From 0484ea38f15e27bb38cc57aaa58186028f2615d9 Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Mon, 21 Sep 2020 10:21:48 -0400
Subject: [PATCH] Samba role standardized/modularized, for runrole etc

---
 roles/nginx/README.md                   |  5 +-
 roles/samba/tasks/enable-or-disable.yml | 19 ++++++
 roles/samba/tasks/install.yml           | 41 ++++++++++++
 roles/samba/tasks/main.yml              | 83 ++++++-------------------
 4 files changed, 83 insertions(+), 65 deletions(-)
 create mode 100644 roles/samba/tasks/enable-or-disable.yml
 create mode 100644 roles/samba/tasks/install.yml

diff --git a/roles/nginx/README.md b/roles/nginx/README.md
index 381397476..471414938 100644
--- a/roles/nginx/README.md
+++ b/roles/nginx/README.md
@@ -10,7 +10,7 @@
 
 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX.
 
-3. Current state of IIAB App/Service migrations as of 2020-09-12:
+3. Current state of IIAB App/Service migrations as of 2020-09-21:
 
    1. These support "Native" NGINX but ***NOT*** Apache
       * Admin Console
@@ -47,6 +47,7 @@
       * openvpn
       * pbx [*, requires Apache for now, as in Section iii.]
       * phpmyadmin [*, requires Apache for now, as in Section iii.]
+      * samba
       * transmission [*]
 
-[*] The 6 above starred roles could use improvement, as of 2020-09-12.
+[*] The 6 above starred roles could use improvement, as of 2020-09-21.
diff --git a/roles/samba/tasks/enable-or-disable.yml b/roles/samba/tasks/enable-or-disable.yml
new file mode 100644
index 000000000..607142bde
--- /dev/null
+++ b/roles/samba/tasks/enable-or-disable.yml
@@ -0,0 +1,19 @@
+- name: Enable & Start Samba service ({{ smb_service }}) and NetBIOS name service ({{ nmb_service }}) if samba_enabled
+  systemd:
+    name: "{{ item }}"
+    state: started
+    enabled: yes
+  when: samba_enabled | bool
+  with_items:
+    - "{{ smb_service }}"
+    - "{{ nmb_service }}"
+
+- name: Disable & Stop Samba service ({{ smb_service }}) and NetBIOS name service ({{ nmb_service }}) if not samba_enabled
+  systemd:
+    name: "{{ item }}"
+    state: stopped
+    enabled: no
+  when: not samba_enabled
+  with_items:
+    - "{{ smb_service }}"
+    - "{{ nmb_service }}"
diff --git a/roles/samba/tasks/install.yml b/roles/samba/tasks/install.yml
new file mode 100644
index 000000000..7af2d645a
--- /dev/null
+++ b/roles/samba/tasks/install.yml
@@ -0,0 +1,41 @@
+- name: "Create smb user: {{ smbuser }}"
+  user:
+    name: "{{ smbuser }}"
+    shell: /sbin/nologin
+    password: "{{ smbpassword }}"
+
+- name: "Create public folder: {{ shared_dir }}"
+  file:
+    path: "{{ shared_dir }}"
+    owner: "{{ smbuser }}"
+    group: "{{ smbuser }}"
+    mode: '0777'
+    state: directory
+
+# Install and configure samba server (requires ports 137, 138, 139, 445 open).
+- name: "Install 4 packages: samba, samba-client, samba-common, cifs-client"
+  package:
+    name:
+      - samba
+      - samba-client
+      - samba-common
+      - cifs-utils
+    state: present
+
+- name: Install /etc/samba/smb.conf from template
+  template:
+    src: smb.conf.j2
+    dest: /etc/samba/smb.conf
+
+
+# RECORD Samba AS INSTALLED
+
+- name: "Set 'samba_installed: True'"
+  set_fact:
+    samba_installed: True
+
+- name: "Add 'samba_installed: True' to {{ iiab_state_file }}"
+  lineinfile:
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    regexp: '^samba_installed'
+    line: 'samba_installed: True'
diff --git a/roles/samba/tasks/main.yml b/roles/samba/tasks/main.yml
index 613db11e2..d43fb7366 100755
--- a/roles/samba/tasks/main.yml
+++ b/roles/samba/tasks/main.yml
@@ -1,73 +1,30 @@
-- name: "Create smb user: {{ smbuser }}"
-  user:
-    name: "{{ smbuser }}"
-    shell: /sbin/nologin
-    password: "{{ smbpassword }}"
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
 
-- name: "Create public folder: {{ shared_dir }}"
-  file:
-    path: "{{ shared_dir }}"
-    owner: "{{ smbuser }}"
-    group: "{{ smbuser }}"
-    mode: '0777'
-    state: directory
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
 
-# Install and configure samba server (requires ports 137, 138, 139, 445 open).
-- name: "Install 4 packages: samba, samba-client, samba-common, cifs-client"
-  package:
-    name:
-      - samba
-      - samba-client
-      - samba-common
-      - cifs-utils
-    state: present
+- name: Assert that "samba_install is sameas true" (boolean not string etc)
+  assert:
+    that: samba_install is sameas true
+    fail_msg: "PLEASE SET 'samba_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
 
-- name: Install /etc/samba/smb.conf from template
-  template:
-    src: smb.conf.j2
-    dest: /etc/samba/smb.conf
+- name: Assert that "samba_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: samba_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'samba_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
 
 
-# RECORD Samba AS INSTALLED
-
-- name: "Set 'samba_installed: True'"
-  set_fact:
-    samba_installed: True
-
-- name: "Add 'samba_installed: True' to {{ iiab_state_file }}"
-  lineinfile:
-    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
-    regexp: '^samba_installed'
-    line: 'samba_installed: True'
+- name: Install Samba if 'samba_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+  include_tasks: install.yml
+  when: samba_installed is undefined
 
 
-- name: Enable & Start Samba systemd service ({{ smb_service }}) if samba_enabled
-  service:
-    name: "{{ smb_service }}"
-    state: started
-    enabled: yes
-  when: samba_enabled | bool
-
-- name: Enable & Start NetBIOS name service ({{ nmb_service }}) if samba_enabled
-  service:
-    name: "{{ nmb_service }}"
-    state: started
-    enabled: yes
-  when: samba_enabled | bool
-
-- name: Disable & Stop Samba systemd service ({{ smb_service }}) if not samba_enabled
-  systemd:
-    name: "{{ smb_service }}"
-    state: stopped
-    enabled: no
-  when: not samba_enabled
-
-- name: Disable & Stop NetBIOS name service ({{ nmb_service }}) if not samba_enabled
-  systemd:
-    name: "{{ nmb_service }}"
-    state: stopped
-    enabled: no
-  when: not samba_enabled
+- include_tasks: enable-or-disable.yml
 
 
 - name: Add 'samba' variable values to {{ iiab_ini_file }}