From bf4c17dbb6820d78536c6589a30911aea07c0161 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= <xavi@verdnatura.es>
Date: Mon, 13 Jan 2025 14:43:59 +0100
Subject: [PATCH] Refs #8142: Samba Server Deploy - Add default values,
 domain_join block, and display AD values

---
 roles/services/defaults/main.yaml |   1 +
 roles/services/tasks/adsamba.yml  | 122 ++++++++++++++----------------
 2 files changed, 59 insertions(+), 64 deletions(-)

diff --git a/roles/services/defaults/main.yaml b/roles/services/defaults/main.yaml
index 262279c..efbbcdd 100644
--- a/roles/services/defaults/main.yaml
+++ b/roles/services/defaults/main.yaml
@@ -1,3 +1,4 @@
+realm: "{{domain}}.{{resolv_domain}}"
 samba_client_services:  
   - smbd 
   - nmbd 
diff --git a/roles/services/tasks/adsamba.yml b/roles/services/tasks/adsamba.yml
index fcb2419..7852165 100644
--- a/roles/services/tasks/adsamba.yml
+++ b/roles/services/tasks/adsamba.yml
@@ -32,18 +32,6 @@
         (metadata_tdb.stat.exists and metadata_tdb.stat.size > 0)
       }}
 
-- name: Fail if domain already exists and show message
-  fail:
-    msg: >-
-      The domain already exists on this machine. 
-      Detected packages: 
-      - samba-ad-provision: {{ 'samba-ad-provision' in ansible_facts.packages }}.
-      - samba-ad-dc: {{ 'samba-ad-dc' in ansible_facts.packages }}.
-      Metadata file exists: {{ metadata_tdb.stat.exists }}.
-      Metadata file size: {{ metadata_tdb.stat.size }}.
-      We can not continue.
-  when: domain_exists
-
 # If we want to go 4.21
 #- name: Add Debian backports repository
 #  apt_repository:
@@ -54,58 +42,64 @@
 #  apt:
 #    update_cache: yes
 
-- name: Install adSamba packages
-  package:
-    name: "{{ dcsamba_base_packages }}"
-    # default_release: bookworm-backports # If we want to go 4.21
-    state: latest
+- when: "not domain_exists"
+  block:
+  - name: Install adSamba packages
+    package:
+      name: "{{ dcsamba_base_packages }}"
+      # default_release: bookworm-backports # If we want to go 4.21
+      state: latest
+  
+  - name: Add adsamba host to hosts file
+    blockinfile:
+      path: /etc/hosts
+      marker: "# {mark} ANSIBLE-MANAGED SAMBA DC ENTRY"
+      block: |
+        {{ ip_serverad1 }} {{ name_ip_serverad1}}.{{ domain }}.{{ resolv_domain }} {{ realm }}
+  
+  - name: Force remove smb.conf file
+    file:
+      path: /etc/samba/smb.conf
+      state: absent
+      force: yes
+  
+  - name: Disable Samba client services and mask them
+    systemd:
+      name: "{{ item }}"
+      state: stopped
+      enabled: no
+      masked: yes
+    loop: "{{ samba_client_services }}"
+  
+  - name: Join domain 
+    command:
+      cmd: samba-tool domain provision --realm="{{ realm }}" --domain="{{ domain }}" --dns-backend=SAMBA_INTERNAL --server-role=dc --use-rfc2307
+    register: domain_join
 
-- name: Add adsamba host to hosts file
-  blockinfile:
-    path: /etc/hosts
-    marker: "# {mark} ANSIBLE-MANAGED SAMBA DC ENTRY"
-    block: |
-      {{ dc1 }} dc1-ad.{{ domain 
-      }}.{{ resolv_domain }} {{ realm }}
+  - name: Show the domain join output with Administrator password
+    debug:
+      msg: "{{ domain_join.stderr_lines[-6:] }}"
 
-- name: Force remove smb.conf file
-  file:
-    path: /etc/samba/smb.conf
-    state: absent
-    force: yes
+  - name: Copy Kerberos configuration
+    copy:
+      src: /var/lib/samba/private/krb5.conf
+      dest: /etc/krb5.conf
+      remote_src: true
+      owner: root
+      group: root
+      mode: '0644'
+    when: domain_join.changed
 
-- name: Disable Samba client services and mask them
-  systemd:
-    name: "{{ item }}"
-    state: stopped
-    enabled: no
-    masked: yes
-  loop: "{{ samba_client_services }}"
-
-- name: Join domain 
-  command:
-    cmd: samba-tool domain provision --realm="{{ realm }}" --domain="{{ domain }}" --dns-backend=SAMBA_INTERNAL --server-role=dc --use-rfc2307
-  register: domain_join
-
-- name: Copy Kerberos configuration
-  copy:
-    src: /var/lib/samba/private/krb5.conf
-    dest: /etc/krb5.conf
-    remote_src: true
-    owner: root
-    group: root
-    mode: '0644'
-  when: domain_join.changed
-
-- name: Enable and start Samba AD DC service
-  systemd:
-    name: samba-ad-dc
-    state: started
-    enabled: yes
-  when: domain_join.changed
-
-# Hay que crear un registro tipo A con el FQDN es decir el GLUE RECORD en tu DNS
-# Luego hay que crear la delegación # update add activedirectory.verdnatura.es. 86400 NS dc1-ad.activedirectory.verdnatura.es.
-# Bloque de inizialización del dominio
-# Revisar la condicion de domain_join
-# Cuidado con la copia de KRB5, revisar si lo hace ya el samba-tool.
+  - name: Enable and start Samba AD DC service
+    systemd:
+      name: samba-ad-dc
+      state: started
+      enabled: yes
+    when: domain_join.changed
+  
+  # Hay que crear un registro tipo A con el FQDN es decir el GLUE RECORD en tu DNS
+  # Luego hay que crear la delegación # update add activedirectory.verdnatura.es. 86400 NS dc1-ad.activedirectory.verdnatura.es.
+  # Bloque de inizialización del dominio ## Hecho
+  # Revisar la condicion de domain_join ## Hecho.
+  # Cuidado con la copia de KRB5, revisar si lo hace ya el samba-tool. ## Hecho.
+  
\ No newline at end of file