main.yml 2.89 KB
Newer Older
Hinrikus Wolf's avatar
Hinrikus Wolf committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
---
# file: roles/ad-server/tasks/main.yml

- import_tasks: kerberos.yml

- name: ensure ad-server is installed
  apt: name=samba state=latest
  tags: 
    - packages
    - ad-server

    #- name: ensure winbind is for some reasons installed
    #  apt: name=winbind state=latest
    #  tags: 
    #    - packages
    #    - ad-server

- name: figure out if domain is provisioned
  stat: path=/var/lib/samba/sysvol/{{ domain }}
  register: domain_provisioned
  tags: 
    - ad-server
    - domain-provision


- block:
  - name: ensure smb.conf is absent for provision
    file: path=/etc/samba/smb.conf state=absent
    tags: 
      - ad-server
      - domain-provision
  
  - name: ensure pexpect is installed
    apt: name=python-pexpect state=installed
    tags: 
      - ad-server
      - domain-provision
    when: debian_version == "stretch"
  
  - name: ensure domain is provisioned
    expect:
      shell: samba-tool domain join "{{ domain }}" DC -U"{{ domain }}/Administrator" --dns-backend=NONE --option='idmap_ldb:use rfc2307=yes' 2> /root/provision.log
      responses:
        "Password for.*": "{{ lookup('passwordstore', 'samba-admin') }}"
    no_log: True
    tags: 
      - ad-server
      - domain-provision

  - name: ensure the idmap library is exported
    shell: tdbbackup -s .bak /var/lib/samba/private/idmap.ldb
    delegate_to: "{{ ad_primary }}"
    tags: 
      - ad-server
      - domain-provision
      #  when: domain_provisioned.stat.exists == False
  
  - name: ensure the idmap library is copied to secondary
    synchronize: 
      src: /var/lib/samba/private/idmap.ldb.bak
      dest: /var/lib/samba/private/idmap.ldb
    delegate_to: "{{ ad_primary }}"
    tags: 
      - ad-server
      - domain-provision
  
  when: domain_provisioned.stat.exists == False


#- name: ensure the id library is rted to secondary
#  shell: samba-tool ntacl sysvolreset
#  tags: 
#    - ad-server
#    - domain-provision
#    #when: domain_provisioned.stat.exists == False

- name: ensure smb.conf is correct
  template: src=smb.conf.j2 dest=/etc/samba/smb.conf owner=root group=root mode=0644
  notify: restart samba-ad-dc server
  tags: 
    - ad-server
    - config

- name: ensure smbd is stopped and disabled
  service: name=smbd state=stopped enabled=no
  tags: 
    - ad-server
    - service

- name: ensure nmbd is stopped and disabled
  service: name=nmbd state=stopped enabled=no
  tags: 
    - ad-server
    - service

- name: ensure samba-ad-dc unit is running, enabled and not masked
  systemd: name=samba-ad-dc masked=no 
  tags: 
    - ad-server
    - service

- name: ensure samba-ad-dc is running and enabled
  service: name=samba-ad-dc state=running enabled=yes
  tags: 
    - ad-server
    - service

108
109
110
111
112
- name: ensure we have a replication cronjob for sysvol
  template: src=templates/replication-cron dest=/etc/cron.d/samba-replication-cron
  delegate_to: "{{ ad_primary }}"
  tags:
    - ad-server
Hinrikus Wolf's avatar
Hinrikus Wolf committed
113
114

- meta: flush_handlers