refs #8142: Split tasks using the new main_ad variable

This commit is contained in:
Xavi Lleó 2025-01-16 16:11:25 +01:00
parent 0283612eb4
commit e460ddba6b
1 changed files with 50 additions and 51 deletions

View File

@ -38,21 +38,12 @@
block: |
{{ ip_serverad | default(ansible_default_ipv4.address) }} {{ ansible_facts['hostname'] }}.{{ domain }}.{{ resolv_domain }} {{ realm }}
- name: Check if metadata.tdb exists and is not empty
- name: Check if metadata.tdb exists
stat:
path: /var/lib/samba/private/sam.ldb.d/metadata.tdb
register: metadata_tdb
- name: Register domain existence
set_fact:
domain_exists: >-
{{
('samba-ad-provision' in ansible_facts.packages or
'samba-ad-dc' in ansible_facts.packages) and
(metadata_tdb.stat.exists and metadata_tdb.stat.size > 0)
}}
- when: "not domain_exists"
- when: metadata_tdb.stat.exists is false
block:
- name: Force remove smb.conf file
@ -61,14 +52,55 @@
state: absent
force: yes
- name: Join domain
command:
cmd: samba-tool domain provision --realm="{{ realm }}" --domain="{{ domain }}" --dns-backend=SAMBA_INTERNAL --server-role=dc --use-rfc2307
register: domain_join
- when: main_ad is true
block:
- name: Provision domain
command:
cmd: samba-tool domain provision --realm="{{ realm }}" --domain="{{ domain }}" --dns-backend=SAMBA_INTERNAL --server-role=dc --use-rfc2307
register: domain_join
- name: Show the domain join output with Administrator password
debug:
msg: "{{ domain_join.stderr_lines[-6:] }}"
- name: Extracting variables
no_log: true
set_fact:
passwords: "{{ lookup(passbolt, key_name, folder_parent_id=passbolt_folder).password }}"
- name: Show the domain join output with Administrator password
debug:
msg: "{{ domain_join.stderr_lines[-6:] }}"
- name: Add A record to DNS
nsupdate:
key_name: '{{ key_name }}'
key_secret: '{{ passwords }}'
key_algorithm: '{{ key_algorithm }}'
server: "{{ main_dns_server }}"
zone: '{{ resolv_domain }}'
ttl: '{{ ttl }}'
type: 'A'
record: '{{ name_ad }}.{{ realm }}.'
value: '{{ ip_serverad }}'
state: present
- name: Add NS record to DNS
nsupdate:
key_name: '{{ key_name }}'
key_secret: '{{ passwords }}'
key_algorithm: '{{ key_algorithm }}'
server: '{{ main_dns_server }}'
zone: '{{ resolv_domain }}'
ttl: '{{ ttl }}'
type: 'NS'
record: '{{ realm }}.'
value: '{{ name_ad }}.{{ realm }}.'
state: present
- when: main_ad is false
block:
- name: Join domain
debug:
msg:
- "metadata_tdb: {{ metadata_tdb }}"
- "main_ad: {{ main_ad }}"
- name: Copy Kerberos configuration
copy:
@ -78,45 +110,12 @@
owner: root
group: root
mode: '0644'
when: domain_join.changed
- name: Enable and start Samba AD DC service
systemd:
name: samba-ad-dc
state: started
enabled: yes
when: domain_join.changed
- name: Extracting variables
no_log: true
set_fact:
passwords: "{{ lookup(passbolt, key_name, folder_parent_id=passbolt_folder).password }}"
- name: Add A record to DNS
nsupdate:
key_name: '{{ key_name }}'
key_secret: '{{ passwords }}'
key_algorithm: '{{ key_algorithm }}'
server: "{{ main_dns_server }}"
zone: '{{ resolv_domain }}'
ttl: '{{ ttl }}'
type: 'A'
record: '{{ name_ad }}.{{ realm }}.'
value: '{{ ip_serverad }}'
state: present
- name: Add NS record to DNS
nsupdate:
key_name: '{{ key_name }}'
key_secret: '{{ passwords }}'
key_algorithm: '{{ key_algorithm }}'
server: '{{ main_dns_server }}'
zone: '{{ resolv_domain }}'
ttl: '{{ ttl }}'
type: 'NS'
record: '{{ realm }}.'
value: '{{ name_ad }}.{{ realm }}.'
state: present
- name: Disable Samba client services and mask them
systemd: