diff --git a/roles/services/tasks/adsamba.yml b/roles/services/tasks/adsamba.yml index a48dbe2..34b6b92 100644 --- a/roles/services/tasks/adsamba.yml +++ b/roles/services/tasks/adsamba.yml @@ -38,21 +38,12 @@ block: | {{ ip_serverad | default(ansible_default_ipv4.address) }} {{ ansible_facts['hostname'] }}.{{ domain }}.{{ resolv_domain }} {{ realm }} -- name: Check if metadata.tdb exists and is not empty +- name: Check if metadata.tdb exists stat: path: /var/lib/samba/private/sam.ldb.d/metadata.tdb register: metadata_tdb -- name: Register domain existence - set_fact: - domain_exists: >- - {{ - ('samba-ad-provision' in ansible_facts.packages or - 'samba-ad-dc' in ansible_facts.packages) and - (metadata_tdb.stat.exists and metadata_tdb.stat.size > 0) - }} - -- when: "not domain_exists" +- when: metadata_tdb.stat.exists is false block: - name: Force remove smb.conf file @@ -61,14 +52,55 @@ state: absent force: yes - - name: Join domain - command: - cmd: samba-tool domain provision --realm="{{ realm }}" --domain="{{ domain }}" --dns-backend=SAMBA_INTERNAL --server-role=dc --use-rfc2307 - register: domain_join + - when: main_ad is true + block: + - name: Provision domain + command: + cmd: samba-tool domain provision --realm="{{ realm }}" --domain="{{ domain }}" --dns-backend=SAMBA_INTERNAL --server-role=dc --use-rfc2307 + register: domain_join + + - name: Show the domain join output with Administrator password + debug: + msg: "{{ domain_join.stderr_lines[-6:] }}" + + - name: Extracting variables + no_log: true + set_fact: + passwords: "{{ lookup(passbolt, key_name, folder_parent_id=passbolt_folder).password }}" - - name: Show the domain join output with Administrator password - debug: - msg: "{{ domain_join.stderr_lines[-6:] }}" + - name: Add A record to DNS + nsupdate: + key_name: '{{ key_name }}' + key_secret: '{{ passwords }}' + key_algorithm: '{{ key_algorithm }}' + server: "{{ main_dns_server }}" + zone: '{{ resolv_domain }}' + ttl: '{{ ttl }}' + type: 'A' + record: '{{ name_ad }}.{{ realm }}.' + value: '{{ ip_serverad }}' + state: present + + - name: Add NS record to DNS + nsupdate: + key_name: '{{ key_name }}' + key_secret: '{{ passwords }}' + key_algorithm: '{{ key_algorithm }}' + server: '{{ main_dns_server }}' + zone: '{{ resolv_domain }}' + ttl: '{{ ttl }}' + type: 'NS' + record: '{{ realm }}.' + value: '{{ name_ad }}.{{ realm }}.' + state: present + + - when: main_ad is false + block: + - name: Join domain + debug: + msg: + - "metadata_tdb: {{ metadata_tdb }}" + - "main_ad: {{ main_ad }}" - name: Copy Kerberos configuration copy: @@ -78,45 +110,12 @@ owner: root group: root mode: '0644' - when: domain_join.changed - name: Enable and start Samba AD DC service systemd: name: samba-ad-dc state: started enabled: yes - when: domain_join.changed - - - name: Extracting variables - no_log: true - set_fact: - passwords: "{{ lookup(passbolt, key_name, folder_parent_id=passbolt_folder).password }}" - - - name: Add A record to DNS - nsupdate: - key_name: '{{ key_name }}' - key_secret: '{{ passwords }}' - key_algorithm: '{{ key_algorithm }}' - server: "{{ main_dns_server }}" - zone: '{{ resolv_domain }}' - ttl: '{{ ttl }}' - type: 'A' - record: '{{ name_ad }}.{{ realm }}.' - value: '{{ ip_serverad }}' - state: present - - - name: Add NS record to DNS - nsupdate: - key_name: '{{ key_name }}' - key_secret: '{{ passwords }}' - key_algorithm: '{{ key_algorithm }}' - server: '{{ main_dns_server }}' - zone: '{{ resolv_domain }}' - ttl: '{{ ttl }}' - type: 'NS' - record: '{{ realm }}.' - value: '{{ name_ad }}.{{ realm }}.' - state: present - name: Disable Samba client services and mask them systemd: