You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
97 lines
2.5 KiB
97 lines
2.5 KiB
4 years ago
|
---
|
||
|
|
||
|
- name: Install common packages
|
||
|
yum: name={{ samba_common_packages }}
|
||
|
tags: samba
|
||
|
|
||
|
- name: Install DC components
|
||
|
yum: name={{ samba_dc_packages }}
|
||
|
when: samba_role == 'dc' or samba_role == 'rodc'
|
||
|
tags: samba
|
||
|
|
||
|
# sssd-libwbclient breaks DC so only install on members
|
||
|
- name: Install members components
|
||
|
yum: name=sssd-libwbclient
|
||
|
when:
|
||
|
- samba_role != 'dc'
|
||
|
- samba_role != 'rodc'
|
||
|
tags: samba
|
||
|
|
||
|
- name: Remove config files
|
||
|
file: path={{ item }} state=absent
|
||
|
with_items:
|
||
|
- /etc/samba/smb.conf
|
||
|
- /etc/krb5.conf
|
||
|
when:
|
||
|
- samba_role == 'dc' or samba_role == 'rodc'
|
||
|
- not samba_dc_sysvol.stat.exists
|
||
|
tags: samba
|
||
|
|
||
|
- name: Stop samba services
|
||
|
service: name={{ item }} state=stopped
|
||
|
with_items:
|
||
|
- samba
|
||
|
- smb
|
||
|
- nmb
|
||
|
when:
|
||
|
- samba_role == 'dc' or samba_role == 'rodc'
|
||
|
- not samba_dc_sysvol.stat.exists
|
||
|
tags: samba
|
||
|
|
||
|
# We need to have our correct hostname before joining the domain !!
|
||
|
- name: Set system hostname
|
||
|
hostname: name={{ system_hostname | default(inventory_hostname | regex_replace('^([^\.]+)\..*','\\1')) }}
|
||
|
tags: samba
|
||
|
|
||
|
- name: Try to join the domain (as DC)
|
||
|
command: >-
|
||
|
samba-tool domain join {{ samba_realm }} DC
|
||
|
--dns-backend SAMBA_INTERNAL
|
||
|
--realm {{ samba_realm }}
|
||
|
-U Administrator
|
||
|
--password={{ samba_dc_admin_pass | quote }}
|
||
|
when:
|
||
|
- samba_role == 'dc'
|
||
|
- not samba_dc_sysvol.stat.exists
|
||
|
register: samba_dc_join
|
||
|
ignore_errors: True
|
||
|
tags: samba
|
||
|
|
||
|
# If we're not the primary domain, and we can't join the domain
|
||
|
# and we haven't done it yet, we must fail
|
||
|
- name: Fail if not the primary DC and joining the domain failed
|
||
|
fail: msg="Failed to join the domaine"
|
||
|
when:
|
||
|
- samba_dc_join is defined
|
||
|
- samba_dc_join.rc is defined
|
||
|
- samba_dc_join.rc != 0
|
||
|
- not samba_i_am_primary_dc == True
|
||
|
- not samba_dc_sysvol.stat.exists
|
||
|
tags: samba
|
||
|
|
||
|
- name: Provision the domain
|
||
|
command: >-
|
||
|
samba-tool domain provision --server-role=dc
|
||
|
--dns-backend SAMBA_INTERNAL --realm {{ samba_realm }}
|
||
|
--domain {{ samba_domain }} --use-rfc2307
|
||
|
--adminpass={{ samba_dc_admin_pass | quote }}
|
||
|
when:
|
||
|
- not samba_dc_sysvol.stat.exists
|
||
|
- samba_i_am_primary_dc == True
|
||
|
- samba_dc_join.rc != 0
|
||
|
tags: samba
|
||
|
|
||
|
- name: Join the domain (as RODC)
|
||
|
command: >-
|
||
|
samba-tool domain join {{ samba_realm }} RODC
|
||
|
--dns-backend SAMBA_INTERNAL
|
||
|
--realm {{ samba_realm }}
|
||
|
-U Administrator
|
||
|
--password={{ samba_dc_admin_pass | quote }}
|
||
|
no_log: True
|
||
|
when:
|
||
|
- samba_role == 'rodc'
|
||
|
- not samba_dc_sysvol.stat.exists
|
||
|
tags: samba
|
||
|
|