For a project I'm working on, I needed to make one of my Ansible playbooks grab an archived file off a Windows share using smbclient
.
There are a few concerns when doing something like this:
- There are a few required dependencies that need to be installed and configured.
- Unless you have a really insecure windows share, you need a username and password to access the share—and you should never put credentials into any kind of plaintext file!
- Many Windows-based environments also need the appropriate workgroup set in Samba's configuration file.
I'll dive right in and show you how to set up samba and grab a file from a share in an Ansible playbook:
---
- hosts: all
# See note below.
vars_prompt:
- name: smb_username
prompt: "Enter samba share username"
- name: smb_password
prompt: "Enter samba share password"
private: yes
tasks:
- name: Ensure Samba-related packages are installed.
yum: pkg={{ item }} state=installed
environment: proxy_env
with_items:
- samba
- samba-client
- samba-common
- cifs-utils
# See note below.
- name: Copy in Samba configuration.
template: src=templates/etc/samba/smb.conf dest=/etc/samba/smb.conf owner=root group=root mode=0644
- name: Copy archive from samba_share.
command:
smbclient //hostname/samba_share/ {{ smb_password }} -U {{ smb_username }} -c "recurse;lcd /local/path;get archive.zip"
creates=/local/path/archive.zip
Note 1: We use vars_prompt
to ask the user for a network username and password. Instead of storing these values in a playbook or vars file, we ask for them. If you want to use some sort of environment variable, you could do that as well, but I don't like permanently storing credentials in any retrievable format, and there's no simple way to store encrypted passwords and use them in this situation you can now use Ansible's Vault to store encrypted data!
Note 2: For the smb.conf file, you should grab the default smb.conf that was created when Samba was installed, and modify it to your needs; in my case, I was also adding a local share, and changing the workgroup
to my local domain. You could use Ansible's lineinfile
if you just need to modify a few lines in this file, but I had to do more extensive modifications, and it was easier to just use template
and copy the file to the server.