Permalink
Browse files

COOK-374, add samba cookbook

  • Loading branch information...
0 parents commit 68a54e7613985f9238ec026d2f24e74d88aeec14 @jtimberman jtimberman committed Oct 11, 2010
Showing with 459 additions and 0 deletions.
  1. +131 −0 README.md
  2. +41 −0 attributes/default.rb
  3. +50 −0 metadata.json
  4. +14 −0 metadata.rb
  5. +61 −0 providers/user.rb
  6. +23 −0 recipes/client.rb
  7. +20 −0 recipes/default.rb
  8. +71 −0 recipes/server.rb
  9. +23 −0 resources/user.rb
  10. +25 −0 templates/default/smb.conf.erb
131 README.md
@@ -0,0 +1,131 @@
+Description
+===========
+
+Installs and configures Samba version 3.
+
+Requirements
+============
+
+Assumes Samba version 3.
+
+Should work on Debian-family, Red Hat-family and ArchLinux systems.
+
+Uses Chef Server for data bag to build configuration file shares.
+
+Requires a users data bag for the users when the password backend is not LDAP. If using the Opscode `users` cookbook, this already needs to exist, though a password needs to be specified for Samba.
+
+Limitations
+===========
+
+Does not (yet) integrate with LDAP/AD.
+
+Uses plaintext passwords for the user data bag entry to create the SMB users if the password backend is tdbsam or smbpasswd. See below under usage.
+
+Does not modify the Samba daemons to launch (i.e., ArchLinux's `/etc/conf.d/samba` `SAMBA_DAMONS`).
+
+Attributes
+==========
+
+The attributes are used to set up the default values in the smb.conf, and set default locations used in the recipe. Where appropriate, the attributes use the default values in Samba.
+
+* `node["samba"]["workgroup"]` - The SMB workgroup to use, default "SAMBA".
+* `node["samba"]["interfaces"]` - Interfaces to listen on, default "lo 127.0.0.1".
+* `node["samba"]["hosts_allow"]` - Allowed hosts/networks, default "127.0.0.0/8".
+* `node["samba"]["bind_interfaces_only"]` - Limit interfaces to serve SMB, default "no"
+* `node["samba"]["server_string"]` - Server string value, default "Samba Server".
+* `node["samba"]["load_printers"]` - Whether to load printers, default "no".
+* `node["samba"]["passdb_backend"]` - Which password backend to use, default "tdbsam".
+* `node["samba"]["dns_proxy"]` - Whether to search NetBIOS names through DNS, default "no".
+* `node["samba"]["security"]` - Samba security mode, default "user".
+* `node["samba"]["map_to_guest"]` - What Samba should do with logins that don't match Unix users, default "Bad User".
+* `node["samba"]["socket_options"]` - Socket options, default "`TCP_NODELAY`"
+* `node["samba"]["config"]` - Location of Samba configuration, default "/etc/samba/smb.conf".
+* `node["samba"]["log_dir"]` - Location of Samba logs, default "/var/log/samba/%m.log".
+
+Recipes
+=======
+
+client
+------
+
+Installs smbclient to provide access to SMB shares.
+
+default
+-------
+
+Includes the client recipe by default.
+
+server
+------
+
+Sets up a Samba server. See "Usage" below for more information.
+
+Resources/Providers
+===================
+
+This cookbook includes a resource/provider for managing samba users with the smbpasswd program.
+
+ samba_user "jtimberman" do
+ password "plaintextpassword"
+ action [:create, :enable]
+ end
+
+For now, this resource can only create, enable or delete the user. It only supports setting the user's initial password. It assumes a password db backend that utilizes the smbpasswd program.
+
+This will not enforce the password to be set to the value specified. Meaning, if the local user changes their password with `smbpasswd`, the recipe will not reset it. This may be changed in a future version of this cookbook.
+
+Usage
+=====
+
+The `samba::default` recipe includes `samba::client`, which simply installs smbclient package. Remaining information in this section pertains to `samba::server` recipe.
+
+Set attributes as desired in a role, and create a data bag named `samba` with an item called `shares`. Also create a `users` data bag with an item for each user that should have access to samba.
+
+Example data bag item for a single share named `export` in the `shares` item.
+
+ % cat data_bags/samba/shares.json
+ {
+ "id": "shares",
+ "shares": {
+ "export": {
+ "comment": "Exported Share",
+ "path": "/srv/export",
+ "guest ok": "no",
+ "printable": "no",
+ "write list": ["jtimberman"],
+ "create mask": "0664",
+ "directory mask": "0775"
+ }
+ }
+ }
+
+Each of the hashes in `shares` will be a stanza in the smb.conf.
+
+Example data bag item for a user. Note that the user must exist on the system already. This is the minimal users data bag to set up the `smbpasswd` entry. More options are available for those using the `users` cookbook, see the readme for that cookbook for more information.
+
+ % cat data_bags/users/jtimberman.json
+ {
+ "id": "jtimberman",
+ "smbpasswd": "plaintextpassword"
+ }
+
+Unfortunately, smbpasswd does not take a hashed password as an argument - the password is echoed and piped to the smbpasswd program. This is a limitation of Samba.
+
+License and Author
+==================
+
+Author:: Joshua Timberman (<joshua@opscode.com>)
+
+Copyright:: 2010, Opscode, Inc
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
@@ -0,0 +1,41 @@
+#
+# Cookbook Name:: samba
+# Attributes:: default
+#
+# Copyright 2010, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+default["samba"]["workgroup"] = "SAMBA"
+default["samba"]["interfaces"] = "lo 127.0.0.1"
+default["samba"]["hosts_allow"] = "127.0.0.0/8"
+default["samba"]["bind_interfaces_only"] = "no"
+default["samba"]["server_string"] = "Samba Server"
+default["samba"]["load_printers"] = "no"
+default["samba"]["passdb_backend"] = "tdbsam"
+default["samba"]["dns_proxy"] = "no"
+default["samba"]["security"] = "user"
+default["samba"]["map_to_guest"] = "Bad User"
+default["samba"]["socket_options"] = "TCP_NODELAY"
+
+case platform
+when "arch"
+ set["samba"]["config"] = "/etc/samba/smb.conf"
+ set["samba"]["log_dir"] = "/var/log/samba/log.%m"
+when "redhat","centos","fedora"
+ set["samba"]["config"] = "/etc/samba/smb.conf"
+ set["samba"]["log_dir"] = "/var/log/samba/log.%m"
+else
+ set["samba"]["config"] = "/etc/samba/smb.conf"
+ set["samba"]["log_dir"] = "/var/log/samba/%m.log"
+end
@@ -0,0 +1,50 @@
+{
+ "name": "samba",
+ "description": "Installs/Configures samba",
+ "long_description": "Description\n===========\n\nInstalls and configures Samba version 3.\n\nRequirements\n============\n\nAssumes Samba version 3.\n\nShould work on Debian-family, Red Hat-family and ArchLinux systems.\n\nUses Chef Server for data bag to build configuration file shares.\n\nRequires a users data bag for the users when the password backend is not LDAP. If using the Opscode `users` cookbook, this already needs to exist, though a password needs to be specified for Samba.\n\nLimitations\n===========\n\nDoes not (yet) integrate with LDAP/AD.\n\nUses plaintext passwords for the user data bag entry to create the SMB users if the password backend is tdbsam or smbpasswd. See below under usage.\n\nDoes not modify the Samba daemons to launch (i.e., ArchLinux's `/etc/conf.d/samba` `SAMBA_DAMONS`).\n\nAttributes\n==========\n\nThe attributes are used to set up the default values in the smb.conf, and set default locations used in the recipe. Where appropriate, the attributes use the default values in Samba.\n\n* `node[\"samba\"][\"workgroup\"]` - The SMB workgroup to use, default \"SAMBA\".\n* `node[\"samba\"][\"interfaces\"]` - Interfaces to listen on, default \"lo 127.0.0.1\".\n* `node[\"samba\"][\"hosts_allow\"]` - Allowed hosts/networks, default \"127.0.0.0/8\".\n* `node[\"samba\"][\"bind_interfaces_only\"]` - Limit interfaces to serve SMB, default \"no\"\n* `node[\"samba\"][\"server_string\"]` - Server string value, default \"Samba Server\".\n* `node[\"samba\"][\"load_printers\"]` - Whether to load printers, default \"no\".\n* `node[\"samba\"][\"passdb_backend\"]` - Which password backend to use, default \"tdbsam\".\n* `node[\"samba\"][\"dns_proxy\"]` - Whether to search NetBIOS names through DNS, default \"no\".\n* `node[\"samba\"][\"security\"]` - Samba security mode, default \"user\".\n* `node[\"samba\"][\"map_to_guest\"]` - What Samba should do with logins that don't match Unix users, default \"Bad User\".\n* `node[\"samba\"][\"socket_options\"]` - Socket options, default \"`TCP_NODELAY`\"\n* `node[\"samba\"][\"config\"]` - Location of Samba configuration, default \"/etc/samba/smb.conf\".\n* `node[\"samba\"][\"log_dir\"]` - Location of Samba logs, default \"/var/log/samba/%m.log\".\n\nRecipes\n=======\n\nclient\n------\n\nInstalls smbclient to provide access to SMB shares.\n\ndefault\n-------\n\nIncludes the client recipe by default.\n\nserver\n------\n\nSets up a Samba server. See \"Usage\" below for more information.\n\nResources/Providers\n===================\n\nThis cookbook includes a resource/provider for managing samba users with the smbpasswd program.\n\n samba_user \"jtimberman\" do\n password \"plaintextpassword\"\n action [:create, :enable]\n end\n\nFor now, this resource can only create, enable or delete the user. It only supports setting the user's initial password. It assumes a password db backend that utilizes the smbpasswd program.\n\nThis will not enforce the password to be set to the value specified. Meaning, if the local user changes their password with `smbpasswd`, the recipe will not reset it. This may be changed in a future version of this cookbook.\n\nUsage\n=====\n\nThe `samba::default` recipe includes `samba::client`, which simply installs smbclient package. Remaining information in this section pertains to `samba::server` recipe.\n\nSet attributes as desired in a role, and create a data bag named `samba` with an item called `shares`. Also create a `users` data bag with an item for each user that should have access to samba.\n\nExample data bag item for a single share named `export` in the `shares` item.\n\n % cat data_bags/samba/shares.json\n {\n \"id\": \"shares\",\n \"shares\": {\n \"export\": {\n \"comment\": \"Exported Share\",\n \"path\": \"/srv/export\",\n \"guest ok\": \"no\",\n \"printable\": \"no\",\n \"write list\": [\"jtimberman\"],\n \"create mask\": \"0664\",\n \"directory mask\": \"0775\"\n }\n }\n }\n\nEach of the hashes in `shares` will be a stanza in the smb.conf.\n\nExample data bag item for a user. Note that the user must exist on the system already. This is the minimal users data bag to set up the `smbpasswd` entry. More options are available for those using the `users` cookbook, see the readme for that cookbook for more information.\n\n % cat data_bags/users/jtimberman.json\n {\n \"id\": \"jtimberman\",\n \"smbpasswd\": \"plaintextpassword\"\n }\n\nUnfortunately, smbpasswd does not take a hashed password as an argument - the password is echoed and piped to the smbpasswd program. This is a limitation of Samba.\n\nLicense and Author\n==================\n\nAuthor:: Joshua Timberman (<joshua@opscode.com>)\n\nCopyright:: 2010, Opscode, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n",
+ "maintainer": "Opscode, Inc.",
+ "maintainer_email": "cookbooks@opscode.com",
+ "license": "Apache 2.0",
+ "platforms": {
+ "arch": [
+
+ ],
+ "debian": [
+
+ ],
+ "ubuntu": [
+
+ ],
+ "centos": [
+
+ ],
+ "fedora": [
+
+ ],
+ "redhat": [
+
+ ]
+ },
+ "dependencies": {
+ },
+ "recommendations": {
+ },
+ "suggestions": {
+ },
+ "conflicting": {
+ },
+ "providing": {
+ },
+ "replacing": {
+ },
+ "attributes": {
+ },
+ "groupings": {
+ },
+ "recipes": {
+ "samba::default": "Includes the samba::client recipe",
+ "samba::client": "Installs smbclient package",
+ "samba::server": "Installs samba server packages and configures smb.conf"
+ },
+ "version": "0.10.0"
+}
@@ -0,0 +1,14 @@
+maintainer "Opscode, Inc."
+maintainer_email "cookbooks@opscode.com"
+license "Apache 2.0"
+description "Installs/Configures samba"
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
+version "0.10.0"
+
+recipe "samba::default", "Includes the samba::client recipe"
+recipe "samba::client", "Installs smbclient package"
+recipe "samba::server", "Installs samba server packages and configures smb.conf"
+
+%w{ arch debian ubuntu centos fedora redhat }.each do |os|
+ supports os
+end
@@ -0,0 +1,61 @@
+#
+# Cookbook Name:: samba
+# Provider:: user
+#
+# Copyright:: 2010, Opscode, Inc <legal@opscode.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/mixin/shell_out'
+require 'chef/mixin/language'
+include Chef::Mixin::ShellOut
+
+action :create do
+ unless @smbuser.exists
+ pw = new_resource.password
+ execute "Create #{new_resource.name}" do
+ command "echo -ne '#{pw}\n#{pw}\n' | smbpasswd -s -a #{new_resource.name}"
+ end
+ @updated = true
+ end
+end
+
+action :enable do
+ if @smbuser.disabled
+ execute "Enable #{new_resource.name}" do
+ command "smbpasswd -e #{new_resource.name}"
+ end
+ @updated = true
+ end
+end
+
+action :delete do
+ if @smbuser.exists
+ execute "Delete #{new_resource.name}" do
+ command "smbpasswd -x #{new_resource.name}"
+ end
+ @updated = true
+ end
+end
+
+def load_current_resource
+ @smbuser = Chef::Resource::SambaUser.new(new_resource.name)
+
+ Chef::Log.debug("Checking for smbuser #{new_resource.name}")
+ u = shell_out("pdbedit -Lv -u #{new_resource.name}")
+ exists = u.stdout.include?(new_resource.name)
+ disabled = u.stdout.include?("Account Flags.*[D")
+ @smbuser.exists(exists)
+ @smbuser.disabled(disabled)
+end
@@ -0,0 +1,23 @@
+#
+# Cookbook Name:: samba
+# Recipe:: client
+#
+# Copyright 2010, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+package value_for_platform(
+ "arch" => { "default" => "smbclient" },
+ "default" => "smbclient"
+)
@@ -0,0 +1,20 @@
+#
+# Cookbook Name:: samba
+# Recipe:: default
+#
+# Copyright 2010, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "samba::client"
Oops, something went wrong.

0 comments on commit 68a54e7

Please sign in to comment.