdfs_root = '', $guest_account = '', + $hosts_allow = '', + $acl_allow_execute_always = '', ) { $incl = $samba::server::incl @@ -239,6 +241,15 @@ '' => "rm \"${target}/guest account\"", default => "set \"${target}/guest account\" '${guest_account}'", }, + $hosts_allow ? { + '' => "rm \"${target}/hosts allow\"", + default => "set \"${target}/hosts allow\" '${hosts_allow}'", + }, + $acl_allow_execute_always ? { + true => "set \"${target}/acl allow execute always\" yes", + false => "set \"${target}/acl allow execute always\" no", + default => "rm \"${target}/acl allow execute always\"", + }, ] augeas { "${name}-changes": diff --git a/spec/acceptance/basic_samba_spec.rb b/spec/acceptance/basic_samba_spec.rb index e50cb2a..de20b32 100644 --- a/spec/acceptance/basic_samba_spec.rb +++ b/spec/acceptance/basic_samba_spec.rb @@ -5,24 +5,28 @@ let(:pp) {" class { 'samba::server': workgroup => 'example', - server_string => 'Example Samba Server' + server_string => 'Example Samba Server', + dns_proxy => 'no', + server_role => 'standalone server', } samba::server::share {'example-share': - comment => 'Example Share', - path => '/path/to/share', - guest_only => true, - guest_ok => true, - guest_account => 'guest', - browsable => false, - create_mask => 0777, - force_create_mask => 0777, - directory_mask => 0777, - force_directory_mode => 0777, - force_group => 'group', - force_user => 'user', - hide_dot_files => false, - msdfs_root => true, + comment => 'Example Share', + path => '/path/to/share', + guest_only => true, + guest_ok => true, + guest_account => 'guest', + browsable => false, + create_mask => 0777, + force_create_mask => 0777, + directory_mask => 0777, + force_directory_mode => 0777, + force_group => 'group', + force_user => 'user', + hide_dot_files => false, + msdfs_root => true, + hosts_allow => '127.0.0.1', + acl_allow_execute_always => true, } "} diff --git a/spec/acceptance/nodesets/uubuntu-server-1604-x64.yml b/spec/acceptance/nodesets/uubuntu-server-1604-x64.yml new file mode 100644 index 0000000..ed1e300 --- /dev/null +++ b/spec/acceptance/nodesets/uubuntu-server-1604-x64.yml @@ -0,0 +1,12 @@ +HOSTS: + ubuntu-server-1604-x64: + roles: + - master + platform: ubuntu-1604-amd64 + box: puppetlabs/ubuntu-16.04-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/ubuntu-16.04-64-nocm + hypervisor: vagrant +CONFIG: + log_level: verbose + type: foss + color: false diff --git a/spec/classes/samba__server_spec.rb b/spec/classes/samba__server_spec.rb index 37d5aa8..a12f73a 100644 --- a/spec/classes/samba__server_spec.rb +++ b/spec/classes/samba__server_spec.rb @@ -20,6 +20,17 @@ it { should contain_samba__server__option('printing') } it { should contain_samba__server__option('printcap name') } it { should contain_samba__server__option('disable spoolss') } + it { should contain_samba__server__option('dns proxy') } + it { should contain_samba__server__option('log file') } + it { should contain_samba__server__option('max log size') } + it { should contain_samba__server__option('obey pam restrictions') } + it { should contain_samba__server__option('panic action') } + it { should contain_samba__server__option('passdb backend') } + it { should contain_samba__server__option('passwd chat') } + it { should contain_samba__server__option('passwd program') } + it { should contain_samba__server__option('server role') } + it { should contain_samba__server__option('syslog') } + it { should contain_samba__server__option('usershare allow guests') } context 'with hiera shares hash' do let(:params) {{ diff --git a/spec/defines/samba__server__share_spec.rb b/spec/defines/samba__server__share_spec.rb index 894f334..172f25f 100644 --- a/spec/defines/samba__server__share_spec.rb +++ b/spec/defines/samba__server__share_spec.rb @@ -44,6 +44,8 @@ set.with("printer name") set.with("msdfs root") set.with("guest account") + set.with("hosts allow") + set.with("acl allow execute always") end let(:change_set) { default_changes } let(:changes) { change_set.to_a } @@ -75,7 +77,7 @@ { "operatingsystem" => "Ubuntu", "operatingsystemrelease" => [ - "14.04" + "16.04" ] }, { @@ -677,11 +679,37 @@ context 'with guest_account set to "killing trees"' do include_examples "default share" let(:params) {{ - :ensure => 'present', + :ensure => 'present', :guest_account => 'someone', }} let(:change_set) { default_changes.with("guest account", "'someone'") } end + + context 'with hosts_allow set to "127.0.0.1"' do + include_examples "default share" + let(:params) {{ + :ensure => 'present', + :hosts_allow => '127.0.0.1', + }} + let(:change_set) { default_changes.with("hosts allow", "'127.0.0.1'") } + end + + context 'with acl_allow_execute_always to true' do + include_examples "default share" + let(:params) {{ + :ensure => 'present', + :acl_allow_execute_always => true, + }} + let(:change_set) { default_changes.with("acl allow execute always", "yes") } + end + context 'with acl_allow_execute_always to false' do + include_examples "default share" + let(:params) {{ + :ensure => 'present', + :acl_allow_execute_always => false, + }} + let(:change_set) { default_changes.with("acl allow execute always", "no") } + end end end end