Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
infra
ansible-shared
samba
Commits
2f6ece5e
Commit
2f6ece5e
authored
May 13, 2017
by
Hinrikus Wolf
Browse files
add ad-server to ansible
parent
4afd54d5
Changes
3
Hide whitespace changes
Inline
Side-by-side
ad-server/handlers/main.yml
0 → 100644
View file @
2f6ece5e
---
# file: roles/ad-auth/handlers/main.yml
-
name
:
restart samba-ad-dc server
service
:
name=samba-ad-dc state=restarted
ad-server/tasks/main.yml
0 → 100644
View file @
2f6ece5e
---
# file: roles/ad-server/tasks/main.yml
-
name
:
ensure ad-server is installed
apt
:
name=samba state=latest
tags
:
-
packages
-
ad-server
-
name
:
ensure winbind is for some reasons installed
apt
:
name=samba state=latest
tags
:
-
packages
-
ad-server
-
name
:
figure out if domain is provisioned
stat
:
path=/var/lib/samba/sysvol/{{ domain }}
register
:
domain_provisioned
tags
:
-
ad-server
-
domain-provision
-
name
:
ensure smb.conf is absent for provision
file
:
path=/etc/samba/smb.conf state=absent
when
:
domain_provisioned.stat.exists == False
tags
:
-
ad-server
-
domain-provision
-
name
:
get admin password for SAMBA
local_action
:
pass name="samba-admin" state=present generate=20 store=FSMPI_PASSWORD_STORE_DIR limit=yes
register
:
adminpass
when
:
domain_provisioned.stat.exists == False
tags
:
-
ad-server
-
domain-provision
-
password
# provision smb-domain. passwords will be selected at random and safed to /root/smb-provision.log)
# TODO: Evaluate if internal DNS-backend is powerful enough for usecase otherwise bind9 is needed
-
name
:
ensure domain is provisioned
shell
:
samba-tool domain provision --use-rfc2307 --domain={{ smb_domain }} --server-role=dc --host-name={{ ansible_hostname }} --realm={{ REALM }} --dns-backend=SAMBA_INTERNAL --adminpass={{ adminpass.password }} 2> /root/smb-provision.log
when
:
domain_provisioned.stat.exists == False
tags
:
-
ad-server
-
domain-provision
-
name
:
ensure smb.conf is correct
template
:
src=smb.conf.j2 dest=/etc/samba/smb.conf owner=root group=root mode=0644
notify
:
restart samba-ad-dc server
tags
:
-
ad-server
-
config
-
name
:
ensure smbd is stopped and disabled
service
:
name=smbd state=stopped enabled=no
tags
:
-
ad-server
-
service
-
name
:
ensure nmbd is stopped and disabled
service
:
name=nmbd state=stopped enabled=no
tags
:
-
ad-server
-
service
#- name: ensure samba-ad-dc unit is running, enabled and not masked
# systemd: name=samba-ad-dc masked=no state=running enabled=yes
-
debug
:
msg
:
"
Ensure
samba-ad-dc
unit
is
not
masked.
This
functionality
will
come
in
ansible
2.2,
you
should
refactor
this
role"
-
name
:
ensure samba-ad-dc is running and enabled
service
:
name=samba-ad-dc state=running enabled=yes
tags
:
-
ad-server
-
service
-
meta
:
flush_handlers
ad-server/templates/smb.conf.j2
0 → 100644
View file @
2f6ece5e
# Global parameters
[global]
workgroup = {{ smb_domain }}
realm = {{ REALM }}
netbios name = {{ ansible_hostname }}
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
idmap config uid : range = 10000-20000
idmap config gid : range = 10000-20000
template shell = /bin/bash
template homedir = /home/%U
registry shares = no
dns forwarder = {{ dns_forward }}
username map = /etc/samba/usermap.map
[netlogon]
path = /var/lib/samba/sysvol/{{ domain }}/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment