diff --git a/lib/facter/samba_version.rb b/lib/facter/samba_version.rb old mode 100644 new mode 100755 index 4ac2089..bb8290a --- a/lib/facter/samba_version.rb +++ b/lib/facter/samba_version.rb @@ -8,11 +8,11 @@ case distid when /RedHatEnterprise|CentOS|Fedora|RHEL/ - if FileTest.exists?("/usr/bin/yum") + if FileTest.exist?("/usr/bin/yum") version = Facter::Util::Resolution.exec('/usr/bin/yum info samba | sed \'s/Version *: \([0-9\.]\+\)/\1/gp;d\' | head -n 1') end when /Ubuntu|Debian/ - if FileTest.exists?("/usr/bin/apt-cache") + if FileTest.exist?("/usr/bin/apt-cache") version = Facter::Util::Resolution.exec('apt-cache show samba | sed \'s/Version:.*:\([0-9\.]\+\).*/\1/gp;d\' | head -n 1') end when 'Archlinux' diff --git a/manifests/classic.pp b/manifests/classic.pp index f3e9704..c424e79 100644 --- a/manifests/classic.pp +++ b/manifests/classic.pp @@ -46,6 +46,8 @@ $security = 'ads', $sambaloglevel = 1, $join_domain = true, + Boolean $force_join = false, + $join_dns_update = true, $manage_winbind = true, $krbconf = true, $nsswitch = true, @@ -55,21 +57,24 @@ $globaloptions = {}, $globalabsentoptions = [], $joinou = undef, + Optional[String] $machinepass = undef, Optional[String] $default_realm = undef, Array $additional_realms = [], + $packagesambadc = $::samba::params::packagesambadc, + $packagesambaclassic = $::samba::params::packagesambaclassic, + $packagesambawinbind = $::samba::params::packagesambawinbind, + $packagesambansswinbind = $::samba::params::packagesambansswinbind, + $packagesambapamwinbind = $::samba::params::packagesambapamwinbind, + $packagesambaclient = $::samba::params::packagesambaclient, ) inherits samba::params{ - unless is_domain_name($realm){ + unless $realm =~ Stdlib::Host { fail('realm must be a valid domain') } - unless is_domain_name($realm){ - fail('realm must be a valid domain') - } - - validate_slength($smbname, 15) - unless is_domain_name("${smbname}.${realm}"){ + assert_type(String[1, 15], $smbname) + unless "${smbname}.${realm}" =~ Stdlib::Host { fail('smbname must be a valid domain') } @@ -118,7 +123,7 @@ if $nsswitch { package{ 'SambaNssWinbind': ensure => 'installed', - name => $samba::params::packagesambansswinbind + name => $packagesambansswinbind } augeas{'samba nsswitch group': @@ -146,11 +151,11 @@ if $pam { # Only add package here if different to the nss-winbind package, # or nss and pam aren't both enabled, to avoid duplicate definition. - if ($samba::params::packagesambapamwinbind != $samba::params::packagesambansswinbind) + if ($packagesambapamwinbind != $packagesambansswinbind) or !$nsswitch { package{ 'SambaPamWinbind': ensure => 'installed', - name => $::samba::params::packagesambapamwinbind + name => $packagesambapamwinbind } } @@ -203,13 +208,13 @@ package{ 'SambaClassic': ensure => 'installed', - name => $samba::params::packagesambaclassic, + name => $packagesambaclassic, } if $manage_winbind { package{ 'SambaClassicWinBind': ensure => 'installed', - name => $samba::params::packagesambawinbind, + name => $packagesambawinbind, require => File['/etc/samba/smb_path'], } Package['SambaClassicWinBind'] -> Package['SambaClassic'] @@ -227,6 +232,7 @@ ensure => 'running', name => $samba::params::servivewinbind, require => [ Package['SambaClassic'], File['SambaOptsFile'] ], + before => [ Service['SambaSmb'] ], # required for smbd to run now enable => true, } } @@ -331,13 +337,40 @@ default => "createcomputer=\"${joinou}\"", undef => '', } + $no_dns_updates = $join_dns_update ? { + false => '--no-dns-updates', + default => '', + } + if $machinepass { + # Debug output -- put pass on command-line :) + #$pass = "machinepass=\"\${MACHINE_PASSWORD}\"" + #$machinepass_env = [ "MACHINE_PASSWORD=${machinepass}", ] + #notify { "samba domain join being attempted with machinepass=${machinepass}": } + $pass = "machinepass=${machinepass}" + $machinepass_env = [ ] + } else { + $pass = '' + $machinepass_env = [ ] + } + + if $force_join { + $unlesstest = 'false' + } else { + $unlesstest = 'net ads testjoin' + } + exec{ 'Join Domain': - path => '/bin:/sbin:/usr/sbin:/usr/bin/', - unless => 'net ads testjoin', - command => "echo '${adminpassword}'| net ads join -U '${adminuser}' ${ou}", - notify => Service['SambaWinBind'], - require => [ Package['SambaClassic'], Service['SambaSmb'] ], + path => '/bin:/sbin:/usr/sbin:/usr/bin/', + unless => $unlesstest, + #unless => 'net ads testjoin', + environment => [ "NET_PASSWORD=${adminpassword}", ] + $machinepass_env, + command => "echo \$NET_PASSWORD | net ads join -U '${adminuser}' ${no_dns_updates} ${ou} ${pass}", + notify => Service['SambaWinBind'], + require => Package['SambaClassic'], } + + # Add dependency for domain join to require all config options applied + Samba::Option <| |> -> Exec['Join Domain'] } } } diff --git a/manifests/dc.pp b/manifests/dc.pp index d1859a6..f450856 100644 --- a/manifests/dc.pp +++ b/manifests/dc.pp @@ -57,6 +57,9 @@ $netlogonabsentoptions = [], $sysvolabsentoptions = [], Optional[String] $cleanup = undef, + $packagesambawinbind = $::samba::params::packagesambawinbind, + $packagesambaclient = $::samba::params::packagesambaclient, + $packagesambadc = $::samba::params::packagesambadc, ) inherits ::samba::params{ case $dnsbackend { diff --git a/manifests/params.pp b/manifests/params.pp index c342e45..36d2c4e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -9,13 +9,13 @@ case $facts['os']['family'] { 'redhat': { $cleanup = undef + # for now, this is not supported by RedHat $packagesambadc = 'samba-dc' $packagesambaclassic = 'samba' $packagesambawinbind = 'samba-winbind' $packagesambansswinbind = 'samba-winbind-clients' $packagesambapamwinbind = 'samba-winbind-clients' $packagesambaclient = 'samba-client' - # for now, this is not supported by Debian $servivesambadc = undef $servivesmb = 'smb' $servivewinbind = 'winbind' diff --git a/metadata.json b/metadata.json index 67e88a4..f81ecd4 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "kakwa-samba", - "version": "2.0.0", + "version": "2.1.0", "author": "kakwa", "summary": "Module managing Samba, including Samba as a AD Domain Controller", "license": "MIT", @@ -11,7 +11,7 @@ "dependencies": [ { "name": "puppetlabs-stdlib", - "version_requirement": ">= 3.0.0 < 5.0.0" + "version_requirement": ">= 9.0.0 < 10.0.0" }, { "name": "herculesteam-augeasproviders_pam", @@ -22,39 +22,35 @@ { "operatingsystem": "RedHat", "operatingsystemrelease": [ - "6", - "7" + "8" ] }, { - "operatingsystem": "CentOS", + "operatingsystem": "Rocky", "operatingsystemrelease": [ - "6", - "7" + "8" ] }, { "operatingsystem": "Debian", "operatingsystemrelease": [ - "7", - "8" + "11", + "12" ] }, { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ - "14.04", - "16.04" + "20.04", + "22.04", + "24.04" ] - }, - { - "operatingsystem": "Archlinux" } ], "requirements": [ { "name": "puppet", - "version_requirement": ">= 4.10.0 < 6.0.0" + "version_requirement": ">= 6.0.0 < 9.0.0" } ] }