diff --git a/tasks/main.yml b/tasks/main.yml index 8bda54b..64032f3 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -31,11 +31,6 @@ changed_when: false tags: samba -# - name: "Installed Samba version:" -# debug: -# msg: "{{ samba_version }}" -# tags: samba - - name: Install SELinux package package: name: "{{ samba_selinux_packages }}" @@ -146,16 +141,9 @@ with_items: "{{ samba_services }}" tags: samba -- name: Create Samba users if they don't exist yet - shell: > - set -o nounset -o pipefail -o errexit && - (pdbedit --user={{ item.name }} 2>&1 > /dev/null) \ - || (echo {{ item.password }}; echo {{ item.password }}) \ - | smbpasswd -s -a {{ item.name }} - args: - executable: /bin/bash - with_items: "{{ samba_users }}" - no_log: true - register: create_user_output - changed_when: "'Added user' in create_user_output.stdout" - tags: samba +- include_tasks: users.yml + vars: + user: "{{ samba_user }}" + loop: "{{ samba_users }}" + loop_control: + loop_var: samba_user diff --git a/tasks/users.yml b/tasks/users.yml new file mode 100644 index 0000000..b77a84b --- /dev/null +++ b/tasks/users.yml @@ -0,0 +1,64 @@ +--- +- block: + - name: Create tmpfile + tempfile: + state: file + register: tmpfile + changed_when: false + tags: + - samba + - samba_user + + - name: Ensure more secure file permissions + file: + path: "{{ tmpfile.path }}" + mode: "0600" + tags: + - samba + - samba_user + + - name: Store password in tmpfile + copy: + content: | + {{ user.password }} + {{ user.password }} + dest: "{{ tmpfile.path }}" + changed_when: false + no_log: true + tags: + - samba + - samba_user + + - name: Create/update samba users + shell: > + set -o nounset -o pipefail -o errexit && + ( + (pdbedit --user={{ user.name }} \ + --configfile={{ samba_configuration }} \ + 2>&1 > /dev/null + ) \ + && \ + ( \ + cat "{{ tmpfile.path }}" \ + | smbpasswd -s {{ user.name }} \ + ) \ + ) \ + || cat "{{ tmpfile.path }}" \ + | smbpasswd -s -a {{ user.name }} + args: + executable: /bin/bash + register: create_user_output + changed_when: "'Added user' in create_user_output.stdout" + tags: + - samba + - samba_user + + always: + - name: Remove tmpfile + file: + path: "{{ tmpfile.path }}" + state: absent + changed_when: false + tags: + - samba + - samba_user