ansible-nas
ansible-nas copied to clipboard
davestephens
Automatically create users (and associated system user) for Samba shares
Hi, I'm back! ;)
I'm trying to create samba users in my nas.yml file using the bertvv.samba role and it always fails. Here is what I'm providing as a test (a link to my complete file is given below):
samba_users:
- name: dlarson
password: foobar
It causes the following error when running the playbook:
TASK [bertvv.samba : Create Samba users if they don't exist yet] **************************************************************************************************************************
failed: [ansible-nas] (item=None) => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
fatal: [ansible-nas]: FAILED! => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
PLAY RECAP ********************************************************************************************************************************************************************************
ansible-nas : ok=10 changed=0 unreachable=0 failed=1
I put no_log: false at the top of my nas.yml file but it had no effect on the error output.
At first I was trying to hide the password with ansible-vault:
dlarson_passwd: !vault |
$ANSIBLE_VAULT;1.1;AES256
30613861656134343330396436386432346131376434613837343939383336373935393161363666
3338373432653536653236346633366162666638393163640a666632373732343736653633363439
36306665333736616337323335393365613434356336313065316261363333396561393333383566
3039373633633537320a313136333961386139376431666463653131373234313261386363353434
3532
# :
# :
samba_users:
- name: dlarson
password: "{{ larzmedia_passwd }}"
I figured that was the issue. But the simple example provided first also fails with the password given in plain text so I don't think that's the problem.
Note also that when I tried to create a linux user account using the following specification it failed as well:
- name: Create user dlarson
user:
name: dlarson
state: present
update_password: on_create
create_home: no
password: "$6$.gijCVAXbENBqQ$iDfsr2vMB8o2G.e.as18Q1jsLhix7DOs.7MUQkmWHU2zF0yhqMGwd1rT.X7e3knGq4/5KIfsV21Pe02nd4yJv0"
group: dlarson
shell: /usr/sbin/nologin
In that case I get the following error:
PLAY [all] ********************************************************************************************************************************************************************************
ERROR! Syntax Error while loading YAML.
did not find expected key
The error appears to have been in '/home/skb/ansible-nas/inventories/my-ansible-nas/group_vars/nas.yml': line 27, column 1, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: Create user dlarson
^ here
The above linux user definition is patterned after the task file tasks/users.yml.
Here's a link to my full nas.yml file:
https://github.com/DLLarson/ansible-nas/blob/master/inventories/my-ansible-nas/group_vars/nas.yml
Is it possible that these operations are not allowed in the nas.yml file?
-Dale
I figured out the samba password issue. It errors out if the same account name doesn't exist in the linux user database.
Now I just need to figure out how to create the account from within the nas.yml file which was really my original stumbling point.
-Dale
Multiple users is something that could be supported with a little work, but it's not something I needed personally so never bothered :)
nas.yml under group_vars is just a yaml with a bunch of variables in (i.e. settings) - you can't put tasks into it. If you want to have a go at hacking, you can add the tasks to the root nas.yml playbook and see how you get on.
In the meantime, I'll have a think about how this could be supported properly :+1:
Hi,
nas.yml under group_vars is just a yaml with a bunch of variables in (i.e. settings) - you can't put tasks into it
I can see that now. It's taking me some time to get a feel for Ansible's plumbing. Cool but different.
I've been have some more success by refactoring my layout. Now I keep all my stuff in its own repository:
https://github.com/DLLarson/my-ansible-nas
I then pull ansible-nas into my repo using a git submodule. I have a top level playbook that does my special stuff and then runs the ansible-nas/nas.yml in the main repository.
It seems to be working pretty well.
This is OK as I really didn't want to work with a fork. This is much cleaner for me.
I really like the way I can embed secrets safely in the code. That's a huge thing!
Oh well, back to kicking more of the tires.
Thanks for the help! -Dale
Hi,
I've since learned that symbols like ansible_nas_domain and docker_home that are defined by the ansible-nas git submodule aren't surfaced to my playbook. Neither are the modules/roles like docker as witnessed by this error:
fatal: [ansible-nas]: FAILED! => {"changed": false, "msg": "Failed to import docker-py - No module named docker. Try `pip install docker-py`"}
I'm trying to add sabnzbd to docker by adding my own tasks/sabnzbd.yml. Note that I'm aware of the better choice of NzbGet Ansible-NAS that provides but sabnzbd is what I used on FreeNAS and am happy with it despite its weaknesses.
I need to understand the scoping rules better.
If you're curious, here is what have at the moment (pinned to a specific commit so my comments here stay relevant):
https://github.com/DLLarson/my-ansible-nas/tree/81c69343652862bd0403d44bea80d25bddc2e17c
-Dale
Why don't you just add sabnzbd via a PR to this repo? I'm sure others would benefit if it's a migration path from FreeNAS.
I haven't ever seen an entire playbook added to another playbook via a git submodule before!
My scheme for using submodules has had mixed results as seen above. I'll do as you suggest and add sabnzbd as I'm starting to get a modicum of understanding of how Ansible works.
On the bright side I've covered all essential features that FreeNAS provided using AnisibleNAS and have switched over to Ubuntu. Ubuntu imported my ZFS raidz2 array with no issues other than a message that the array was previously used by another system thereby requiring the -f option on the import. Now Ubuntu mounts the datasets flawlessly.
I'm still using the submodule approach to simplify maintaining my inventory's settings but I execute AnsibleNAS differently using a script to step into ansible-nas:
https://github.com/DLLarson/my-ansible-nas
I set my Linux host name to match FreeNAS's and the external backup apps on the home computers are none-the-wiser that they're now talking to AnsibleNAS rather than FreeNAS. This was my essential goal as my NAS system is primarily for reliable data backup that doesn't require cloud services. All the rest is bonus. Having Docker available greatly expands the possibilities though.
After all of this I can even switch between FreeNAS and AnsibleNAS without issue.
Great stuff!
-Dale
Regarding adding a sabnzbd.yml task...
The docker image at:
https://hub.docker.com/r/linuxserver/sabnzbd
appears to have broken documentation.
If you follow the Github link provided in the Docker Hub page and look at the Dockerfile, it doesn't look like the documentation states.
https://github.com/linuxserver/docker-sabnzbd/blob/master/Dockerfile
Specifically the incomplete downloads and final downloads volumes are not exported contrary to the documentation. So all the data ends up under /mnt/Volume2/docker/sabnzbd. In addition the https support appears to be ignored even though the ports are exposed.
My dilemma is that I could switch to sabnzbd/sabnzbd's image:
https://hub.docker.com/r/sabnzbd/sabnzbd
which is simpler.
Or, I could ignore the hub's documentation and implement based on what I see in the Dockerfile in the Github repository for the linuxserver/sabnzbd Docker image.
Any preferences?
-Dale
A directory doesn't have to be specially marked as VOLUME in the
Dockerfile to be able to mount it, you can mount any directory or file you
like...
I think I'm understanding what you're saying correctly?
On Thu, 30 Jan 2020, 19:37 Dale Larson, [email protected] wrote:
Regarding adding a sabnzbd.yml task...
The docker image at:
https://hub.docker.com/r/linuxserver/sabnzbd
appears to have broken documentation.
If you follow the Github link provided in the Docker Hub page and look at the Dockerfile, it doesn't look like the documentation states.
https://github.com/linuxserver/docker-sabnzbd/blob/master/Dockerfile
Specifically the incomplete downloads and final downloads volumes are not exported contrary to the documentation. So all the data ends up under /mnt/Volume2/docker/sabnzbd. In addition the https support appears to be ignored even though the ports are exposed.
My dilemma is that I could switch to sabnzbd/sabnzbd's image:
https://hub.docker.com/r/sabnzbd/sabnzbd
which is simpler.
Or, I could ignore the hub's documentation and implement based on what I see in the Dockerfile in the Github repository for the linuxserver/sabnzbd Docker image.
Any preferences?
-Dale
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/davestephens/ansible-nas/issues/225?email_source=notifications&email_token=AAFDGMETTZRFJQ2H5Z2KWNDRAMUBPA5CNFSM4KLYROV2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKMH6TY#issuecomment-580419407, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFDGMCFJDUBFF65CTTQFRLRAMUBPANCNFSM4KLYROVQ .
I think I'm understanding what you're saying correctly?
Yes you are. I wasn't aware of that. Then what is the purpose of the VOLUME section?
I didn't know that Docker can map out any area of the container's file system without a VOLUME spec. Poking around some I see that you're correct.
The container isn't behaving like they were mapped on my test setup since the other directories were empty while sabnzbd was downloading data. When I looked in the /mnt/Volume2/docker/sabnzbd all the working and result files were there.
Anyway... I can make believe it's working properly and do a PR of the commit if that's ok. Then, we can move the discussion out of here as a minimum.
-Dale
Re: the samba user enhancement, alternatively to the larger ask here, a simple password protection example for samba shares would probably be appreciated by a lot of folks.
