main.yml 2.33 KB
Newer Older
Hinrikus Wolf's avatar
Hinrikus Wolf committed
1
2
3
4
5
6
7
8
9
10
---
# file: roles/ad-server/tasks/main.yml

- name: ensure ad-server is installed
  apt: name=samba state=latest
  tags: 
    - packages
    - ad-server

- name: ensure winbind is for some reasons installed
11
  apt: name=winbind state=latest
Hinrikus Wolf's avatar
Hinrikus Wolf committed
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
  tags: 
    - packages
    - ad-server

- name: figure out if domain is provisioned
  stat: path=/var/lib/samba/sysvol/{{ domain }}
  register: domain_provisioned
  tags: 
    - ad-server
    - domain-provision


- name: ensure smb.conf is absent for provision
  file: path=/etc/samba/smb.conf state=absent
  when: domain_provisioned.stat.exists == False
  tags: 
    - ad-server
    - domain-provision

- name: get admin password for SAMBA
  local_action: pass name="samba-admin" state=present generate=20 store=FSMPI_PASSWORD_STORE_DIR limit=yes
  register: adminpass
  when: domain_provisioned.stat.exists == False
  tags:
    - ad-server
    - domain-provision
    - password


# provision smb-domain. passwords will be selected at random and safed to /root/smb-provision.log)
# TODO: Evaluate if internal DNS-backend is powerful enough for usecase otherwise bind9 is needed

- name: ensure domain is provisioned
45
  shell: samba-tool domain provision --use-rfc2307 --domain={{ smb_domain }} --server-role=dc --host-name={{ ansible_hostname }} --realm={{ REALM }} --dns-backend=NONE --adminpass={{ adminpass.password }}  2> /root/smb-provision.log
Hinrikus Wolf's avatar
Hinrikus Wolf committed
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
  when: domain_provisioned.stat.exists == False
  tags: 
    - ad-server
    - domain-provision

- name: ensure smb.conf is correct
  template: src=smb.conf.j2 dest=/etc/samba/smb.conf owner=root group=root mode=0644
  notify: restart samba-ad-dc server
  tags: 
    - ad-server
    - config

- name: ensure smbd is stopped and disabled
  service: name=smbd state=stopped enabled=no
  tags: 
    - ad-server
    - service

- name: ensure nmbd is stopped and disabled
  service: name=nmbd state=stopped enabled=no
  tags: 
    - ad-server
    - service

#- name: ensure samba-ad-dc unit is running, enabled and not masked
# systemd: name=samba-ad-dc masked=no state=running enabled=yes
- debug:
    msg: "Ensure samba-ad-dc unit is not masked.  This functionality will come in ansible 2.2, you should refactor this role"  

- name: ensure samba-ad-dc is running and enabled
  service: name=samba-ad-dc state=running enabled=yes
  tags: 
    - ad-server
    - service


- meta: flush_handlers