main.yml 2.16 KB
Newer Older
Hinrikus Wolf's avatar
Hinrikus Wolf committed
1
2
3
4
5
6
7
8
9
10
---
# file: roles/ad-server/tasks/main.yml

- name: ensure ad-server is installed
  apt: name=samba state=latest
  tags: 
    - packages
    - ad-server

- name: ensure winbind is for some reasons installed
11
  apt: name=winbind state=latest
Hinrikus Wolf's avatar
Hinrikus Wolf committed
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
  tags: 
    - packages
    - ad-server

- name: figure out if domain is provisioned
  stat: path=/var/lib/samba/sysvol/{{ domain }}
  register: domain_provisioned
  tags: 
    - ad-server
    - domain-provision


- name: ensure smb.conf is absent for provision
  file: path=/etc/samba/smb.conf state=absent
  when: domain_provisioned.stat.exists == False
  tags: 
    - ad-server
    - domain-provision

- name: get admin password for SAMBA
  local_action: pass name="samba-admin" state=present generate=20 store=FSMPI_PASSWORD_STORE_DIR limit=yes
  register: adminpass
  when: domain_provisioned.stat.exists == False
Lars Beckers's avatar
Lars Beckers committed
35
  no_log: True
Hinrikus Wolf's avatar
Hinrikus Wolf committed
36
37
38
39
40
41
42
43
  tags:
    - ad-server
    - domain-provision
    - password

# provision smb-domain. passwords will be selected at random and safed to /root/smb-provision.log)

- name: ensure domain is provisioned
44
  shell: samba-tool domain provision --use-rfc2307 --domain={{ smb_domain }} --server-role=dc --host-name={{ ansible_hostname }} --realm={{ REALM }} --dns-backend=NONE --adminpass={{ adminpass.password }}  2> /root/smb-provision.log
Hinrikus Wolf's avatar
Hinrikus Wolf committed
45
  when: domain_provisioned.stat.exists == False
Lars Beckers's avatar
Lars Beckers committed
46
  no_log: True
Hinrikus Wolf's avatar
Hinrikus Wolf committed
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
  tags: 
    - ad-server
    - domain-provision

- name: ensure smb.conf is correct
  template: src=smb.conf.j2 dest=/etc/samba/smb.conf owner=root group=root mode=0644
  notify: restart samba-ad-dc server
  tags: 
    - ad-server
    - config

- name: ensure smbd is stopped and disabled
  service: name=smbd state=stopped enabled=no
  tags: 
    - ad-server
    - service

- name: ensure nmbd is stopped and disabled
  service: name=nmbd state=stopped enabled=no
  tags: 
    - ad-server
    - service

70
71
72
73
74
- name: ensure samba-ad-dc unit is running, enabled and not masked
  systemd: name=samba-ad-dc masked=no state=running enabled=yes
  tags: 
    - ad-server
    - service
Hinrikus Wolf's avatar
Hinrikus Wolf committed
75
76
77
78
79
80
81
82

- name: ensure samba-ad-dc is running and enabled
  service: name=samba-ad-dc state=running enabled=yes
  tags: 
    - ad-server
    - service

- meta: flush_handlers