Script to install Samba with settings for FOG
-
Just in case you’re interested: https://github.com/cspenceiv/fog-imager
I have been building a simplified set of imaging scripts. They’ll be fairly similar to what is in use now, but hopefully much easier to read and understand. I’m attempting to get away from a lot of things we currently do.
As of right now, I only have the upload script functional (on an experimental basis). That upload script does not support xfs and jfs (and others that aren’t supported officially by FOG yet). Additionally, it only does multi-disk, multi-partition creates for everything on a system.
Resizability is something I’ll look at later once the basics are taken care of here.
Right now, my test platform is a Arch live disk I built specifically for this testing (that way I’m not testing the buildroot image at the same time). Of course, this is also why I don’t have xfs and jfs support right now (big whoop for this testing).
…and of course, I’m just using samba shares.
-
@cspence Very nice work. Have you seen any performance hits during your testing?
-
@Wayne-Workman said:
@cspence Very nice work. Have you seen any performance hits during your testing?
At this point, it’s all about building a working prototype with VMs. But my other testing didn’t show any slow down using samba. Then again, I’m just using plain SATA drives.
-
This doesn’t rely on an internet connection to return the default external IP.
default_info=$(ip route list | awk '/^default/ {print $5}') default_info=$(ip -o -f inet addr show $default_info | awk '{print $4}' | cut -f1 -d"/") echo $default_info
-
Topic moved to Tutorials simply because of the Samba setup script in the OP.
-
This gets the IP of eth0 and sticks it into a variable.
eth0IP="$(ip addr show | grep eth0 | grep -o "inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*" | grep -o "[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*")"
-
I had to update the script.
The ftp password is now surrounded by single quotes instead of double quotes. Fixed the extraction for that. Also I fixed a typo for ‘share modes’ and I also fixed some warnings by moving the security and passdb backend parameters to global instead of sectional.I also added some output at the bottom of the script that tells you the username and password used.
Here’s the code:
# Last Modified: # 10-15-2015 # # Author: Wayne Guy Workman # Feel free to share, just give credit. :-) # # Install samba and samba client. # yum install -y samba samba-client # # Move the old samba configuration file. # mv /etc/samba/smb.conf /etc/samba/smb.conf.old # # Make a new config file, then fill it with settings. # touch /etc/samba/smb.conf #beware, below line overwrites anything in /etc/samba/smb.conf echo '#' > /etc/samba/smb.conf #below lines append to the end of /etc/samba/smb.conf echo '#This file was generated by an automated installation script' >> /etc/samba/smb.conf echo '#for FOG 1.3.0 and higher to share the default /images directory.' >> /etc/samba/smb.conf echo '#Original Author: Wayne Workman' >> /etc/samba/smb.conf echo '#' >> /etc/samba/smb.conf echo 'security = user' >> /etc/samba/smb.conf echo 'passdb backend = tdbsam' >> /etc/samba/smb.conf echo '[images]' >> /etc/samba/smb.conf echo 'path = /images' >> /etc/samba/smb.conf echo 'read only = no' >> /etc/samba/smb.conf echo 'unix charset = utf-8' >> /etc/samba/smb.conf echo 'dos charset = cp932' >> /etc/samba/smb.conf # # # The bleow bit extracts the out-facing IP. Only works if there is one interface. # This is for extra security, prevents an IP not from your network getting in, even if they know the username / password. # # the last part determines the number of octects set for "hosts allow". -f 1-1 is one, -f 1-2 is two, -f 1-3 is three # ServerIP="$( ip route get 8.8.8.8 | awk 'NR==1 {print $NF}' | cut -d '.' -f 1-2 )" # # echo '# The below line defines what IP ranges are allowed. They are space delemeted.' >> /etc/samba/smb.conf echo '# For instance, if you wanted local loopback address, the 10.0.0. range,' >> /etc/samba/smb.conf echo '# and the 192.168.1 range, and a specifc public IP of 50.50.50.50,' >> /etc/samba/smb.conf echo '# It would be this:' >> /etc/samba/smb.conf echo '# hosts allow = 127.0.0.1 10.0.0. 192.168.1. 50.50.50.50' >> /etc/samba/smb.conf echo "hosts allow = "$ServerIP"." >> /etc/samba/smb.conf # # Continue with building the smb.conf file... # echo 'create mode = 0777' >> /etc/samba/smb.conf echo 'directory mode = 0777' >> /etc/samba/smb.conf echo 'share modes = yes' >> /etc/samba/smb.conf echo 'writable = yes' >> /etc/samba/smb.conf # # Below gets the ftp user & pass from /opt/fot/.fogsettings and "assumes" it matches the local linux user # Credit for trying? # user="$(grep 'storageftpuser=' /opt/fog/.fogsettings | awk -F'"' '{$0=$2}1')" pass="$(grep 'storageftppass=' /opt/fog/.fogsettings | cut -d \' -f2 )" # # Set the samba user with the credentials. # (echo "$pass"; echo "$pass") | smbpasswd -s -a $user systemctl enable smb.service systemctl restart smb.service echo " " echo _______________________________ echo "You might want to note the below info." echo "Your SMB Username is: " $user echo "Your SMB Password is: " $pass echo "If you want to make custom changes to shares," echo "The config file is /etc/samba/smb.conf" echo _______________________________
-
I’ve turned this script into a project on SourceForge: https://sourceforge.net/p/samba-for-fog/svn/HEAD/tree/
-
svn checkout svn://svn.code.sf.net/p/samba-for-fog/svn/ samba-for-fog-svn cd samba-for-fog-svn ./installsamba.sh
-
Well… if you really want to protect your images, you’d also need to secure the access to the imaging process… It’s true that if /images requires auth, it makes it harder for someone to leak your images, however you’d need to make sure your attacker can’t just fake the MAC of a to-be-imaged computer and just retrieve your fog image with the credentials…
I’d say using samba/cifs is a bit overkill, especially if you don’t have proper security on layer2… But I see the point
-
@Gilou Setting up Samba started as a test for imaging through Samba.
But now, it’s mostly just for easy backup and transfer using Windows. Ultimately the Samba solution can be used by people however they see fit.