涉及到的文件
[student@workstation filestorage-automation]$ tree .
.
├── ansible.cfg
├── inventory
├── smb_client.yml
├── smb_server.yml
├── smb_vars.yml
└── templates
└── smb.conf.j2
[student@workstation filestorage-automation]$涉及到的 主机清单
[student@workstation filestorage-automation]$ cat inventory
[servers]
serverd.lab.example.com
[clients]
servera.lab.example.com
serverb.lab.example.com
serverc.lab.example.com
[student@workstation filestorage-automation]$这里我们使用 serverd 做服务端,使用 servera,b,c 做客户端
[student@workstation filestorage-review]$ cat ansible.cfg
[defaults]
inventory=inventory
remote_user=devopsansible 配置文件 ,使用 devops 作ssh 用户
samba 对应的配置文件的 jija 模版
[student@workstation filestorage-automation]$ cat templates/smb.conf.j2
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
smb encrypt = required
server min protocol = SMB3
[{{ share_name }}]
path = {{ shared_dir }}
write list = @{{ allowed_group }}
[student@workstation filestorage-automation]$通过模版配置文件,我们可以看到使用的是最基本的配置文件,下面为涉及到的变量
[student@workstation filestorage-review]$ cat smb_vars.yml
---
shared_dir: /srv/developers
share_name: devdata
mount_point: /devs_data
# User account for mounting the share
samba_usermount: sambamount
samba_passmount: redhat
allowed_group: developers
[student@workstation filestorage-review]$服务端部署
服务端需要执行的剧本
- 安装
Samba软件包:使用yum模块安装Samba软件包。 - 创建Linux和Samba用户:创建一个用于挂载共享的Linux和Samba用户。
- 创建Linux组:创建一个用于具有写访问权限的用户组。
- 创建Samba用户:为Samba用户创建密码,并将其添加到Samba用户数据库中。
- 创建目录:使用file模块创建要共享的目录,并设置所有者、组和权限。
- 配置Samba:使用template模块将SMB配置文件模板复制到目标位置。
- 启动SMB服务:使用service模块启动和启用SMB服务。
- 开放Samba防火墙服务:使用firewalld模块开启Samba防火墙服务。
- 定义处理程序:定义名为 reload smb 的处理程序,用于在配置更改后重新加载SMB服务。
[student@workstation filestorage-automation]$ cat smb_server.yml
---
- name: Share a directory with SMB
hosts: serverd.lab.example.com
become: true
vars_files:
- smb_vars.yml
tasks:
- name: the samba package is installed
yum:
name: samba
state: present
# Creating the Linux and Samba user for the multiuser mount.
# That user is only used to mount the share.
- name: the Linux user for Samba mount exists
user:
name: "{{ samba_usermount }}"
shell: /sbin/nologin
create_home: no
system: yes
- name: the Samba user for Samba mount exists
command: smbpasswd -s -a {{ samba_usermount }}
args:
stdin: "{{ samba_passmount }}\n{{ samba_passmount }}"
# Group and users with write access to the share
- name: the Linux group exists
group:
name: "{{ allowed_group }}"
system: yes
- name: the Linux users exist for Samba users
user:
name: "{{ item['name'] }}"
shell: /sbin/nologin
groups:
- "{{ allowed_group }}"
loop: "{{ samba_users }}"
no_log: true
- name: the Samba users exist
command: smbpasswd -s -a {{ item['name'] }}
args:
stdin: "{{ item['password'] }}\n{{ item['password'] }}"
loop: "{{ samba_users }}"
no_log: true
- name: the directory exists
file:
path: "{{ shared_dir }}"
owner: root
group: "{{ allowed_group }}"
mode: '2775'
state: directory
setype: samba_share_t
- name: the directory is shared
template:
src: templates/smb.conf.j2
dest: /etc/samba/smb.conf
owner: root
group: root
mode: '0644'
setype: samba_etc_t
notify: reload smb
- name: the smb service is started and enabled
service:
name: smb
state: started
enabled: yes
- name: the samba firewall service is opened
firewalld:
service: samba
state: enabled
immediate: yes
permanent: yes
handlers:
- name: reload smb
service:
name: smb
state: reloaded
[student@workstation filestorage-automation]$客户端配置
- 安装
cifs-utils软件包:使用yum模块确保目标主机上安装了cifs-utils软件包。 - 创建凭据文件:使用copy模块创建一个凭据文件(/etc/samba/creds.txt),其中包含SMB用户名和密码。用户名和密码从samba_usermount和samba_passmount变量中获取。
- 挂载SMB共享:使用mount模块挂载SMB共享。path参数指定本地系统上的挂载点,src参数指定SMB共享的位置(//serverd.lab.example.com/{{ share_name }})。opts参数指定挂载选项,包括凭据文件路径(/etc/samba/creds.txt)、multiuser模式和seal安全选项。fstype参数将文件系统类型指定为cifs。
- 创建Linux用户:使用user模块在目标主机上创建Linux用户。用户名和密码从samba_users变量中获取。密码使用SHA-512算法以'redhatsalt'作为盐值进行哈希处理。
[student@workstation filestorage-automation]$ cat smb_client.yml
---
- name: Access an SMB share
hosts: servera.lab.example.com
become: true
vars_files:
- smb_vars.yml
tasks:
- name: the cifs-utils package is installed
yum:
name: cifs-utils
state: present
- name: the credential file exists
copy:
content: "username={{ samba_usermount }}\n\
password={{ samba_passmount }}\n"
dest: /etc/samba/creds.txt
owner: root
group: root
mode: '0600'
no_log: true
- name: the SMB share is mounted
mount:
path: "{{ mount_point }}"
src: "//serverd.lab.example.com/{{ share_name }}"
opts: "credentials=/etc/samba/creds.txt,multiuser,seal"
state: mounted
fstype: cifs
- name: the Linux users exist
user:
name: "{{ item.name }}"
shell: /bin/bash
password: "{{ item.password | \
password_hash('sha512', 'redhatsalt') }}"
loop: "{{ samba_users }}"
no_log: true
[student@workstation filestorage-automation]$