diff --git a/roles/services/tasks/adsamba.yml b/roles/services/tasks/adsamba.yml index 30aff38..187e6dc 100644 --- a/roles/services/tasks/adsamba.yml +++ b/roles/services/tasks/adsamba.yml @@ -17,13 +17,13 @@ # # If we want to go 4.21 # - name: Add Debian backports repository -# apt_repository: -# repo: "deb http://deb.debian.org/debian {{ ansible_distribution_release | lower }}-backports main" -# state: present - +# apt_repository: +# repo: "deb http://deb.debian.org/debian {{ ansible_distribution_release | lower }}-backports main" +# state: present +# # - name: Update apt cache -# apt: -# update_cache: yes +# apt: +# update_cache: yes - name: Install adSamba packages package: @@ -36,7 +36,7 @@ path: /etc/hosts marker: "# {mark} ANSIBLE-MANAGED SAMBA DC ENTRY" block: | - {{ ip_serverad | default(ansible_default_ipv4.address) }} {{ ansible_facts['hostname'] }}.{{ domain }}.{{ resolv_domain }} {{ realm }} + {{ ip_serverad | default(ansible_default_ipv4.address) }} {{ ansible_facts['hostname'] }}.{{ domain }}.{{ host_domain }} {{ realm }} - name: Check if metadata.tdb exists stat: @@ -63,47 +63,18 @@ debug: msg: "{{ domain_join.stderr_lines[-6:] }}" + - when: main_ad is false + block: + - name: Extracting variables no_log: true set_fact: - passwords: "{{ lookup(passbolt, key_name, folder_parent_id=passbolt_folder).password }}" - - - name: - debug: - msg: "{{ key_name }} {{ passwords }} {{ key_algorithm }} {{ main_dns_server }} {{ resolv_domain }} {{ ttl }} {{ name_ad }}.{{ realm }}. {{ ip_serverad }}" + passwad_admin_password: "{{ lookup(passbolt, ad_admin_password_name, folder_parent_id=passbolt_folder).password }}" - - name: Add A record to DNS - nsupdate: - key_name: '{{ key_name }}' - key_secret: '{{ passwords }}' - key_algorithm: '{{ key_algorithm }}' - server: "{{ main_dns_server }}" - zone: '{{ resolv_domain }}' - ttl: '{{ ttl }}' - type: 'A' - record: '{{ name_ad }}.{{ realm }}.' - value: '{{ ip_serverad }}' - state: present - - - name: Add NS record to DNS - nsupdate: - key_name: '{{ key_name }}' - key_secret: '{{ passwords }}' - key_algorithm: '{{ key_algorithm }}' - server: '{{ main_dns_server }}' - zone: '{{ resolv_domain }}' - ttl: '{{ ttl }}' - type: 'NS' - record: '{{ realm }}.' - value: '{{ name_ad }}.{{ realm }}.' - state: present - - - when: main_ad is false - block: - name: Join domain - shell: samba-tool domain join "activedirectory.lab.verdnatura.es" DC -U"ACTIVEDIRECTORY\administrator" + shell: samba-tool domain join "{{ realm }}" DC -U"{{ domain | upper }}\administrator" environment: - PASSWD: aWZ::bpl))6&r)iHd,7-8NH&-M + PASSWD: "{{ passwad_admin_password }}" - name: Copy Kerberos configuration copy: @@ -127,3 +98,34 @@ enabled: no masked: yes loop: "{{ samba_client_services }}" + +- name: Extracting variables + no_log: true + set_fact: + passwords: "{{ lookup(passbolt, key_name, folder_parent_id=passbolt_folder).password }}" + +- name: Add A record to DNS + nsupdate: + key_name: '{{ key_name }}' + key_secret: '{{ passwords }}' + key_algorithm: '{{ key_algorithm }}' + server: "{{ main_dns_server }}" + zone: '{{ host_domain }}' + ttl: '{{ ttl }}' + type: 'A' + record: '{{ inventory_hostname_short }}.{{ realm }}.' + value: '{{ ip_serverad }}' + state: present + +- name: Add NS record to DNS + nsupdate: + key_name: '{{ key_name }}' + key_secret: '{{ passwords }}' + key_algorithm: '{{ key_algorithm }}' + server: '{{ main_dns_server }}' + zone: '{{ host_domain }}' + ttl: '{{ ttl }}' + type: 'NS' + record: '{{ realm }}.' + value: '{{ inventory_hostname_short }}.{{ realm }}.' + state: present