Select Git revision
calendarpush.py
Forked from
protokollsystem / proto3
Source project has a limited visibility.
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
main.yml 2.36 KiB
---
# file: roles/ad-server/tasks/main.yml
- name: ensure ad-server is installed
apt: name=samba state=latest
tags:
- packages
- ad-server
- name: ensure winbind is for some reasons installed
apt: name=winbind state=latest
tags:
- packages
- ad-server
- name: figure out if domain is provisioned
stat: path=/var/lib/samba/sysvol/{{ domain }}
register: domain_provisioned
tags:
- ad-server
- domain-provision
- name: ensure smb.conf is absent for provision
file: path=/etc/samba/smb.conf state=absent
when: domain_provisioned.stat.exists == False
tags:
- ad-server
- domain-provision
- name: get admin password for SAMBA
local_action: pass name="samba-admin" state=present generate=20 store=FSMPI_PASSWORD_STORE_DIR limit=yes
register: adminpass
when: domain_provisioned.stat.exists == False
no_log: True
tags:
- ad-server
- domain-provision
- password
# provision smb-domain. passwords will be selected at random and safed to /root/smb-provision.log)
# TODO: Evaluate if internal DNS-backend is powerful enough for usecase otherwise bind9 is needed
- name: ensure domain is provisioned
shell: samba-tool domain provision --use-rfc2307 --domain={{ smb_domain }} --server-role=dc --host-name={{ ansible_hostname }} --realm={{ REALM }} --dns-backend=NONE --adminpass={{ adminpass.password }} 2> /root/smb-provision.log
when: domain_provisioned.stat.exists == False
no_log: True
tags:
- ad-server
- domain-provision
- name: ensure smb.conf is correct
template: src=smb.conf.j2 dest=/etc/samba/smb.conf owner=root group=root mode=0644
notify: restart samba-ad-dc server
tags:
- ad-server
- config
- name: ensure smbd is stopped and disabled
service: name=smbd state=stopped enabled=no
tags:
- ad-server
- service
- name: ensure nmbd is stopped and disabled
service: name=nmbd state=stopped enabled=no
tags:
- ad-server
- service