Refs #8142: Samba Server Deploy - Role WIP - Initial approach

2024-12-20 13:29:56 +01:00 · 2024-12-20 13:29:56 +01:00 · 208e6d2a54
parent 7d4843d8d0
commit 208e6d2a54
4 changed files with 84 additions and 0 deletions
--- a/playbooks/delete.yml
+++ b/playbooks/delete.yml
@ -0,0 +1,24 @@
+- name: List all disks
+  hosts: all
+  tasks:
+    - name: Get info disk information 2
+      shell: blkid | grep LABEL | awk {'print $2'}
+      register: blkid
+    
+    - name: Print valid labels
+      debug:
+        var: blkid
+
+    - name: Parsear stdout_lines para buscar etiquetas específicas
+      set_fact:
+        found_labels: >-
+          {{
+            blkid.stdout_lines
+            | map('regex_search', 'LABEL="(?P<label>[^"]+)"')
+            | select('defined')
+            | list
+          }}
+
+    - name: Print valid labels
+      debug:
+        var: found_labels
--- a/roles/services/defaults/main.yaml
+++ b/roles/services/defaults/main.yaml
@ -1,3 +1,12 @@
+samba_client_services:  
+  - smbd 
+  - nmbd 
+  - winbind
+dcsamba_base_packages:
+  - samba
+  - krb5-user
+  - winbind
+  - acl
 mariadb_base_packages:
  - mariadb-server
  - mariadb-backup
--- a/roles/services/tasks/adsamba.yml
+++ b/roles/services/tasks/adsamba.yml
@ -0,0 +1,49 @@
+- name: Install adSamba packages
+  package:
+    name: "{{ dcsamba_base_packages }}"
+    state: present
+    install_recommends: no
+
+- name: Add adsamba host to hosts file
+  blockinfile:
+    path: /etc/hosts
+    marker: "# {mark} ANSIBLE-MANAGED SAMBA DC ENTRY"
+    block: |
+      "{{ dc1 }}" dc1.samba."{{ resolv_domain }}"
+
+- name: Disable Samba client services and mask them
+  systemd:
+    name: "{{ item }}"
+    state: stopped
+    enabled: no
+    masked: yes
+  loop: "{{ samba_client_services }}"
+
+- name: Check if server is already joined to domain
+  command:
+    cmd: samba-tool domain info localhost
+  register: domain_info
+  failed_when: domain_info.rc != 0 and 'Cannot contact' not in domain_info.stderr
+  changed_when: false
+
+- name: Join domain as DC if not already joined
+  command:
+    cmd: samba-tool domain join samba."{{ resolv_domain }}" DC -U"SAMBA\\administrator" --option='idmap_ldb:use rfc2307 = yes'
+  when: "'Cannot contact' in domain_info.stderr"
+  register: domain_join
+  changed_when: "'Joined domain' in domain_join.stdout"
+
+- name: Copy Kerberos configuration
+  copy:
+    src: krb5.conf
+    dest: /etc/krb5.conf
+    remote_src: true
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Enable and start Samba AD DC service
+  systemd:
+    name: samba-ad-dc
+    state: started
+    enabled: yes
--- a/roles/services/tasks/main.yml
+++ b/roles/services/tasks/main.yml
@ -2,3 +2,5 @@
  tags: timeserver
 - import_tasks: mariadb.yml
  tags: mariadb
+- import_tasks: adsamba.yml
+  tags: adsamba