Refs #8142: Samba Server Deploy - Add default values, domain_join block, and display AD values

2025-01-13 14:43:59 +01:00 · 2025-01-13 14:43:59 +01:00 · bf4c17dbb6
parent 46ba4a2b11
commit bf4c17dbb6
2 changed files with 59 additions and 64 deletions
--- a/roles/services/defaults/main.yaml
+++ b/roles/services/defaults/main.yaml
@ -1,3 +1,4 @@
 realm: "{{domain}}.{{resolv_domain}}"
 samba_client_services:  
  - smbd 
  - nmbd 
--- a/roles/services/tasks/adsamba.yml
+++ b/roles/services/tasks/adsamba.yml
@ -32,18 +32,6 @@
        (metadata_tdb.stat.exists and metadata_tdb.stat.size > 0)
      }}
 - name: Fail if domain already exists and show message
  fail:
    msg: >-
      The domain already exists on this machine. 
      Detected packages: 
      - samba-ad-provision: {{ 'samba-ad-provision' in ansible_facts.packages }}.
      - samba-ad-dc: {{ 'samba-ad-dc' in ansible_facts.packages }}.
      Metadata file exists: {{ metadata_tdb.stat.exists }}.
      Metadata file size: {{ metadata_tdb.stat.size }}.
      We can not continue.
  when: domain_exists
 # If we want to go 4.21
 #- name: Add Debian backports repository
 #  apt_repository:
@ -54,58 +42,64 @@
 #  apt:
 #    update_cache: yes
- name: Install adSamba packages
+- when: "not domain_exists"
-  package:
+  block:
-    name: "{{ dcsamba_base_packages }}"
+  - name: Install adSamba packages
-    # default_release: bookworm-backports # If we want to go 4.21
+    package:
-    state: latest
+      name: "{{ dcsamba_base_packages }}"
      # default_release: bookworm-backports # If we want to go 4.21
      state: latest
- name: Add adsamba host to hosts file
+  - name: Add adsamba host to hosts file
-  blockinfile:
+    blockinfile:
-    path: /etc/hosts
+      path: /etc/hosts
-    marker: "# {mark} ANSIBLE-MANAGED SAMBA DC ENTRY"
+      marker: "# {mark} ANSIBLE-MANAGED SAMBA DC ENTRY"
-    block: |
+      block: |
-      {{ dc1 }} dc1-ad.{{ domain 
+        {{ ip_serverad1 }} {{ name_ip_serverad1}}.{{ domain }}.{{ resolv_domain }} {{ realm }}
      }}.{{ resolv_domain }} {{ realm }}
- name: Force remove smb.conf file
+  - name: Force remove smb.conf file
-  file:
+    file:
-    path: /etc/samba/smb.conf
+      path: /etc/samba/smb.conf
-    state: absent
+      state: absent
-    force: yes
+      force: yes
- name: Disable Samba client services and mask them
+  - name: Disable Samba client services and mask them
-  systemd:
+    systemd:
-    name: "{{ item }}"
+      name: "{{ item }}"
-    state: stopped
+      state: stopped
-    enabled: no
+      enabled: no
-    masked: yes
+      masked: yes
-  loop: "{{ samba_client_services }}"
+    loop: "{{ samba_client_services }}"
- name: Join domain 
+  - name: Join domain 
-  command:
+    command:
-    cmd: samba-tool domain provision --realm="{{ realm }}" --domain="{{ domain }}" --dns-backend=SAMBA_INTERNAL --server-role=dc --use-rfc2307
+      cmd: samba-tool domain provision --realm="{{ realm }}" --domain="{{ domain }}" --dns-backend=SAMBA_INTERNAL --server-role=dc --use-rfc2307
-  register: domain_join
+    register: domain_join
- name: Copy Kerberos configuration
+  - name: Show the domain join output with Administrator password
-  copy:
+    debug:
-    src: /var/lib/samba/private/krb5.conf
+      msg: "{{ domain_join.stderr_lines[-6:] }}"
    dest: /etc/krb5.conf
    remote_src: true
    owner: root
    group: root
    mode: '0644'
  when: domain_join.changed
- name: Enable and start Samba AD DC service
+  - name: Copy Kerberos configuration
-  systemd:
+    copy:
-    name: samba-ad-dc
+      src: /var/lib/samba/private/krb5.conf
-    state: started
+      dest: /etc/krb5.conf
-    enabled: yes
+      remote_src: true
-  when: domain_join.changed
+      owner: root
      group: root
      mode: '0644'
    when: domain_join.changed
  - name: Enable and start Samba AD DC service
    systemd:
      name: samba-ad-dc
      state: started
      enabled: yes
    when: domain_join.changed
  # Hay que crear un registro tipo A con el FQDN es decir el GLUE RECORD en tu DNS
  # Luego hay que crear la delegación # update add activedirectory.verdnatura.es. 86400 NS dc1-ad.activedirectory.verdnatura.es.
  # Bloque de inizialización del dominio ## Hecho
  # Revisar la condicion de domain_join ## Hecho.
  # Cuidado con la copia de KRB5, revisar si lo hace ya el samba-tool. ## Hecho.
 # Hay que crear un registro tipo A con el FQDN es decir el GLUE RECORD en tu DNS
 # Luego hay que crear la delegación # update add activedirectory.verdnatura.es. 86400 NS dc1-ad.activedirectory.verdnatura.es.
 # Bloque de inizialización del dominio
 # Revisar la condicion de domain_join
 # Cuidado con la copia de KRB5, revisar si lo hace ya el samba-tool.