Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

97 lines
2.5 KiB

---
- name: Install common packages
yum: name={{ samba_common_packages }}
tags: samba
- name: Install DC components
yum: name={{ samba_dc_packages }}
when: samba_role == 'dc' or samba_role == 'rodc'
tags: samba
# sssd-libwbclient breaks DC so only install on members
- name: Install members components
yum: name=sssd-libwbclient
when:
- samba_role != 'dc'
- samba_role != 'rodc'
tags: samba
- name: Remove config files
file: path={{ item }} state=absent
with_items:
- /etc/samba/smb.conf
- /etc/krb5.conf
when:
- samba_role == 'dc' or samba_role == 'rodc'
- not samba_dc_sysvol.stat.exists
tags: samba
- name: Stop samba services
service: name={{ item }} state=stopped
with_items:
- samba
- smb
- nmb
when:
- samba_role == 'dc' or samba_role == 'rodc'
- not samba_dc_sysvol.stat.exists
tags: samba
# We need to have our correct hostname before joining the domain !!
- name: Set system hostname
hostname: name={{ system_hostname | default(inventory_hostname | regex_replace('^([^\.]+)\..*','\\1')) }}
tags: samba
- name: Try to join the domain (as DC)
command: >-
samba-tool domain join {{ samba_realm }} DC
--dns-backend SAMBA_INTERNAL
--realm {{ samba_realm }}
-U Administrator
--password={{ samba_dc_admin_pass | quote }}
when:
- samba_role == 'dc'
- not samba_dc_sysvol.stat.exists
register: samba_dc_join
ignore_errors: True
tags: samba
# If we're not the primary domain, and we can't join the domain
# and we haven't done it yet, we must fail
- name: Fail if not the primary DC and joining the domain failed
fail: msg="Failed to join the domaine"
when:
- samba_dc_join is defined
- samba_dc_join.rc is defined
- samba_dc_join.rc != 0
- not samba_i_am_primary_dc == True
- not samba_dc_sysvol.stat.exists
tags: samba
- name: Provision the domain
command: >-
samba-tool domain provision --server-role=dc
--dns-backend SAMBA_INTERNAL --realm {{ samba_realm }}
--domain {{ samba_domain }} --use-rfc2307
--adminpass={{ samba_dc_admin_pass | quote }}
when:
- not samba_dc_sysvol.stat.exists
- samba_i_am_primary_dc == True
- samba_dc_join.rc != 0
tags: samba
- name: Join the domain (as RODC)
command: >-
samba-tool domain join {{ samba_realm }} RODC
--dns-backend SAMBA_INTERNAL
--realm {{ samba_realm }}
-U Administrator
--password={{ samba_dc_admin_pass | quote }}
no_log: True
when:
- samba_role == 'rodc'
- not samba_dc_sysvol.stat.exists
tags: samba