How to deploy windows shares with Ansible

admin | August 5, 2022

• This will role will setup a network share on windows

• It will also update the user permission on the folder

• You can also adjust the folder missions

How to use this role:

1.You must first download the git repository into your roles directory usually ansible/role/

a.git clone git@github.com:Perfect10NickTailor/ansible-windows-shares.git

2.Now you want edit the hosts.client file name file or create it if it doesn’t exist under your “ansible/inventory/dev:staging:prod” directory. This is a good way to separate environments with ansible, inside each environment you should have a hosts.file like indicated below.

Example file: hosts.dev, hosts.staging, hosts.prod

b.Put your server under the appropriate group inside the file and save

devops.nicktailor.win ansible_host=192.168.90.10

Note: If there is no group simply list the server outside grouping, the –limit flag will pick it

up.

3.Now inside this directory you should see hosts & host_vars, group_vars

Descriptions:

c.Hosts. – is where you will list your servers under specific groups which tell the playbook (what the server is, if it the server should have a specific task run on it, and how to find it)

d.Host_vars – Inside this directory is where you list the server by name which is you will list under hosts. Inside these files you pass variable parameters to the specific roles when running your playbook. Without these the playbook cant do the tasks you want it to.

e.Group_vars – Are how a way to group variables for sets of servers and this keeps code cleaners and easier to manage.

Operational Use:

4.Move inside host_var

f.cd host_var

g.create a file called {{ servername }} and save it for us its devops.nicktailor.win

5.Now inside this directory you should see hosts & host_vars, group_vars

Descriptions:

h.Hosts. – is where you will list your servers under specific groups which tell the playbook (what the server is, if it the server should have a specific task run on it, and how to find it)

i.Host_vars – Inside this directory is where you list the server by name which is you will list under hosts. Inside these files you pass variable parameters to the specific roles when running your playbook. Without these the playbook cant do the tasks you want it to.

j.Group_vars – Are how a way to group variables for sets of servers and this keeps code cleaners and easier to manage.

Operational Use:

6.Move inside host_var

k.cd host_var

l.create a file called {{ servername }} and save it for us its devops.nicktailor.win

Okay now here is where VSC is handy. You want to connect your visual studio code to the management server under your user. I have provided a link which shows you how to setup your keys and get VSC working with it.

Note: You don’t have to use VSC you can use good old nano or vim, but it’s a pain. Up to you.

Running your playbook:

1.You must run your play book from inside parent directory always “ansible”

2.Now there is a playbook called nickcreateshare.yml in the ansible directory which simply calls the ansible-role-win-iis role inside the roles directory.

Example: of ansible/ nickcreateshare.yml

– hosts: all

gather_facts: yes

any_errors_fatal: true

roles:

– role: ansible-windows-share

Command:

ansible-playbook –i inventory/dev/hosts nickcreateshare.yml ––limit=’devops.nicktailor.win‘

• -i : This flag tells ansibe-playbook command which hosts file to use, these are always defined by environment like hosts.dev or hosts.staging

• -u : this is the ssh_user you will be connecting to the servers with

• -Kkb : this tells ansible that you will be using sudo su – for the ssh_user when running all role/tasks

• -ask-beocme : is saying become root

• -limit=’server’ : this allows you to segement which server you want to run the playbook against.

Successful example run of the book:

[BruceWayne@batcave.ansible ~]$ ansible-playbook –i inventory/hosts nickcreateshare.yml –limit=‘devops.nicktailor.win

PLAY [all] ***************************************************************************************************************************************************************************

TASK [Gathering Facts] ***************************************************************************************************************************************************************

ok: [‘devops.nicktailor.win]

TASK [create-windows-share : Create share path] **************************************************************************************************************************************

changed: [‘devops.nicktailor.win] => (item={‘share_name‘: ‘test3’, ‘description_share‘: ‘default share for testing’, ‘share_path‘: ‘C:\\inetpub\\wwwroot3′, ‘change’: ‘ansibleuser‘, ‘list’: True, ‘allowed_users‘: ‘ansibleuser‘, ‘user_permissions‘: ‘ansibleuser‘})

TASK [create-windows-share : debug] **************************************************************************************************************************************************

ok: [‘devops.nicktailor.win] => {

“path”: {

“changed”: true,

“msg“: “All items completed”,

“results”: [

{

“ansible_loop_var“: “item”,

“changed”: true,

“failed”: false,

“item”: {

“allowed_users“: “ansibleuser“,

“change”: “ansibleuser“,

“description_share“: “default share for testing”,

“list”: true,

“share_name“: “test3”,

“share_path“: “C:\\inetpub\\wwwroot3″,

“user_permissions“: “ansibleuser“

}

]

}

TASK [create-windows-share : Add public company share] *******************************************************************************************************************************

TASK [create-windows-share : debug] **************************************************************************************************************************************************

ok: [‘devops.nicktailor.win] => {

“share”: {

“changed”: true,

“msg“: “All items completed”,

“results”: [

{

“actions”: [

“New-SmbShare -Name test3 -Path C:\\inetpub\\wwwroot3″,

“Set-SmbShare -Force -Name test3 -Description default share for testing”,

“Revoke-SmbShareAccess -Force -Name test3 –AccountName Everyone”,

“Grant-SmbShareAccess -Force -Name test3 –AccountName DEVOPS01\\ansibleuser –AccessRight Full”

“ansible_loop_var“: “item”,

“changed”: true,

“failed”: false,

“item”: {

“allowed_users“: “ansibleuser“,

“change”: “ansibleuser“,

“description_share“: “default share for testing”,

“list”: true,

“share_name“: “test3”,

“share_path“: “C:\\inetpub\\wwwroot3″,

“user_permissions“: “ansibleuser“

}

]

}

TASK [create-windows-share : Give full control on share folder] **********************************************************************************************************************

TASK [create-windows-share : debug] **************************************************************************************************************************************************

ok: [‘devops.nicktailor.win] => {

“permission”: {

“changed”: true,

“msg“: “All items completed”,

“results”: [

{

“ansible_loop_var“: “item”,

“changed”: true,

“failed”: false,

“item”: {

“allowed_users“: “ansibleuser“,

“change”: “ansibleuser“,

“description_share“: “default share for testing”,

“list”: true,

“share_name“: “test3”,

“share_path“: “C:\\inetpub\\wwwroot3″,

“user_permissions“: “ansibleuser“

}

]

}

PLAY RECAP ***************************************************************************************************************************************************************************

‘devops.nicktailor.win : ok=7 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0