#!@BASH_SHELL@ # # OCF Resource Agent for create samba config snippets. # # # # Copyright (c) 2021 B1 Systems GmbH # Author: # Tobias D. Oestreicher # All Rights Reserved. # # This program is free software; you can redistribute it and/or modify # it under the terms of version 2 of the GNU General Public License as # published by the Free Software Foundation. # # This program is distributed in the hope that it would be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # # Further, this software is distributed without any warranty that it is # free of the rightful claim of any third person regarding infringement # or the like. Any license provided herein, whether implied or # otherwise, applies only to this software file. Patent licenses, if # any, provided herein do not apply to combinations of this program with # other software, or any other product whatsoever. # # You should have received a copy of the GNU General Public License # along with this program; if not, write the Free Software Foundation, # Inc., 59 Temple Place - Suite 330, Boston MA 02111-1307, USA. # # # # OCF parameters are as below: # OCF_RESKEY_outfile # OCF_RESKEY_includesfile # OCF_RESKEY_confd # OCF_RESKEY_share # OCF_RESKEY_path # OCF_RESKEY_hosts_allow # OCF_RESKEY_browseable # OCF_RESKEY_writeable # OCF_RESKEY_read_only # OCF_RESKEY_guest_ok # OCF_RESKEY_directory_mask # OCF_RESKEY_create_mask # OCF_RESKEY_printable # OCF_RESKEY_valid_users # OCF_RESKEY_force_user # OCF_RESKEY_force_group # OCF_RESKEY_extraopt # OCF_RESKEY_extraopt_list # ####################################################################### ####################################################################### # # Purpose: # -------- # This RA is used to control samba shares on the fly. # For adding and removing samba shares no restart of the samba daemon # is needed. This is the equivalent of the exportfs RA which is used # for nfs shares. # # How to use: # ----------- # For this RA to work as expected you need a cloned samba daemon which # have to be startet before. # After this RA manages config snippets placed in the filesystem and # after a fence of that node these snippets will still located there # you will have to use a tmpfs mount for this. # Also you need a basic smb.conf file in which all global parameters an # permanent shares should be placed. # Within this smb.conf also you must put a line in the global section # like this: # # include = /etc/samba/conf.d/pacemaker-includes.conf # # The filename can be changed by setting the parameter "includesfile". # Every share created by this RA will create a new file located in: # # /etc/samba/conf.d/ # # This directory also can be changed by setting the RA parameter "confd". # ####################################################################### # Initialization: : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs # Defaults OCF_RESKEY_outfile_default="" OCF_RESKEY_includesfile_default="/etc/samba/conf.d/pacemaker-includes.conf" OCF_RESKEY_confd_default="/etc/samba/conf.d" OCF_RESKEY_share_default="" OCF_RESKEY_path_default="" OCF_RESKEY_hosts_allow_default="" OCF_RESKEY_browseable_default="" OCF_RESKEY_writeable_default="" OCF_RESKEY_read_only_default="" OCF_RESKEY_guest_ok_default="" OCF_RESKEY_directory_mask_default="" OCF_RESKEY_create_mask_default="" OCF_RESKEY_printable_default="" OCF_RESKEY_valid_users_default="" OCF_RESKEY_force_user_default="" OCF_RESKEY_force_group_default="" OCF_RESKEY_extraopt_default="" OCF_RESKEY_extraopt_list_default="" : ${OCF_RESKEY_outfile=${OCF_RESKEY_outfile_default}} : ${OCF_RESKEY_includesfile=${OCF_RESKEY_includesfile_default}} : ${OCF_RESKEY_confd=${OCF_RESKEY_confd_default}} : ${OCF_RESKEY_share=${OCF_RESKEY_share_default}} : ${OCF_RESKEY_path=${OCF_RESKEY_path_default}} : ${OCF_RESKEY_hosts_allow=${OCF_RESKEY_hosts_allow_default}} : ${OCF_RESKEY_browseable=${OCF_RESKEY_browseable_default}} : ${OCF_RESKEY_writeable=${OCF_RESKEY_writeable_default}} : ${OCF_RESKEY_read_only=${OCF_RESKEY_read_only_default}} : ${OCF_RESKEY_guest_ok=${OCF_RESKEY_guest_ok_default}} : ${OCF_RESKEY_directory_mask=${OCF_RESKEY_directory_mask_default}} : ${OCF_RESKEY_create_mask=${OCF_RESKEY_create_mask_default}} : ${OCF_RESKEY_printable=${OCF_RESKEY_printable_default}} : ${OCF_RESKEY_valid_users=${OCF_RESKEY_valid_users_default}} : ${OCF_RESKEY_force_user=${OCF_RESKEY_force_user_default}} : ${OCF_RESKEY_force_group=${OCF_RESKEY_force_group_default}} : ${OCF_RESKEY_extraopt=${OCF_RESKEY_extraopt_default}} : ${OCF_RESKEY_extraopt_list=${OCF_RESKEY_extraopt_list_default}} ####################################################################### ####################################################################### meta_data() { cat < 1.0 This RA is used to control samba shares on the fly. For adding and removing samba shares no restart of the samba daemon is needed. This is the equivalent of the exportfs RA which is used for nfs shares. For this RA to work as expected you need a cloned samba daemon which have to be startet before. After this RA manages config snippets placed in the filesystem and after a fence of that node these snippets will still located there you will have to use a tmpfs mount for this. Also you need a basic smb.conf file in which all global parameters an permanent shares should be placed. Within this smb.conf also you must put a line in the global section like this: include = /etc/samba/conf.d/pacemaker-includes.conf The filename can be changed by setting the parameter includesfile. Every share created by this RA will create a new file located in: /etc/samba/conf.d/ This directory also can be changed by setting the RA parameter confd. Manages samba shares on the fly Set the name of a windows share which should be added to Samba example name "myshare" resulting in [myshare]. sharename Set the path to share for cifs clients. example path "/srv/data/myshare". path to share This parameter is a comma, space, or tab delimited set of hosts which are permitted to access a service. hosts allow parameter This controls whether this share is seen in the list of available shares in a net view and in the browse list. browseable parameter Inverted synonym for read only. writeable parameter This option can be used to turn the writing backends tdb, tdb2, and ldap into read only mode. This can be useful e.g. in cases where a pre-filled database exists that should not be extended automatically. read only parameter If this parameter is yes for a service, then no password is required to connect to the service. Privileges will be those of the guest account. guest ok parameter This parameter is the octal modes which are used when converting DOS modes to UNIX modes when creating UNIX directories. directory mask parameter When a file is created, the necessary permissions are calculated according to the mapping from DOS modes to UNIX permissions, and the resulting UNIX mode is then bit-wise ANDed with this parameter. This parameter may be thought of as a bit-wise MASK for the UNIX modes of a file. create mask parameter If this parameter is yes, then clients may open, write to and submit spool files on the directory specified for the service. printable parameter This is a list of users that should be allowed to login to this service. Names starting with @, + and & are interpreted using the same rules as described in the invalid users parameter. valid users parameter This specifies a UNIX user name that will be assigned as the default user for all users connecting to this service. This is useful for sharing files. force user parameter This specifies a UNIX group name that will be assigned as the default primary group for all users connecting to this service. This is useful for sharing files by ensuring that all access to files on service will use the named group for their permissions checking. force group parameter This option can be used to define an additional key = value pair. In this parameter also a semicolon could be placed. Need to set e.g somthinspecial = value additional key value pair This option can be used to define multiple additional key = value pairs. Define the list of element semicolon separated. e.g somethingspecial = value;one more = value2 additional key value pairs as semicolon separated list Set the path and filename where the snipped should be written. example "/etc/samba/conf.d/myshare.inc". outputfile Set the path where the includes will be written. This folder have to be a tmpfs mount This defaults to "/etc/samba/conf.d". confd directory Set the path and filename in which the include should be placed. example includesfile "/etc/samba/conf.d/pacemaker-includes.conf". This option manages the include= parameter within this file includesfile for smb.conf END exit $OCF_SUCCESS } smb_share_addinclude() { if [ ! -e ${OCF_RESKEY_includesfile} ];then echo '[global]' > ${OCF_RESKEY_includesfile} fi if [ $(grep -c "include = $OCF_RESKEY_outfile" ${OCF_RESKEY_includesfile}) -eq 0 ];then echo "include = $OCF_RESKEY_outfile" >> ${OCF_RESKEY_includesfile} fi } smb_share_delinclude() { ESCAPED=$(echo $OCF_RESKEY_outfile|sed 's,/,\\/,g') sed -i /include.=.$ESCAPED/d ${OCF_RESKEY_includesfile} } smb_share_create() { echo "[${OCF_RESKEY_share}]" > $OCF_RESKEY_outfile if [ ! -z "$OCF_RESKEY_path" ];then echo " path = $OCF_RESKEY_path" >> $OCF_RESKEY_outfile; fi if [ ! -z "$OCF_RESKEY_hosts_allow" ];then echo " hosts allow = $OCF_RESKEY_hosts_allow" >> $OCF_RESKEY_outfile; fi if [ ! -z "$OCF_RESKEY_browseable" ];then echo " browseable = $OCF_RESKEY_browseable" >> $OCF_RESKEY_outfile; fi if [ ! -z "$OCF_RESKEY_writeable" ];then echo " writeable = $OCF_RESKEY_writeable" >> $OCF_RESKEY_outfile; fi if [ ! -z "$OCF_RESKEY_read_only" ];then echo " read only = $OCF_RESKEY_read_only" >> $OCF_RESKEY_outfile; fi if [ ! -z "$OCF_RESKEY_guest_ok" ];then echo " guest ok = $OCF_RESKEY_guest_ok" >> $OCF_RESKEY_outfile; fi if [ ! -z "$OCF_RESKEY_directory_mask" ];then echo " directory mask = $OCF_RESKEY_directory_mask" >> $OCF_RESKEY_outfile; fi if [ ! -z "$OCF_RESKEY_create_mask" ];then echo " create mask = $OCF_RESKEY_create_mask" >> $OCF_RESKEY_outfile; fi if [ ! -z "$OCF_RESKEY_printable" ];then echo " printable = $OCF_RESKEY_printable" >> $OCF_RESKEY_outfile; fi if [ ! -z "$OCF_RESKEY_valid_users" ];then echo " valid users = $OCF_RESKEY_valid_users" >> $OCF_RESKEY_outfile; fi if [ ! -z "$OCF_RESKEY_force_user" ];then echo " force user = $OCF_RESKEY_force_user" >> $OCF_RESKEY_outfile; fi if [ ! -z "$OCF_RESKEY_force_group" ];then echo " force group = $OCF_RESKEY_force_group" >> $OCF_RESKEY_outfile; fi if [ ! -z "$OCF_RESKEY_extraopt" ];then echo " $OCF_RESKEY_extraopt" >> $OCF_RESKEY_outfile; fi if [ ! -z "$OCF_RESKEY_extraopt_list" ];then IFS=';' read -r -a array <<< "$OCF_RESKEY_extraopt_list" for i in "${array[@]}";do echo " $i" >> $OCF_RESKEY_outfile; done fi smb_share_addinclude } smb_share_delete() { if [ -e $OCF_RESKEY_outfile ];then rm -f $OCF_RESKEY_outfile 2>/dev/null smb_share_delinclude exit $OCF_SUCCESS fi } smb_share_reloadconfig() { smbcontrol smbd reload-config 2>/dev/null if [ $? -eq 0 ];then exit $OCF_SUCCESS else ocf_log err "Seems you have an error in your samba configuration" exit $OCF_ERR_CONFIGURED fi } smb_share_checktmpmount() { ISMOUNT=$(grep $OCF_RESKEY_confd /proc/mounts|grep -c tmpfs) if [ $ISMOUNT -eq 0 ];then ocf_log err "The directoy /etc/samba/conf.d need to be a tmpfs mount" exit $OCF_ERR_CONFIGURED fi } ###################################################################### smb_share_usage() { cat < /dev/null 2>&1 smb_share_delete smb_share_reloadconfig } smb_share_monitor() { RES=$(smbcontrol smbd ping > /dev/null 2>&1) if [ $? -eq 0 ];then if [ $(testparm -s 2>/dev/null| egrep -c \\[$OCF_RESKEY_share\\]) -eq 1 ];then return $OCF_SUCCESS else return $OCF_NOT_RUNNING fi else return $OCF_NOT_RUNNING fi } smb_share_state() { smb_share_checktmpmount RES=$(smbcontrol smbd ping > /dev/null 2>&1) if [ $? -eq 0 ];then if [ $(testparm -s 2>/dev/null| egrep -c \\[$OCF_RESKEY_share\\]) -eq 1 ];then ocf_log info "Samba share $OCF_RESKEY_share is active" return $OCF_SUCCESS else ocf_log info "Samba share $OCF_RESKEY_share is not active" return $OCF_NOT_RUNNING fi else ocf_log info "Samba share $OCF_RESKEY_share is not active" return $OCF_NOT_RUNNING fi } smb_share_validate() { return $OCF_SUCCESS } case $__OCF_ACTION in meta-data) meta_data ;; usage|help) smb_share_usage ;; esac case $__OCF_ACTION in start) smb_share_start ;; stop) smb_share_stop ;; status) smb_share_state ;; monitor) smb_share_monitor ;; validate-all) smb_share_validate ;; *) smb_share_usage exit $OCF_ERR_UNIMPLEMENTED ;; esac exit $? # vi:sw=4:ts=8: