refs #8142: - Second domain final tasks

roles/services/tasks/adsamba.yml

@@ -17,13 +17,13 @@
 #
 # If we want to go 4.21
 # - name: Add Debian backports repository
-#  apt_repository:
-#    repo: "deb http://deb.debian.org/debian {{ ansible_distribution_release | lower }}-backports main"
-#    state: present
-
+#   apt_repository:
+#     repo: "deb http://deb.debian.org/debian {{ ansible_distribution_release | lower }}-backports main"
+#     state: present
+#
 # - name: Update apt cache
-#  apt:
-#    update_cache: yes
+#   apt:
+#     update_cache: yes
 
 - name: Install adSamba packages
   package:
@@ -36,7 +36,7 @@
     path: /etc/hosts
     marker: "# {mark} ANSIBLE-MANAGED SAMBA DC ENTRY"
     block: |
-      {{ ip_serverad | default(ansible_default_ipv4.address) }}  {{ ansible_facts['hostname'] }}.{{ domain }}.{{ resolv_domain }} {{ realm }}
+      {{ ip_serverad | default(ansible_default_ipv4.address) }}  {{ ansible_facts['hostname'] }}.{{ domain }}.{{ host_domain }} {{ realm }}
 
 - name: Check if metadata.tdb exists
   stat:
@@ -63,47 +63,18 @@
       debug:
         msg: "{{ domain_join.stderr_lines[-6:] }}"
     
+  - when: main_ad is false
+    block:
+
     - name: Extracting variables
       no_log: true
       set_fact:
-        passwords: "{{ lookup(passbolt, key_name, folder_parent_id=passbolt_folder).password }}"
-    
-    - name:
-      debug:
-        msg: "{{ key_name }} {{ passwords }} {{ key_algorithm }} {{ main_dns_server }} {{ resolv_domain }} {{ ttl }} {{ name_ad }}.{{ realm }}. {{ ip_serverad }}"
+        passwad_admin_password: "{{ lookup(passbolt, ad_admin_password_name, folder_parent_id=passbolt_folder).password }}"
 
-    - name: Add A record to DNS
-      nsupdate:
-        key_name: '{{ key_name }}'
-        key_secret: '{{ passwords }}'
-        key_algorithm: '{{ key_algorithm }}'
-        server: "{{ main_dns_server }}"
-        zone: '{{ resolv_domain }}'
-        ttl: '{{ ttl }}'
-        type: 'A'
-        record: '{{ name_ad }}.{{ realm }}.'
-        value: '{{ ip_serverad }}'
-        state: present
-    
-    - name: Add NS record to DNS
-      nsupdate:
-        key_name: '{{ key_name }}'
-        key_secret: '{{ passwords }}'
-        key_algorithm: '{{ key_algorithm }}'
-        server: '{{ main_dns_server }}'
-        zone: '{{ resolv_domain }}'
-        ttl: '{{ ttl }}'
-        type: 'NS'
-        record: '{{ realm }}.'
-        value: '{{ name_ad }}.{{ realm }}.'
-        state: present
-    
-  - when: main_ad is false
-    block:
     - name: Join domain
-      shell: samba-tool domain join "activedirectory.lab.verdnatura.es" DC -U"ACTIVEDIRECTORY\administrator"
+      shell: samba-tool domain join "{{ realm }}" DC -U"{{ domain | upper }}\administrator"
       environment:
-        PASSWD: aWZ::bpl))6&r)iHd,7-8NH&-M
+        PASSWD: "{{ passwad_admin_password }}"
 
   - name: Copy Kerberos configuration
     copy:
@@ -127,3 +98,34 @@
     enabled: no
     masked: yes
   loop: "{{ samba_client_services }}"
+
+- name: Extracting variables
+  no_log: true
+  set_fact:
+    passwords: "{{ lookup(passbolt, key_name, folder_parent_id=passbolt_folder).password }}"
+    
+- name: Add A record to DNS
+  nsupdate:
+    key_name: '{{ key_name }}'
+    key_secret: '{{ passwords }}'
+    key_algorithm: '{{ key_algorithm }}'
+    server: "{{ main_dns_server }}"
+    zone: '{{ host_domain }}'
+    ttl: '{{ ttl }}'
+    type: 'A'
+    record: '{{ inventory_hostname_short }}.{{ realm }}.'
+    value: '{{ ip_serverad }}'
+    state: present
+
+- name: Add NS record to DNS
+  nsupdate:
+    key_name: '{{ key_name }}'
+    key_secret: '{{ passwords }}'
+    key_algorithm: '{{ key_algorithm }}'
+    server: '{{ main_dns_server }}'
+    zone: '{{ host_domain }}'
+    ttl: '{{ ttl }}'
+    type: 'NS'
+    record: '{{ realm }}.'
+    value: '{{ inventory_hostname_short }}.{{ realm }}.'
+    state: present