mikepell/dsfin-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

move samba roles to roles directory

Browse Source
This commit is contained in:
Michael Pellegrino
2021-08-26 14:29:25 -04:00
parent ab9c9281d8
commit 21612189e0
28 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
roles/role-samba4-primary-ad-dc/tasks/main.yml Normal file
View File

@@ -0,0 +1,43 @@
---
# title: role-samba4-primary-ad-dc
#
# Author: bitfinity-nl
# Version: 1.0
# File: tasks/main.yml
#
# Description: Creating a primairy Active Directory Domain Controller.
- name: "For OS: Ubuntu 16.04LTS, Arch: amd64"
import_tasks: ubuntu-1604-amd64.yml
when:
- ansible_distribution_version == "16.04"
- ansible_architecture == "x86_64"
- name: "Role: primary DC, For OS: Ubuntu 18.04LTS, Arch: amd64"
import_tasks: ubuntu-1804-amd64.yml
when:
- smb_role == "primary"
- ansible_distribution_version == "18.04"
- ansible_architecture == "x86_64"
- name: "Role: additional DC, For OS: Ubuntu 18.04LTS, Arch: amd64"
import_tasks: ubuntu-1804-amd64.yml
when:
- smb_role == "additional"
- ansible_distribution_version == "18.04"
- ansible_architecture == "x86_64"
- name: "Role: primary DC, For OS: Ubuntu 20.04LTS, Arch: amd64"
import_tasks: ubuntu-2004-amd64.yml
when:
- smb_role == "primary"
- ansible_distribution_version == "20.04"
- ansible_architecture == "x86_64"
- name: "Role: additional DC, For OS: Ubuntu 20.04LTS, Arch: amd64"
import_tasks: ubuntu-2004-amd64.yml
when:
- smb_role == "additional"
- ansible_distribution_version == "20.04"
- ansible_architecture == "x86_64"

125
roles/role-samba4-primary-ad-dc/tasks/ubt-1804-adc.yml Normal file
View File

@@ -0,0 +1,125 @@
---
# Title: Role Samba4
#
# Author: bitfinity-nl
# File: tasks/ubt-1804-adc.yml
#
# Description:
# Add additional domain controller
#
- name: "Check OS if is allready DC"
shell: "samba-tool domain info {{ ansible_default_ipv4.address }}"
register: smb_dc_result
ignore_errors: yes
- name: "Preseed Kerberos version 5: krb5-config/default_realm"
raw: "echo krb5-config krb5-config/default_realm string {{ smb_realm }} | sudo debconf-set-selections"
when:
- smb_dc_result.failed == true
- name: "Preseed Kerberos version 5: krb5-config/add_servers_realm"
raw: "echo krb5-config krb5-config/add_servers_realm string {{ smb_realm }} | sudo debconf-set-selections"
when:
- smb_dc_result.failed == true
- name: "Preseed PAM Configuration"
raw: "echo libpam-runtime libpam-runtime/profiles multiselect unix, winbind, systemd, mkhomedir | sudo debconf-set-selections"
when:
- smb_dc_result.failed == true
- name: "Install dependencies"
apt:
name: "{{ packages }}"
update_cache: yes
state: present
vars:
packages:
- acl
- samba
- smbclient
- krb5-config
- krb5-user
- winbind
- libpam-winbind
- libnss-winbind
- name: "back-up the initial /etc/samba/smb.conf to /etc/samba/smb.conf.initial"
copy:
src: /etc/samba/smb.conf
dest: /etc/samba/smb.conf.initial
remote_src: yes
force: no
when:
- smb_dc_result.failed == true
- name: "rm /etc/samba/smb.conf"
file:
path: /etc/samba/smb.conf
state: absent
when:
- smb_dc_result.failed == true
- name: "Transfer adc/smb.conf.j2 to /etc/samba/smb.conf"
template:
src: adc/smb.conf.j2
dest: /etc/samba/smb.conf
- name: "Join {{ ansible_hostname }} as additional domain controller"
raw: "samba-tool domain join {{ smb_realm }} DC -U{{ smb_workgroup }}\\{{smb_username }} --realm={{ smb_realm }} --domain={{ smb_workgroup }} --adminpass={{ smb_password }}"
when:
- smb_dc_result.failed == true
- name: "Configure DNS forwarder in /etc/samba/smb.conf"
replace:
path: /etc/samba/smb.conf
regexp: '127.0.0.53'
replace: '{{ def_ad_dns_forwarder }}'
backup: yes
- name: "back-Up the initial /etc/krb5.conf to /etc/krb5.conf.initial"
copy:
src: /etc/krb5.conf
dest: /etc/krb5.conf.initial
remote_src: yes
force: no
- name: "Symlink to /var/lib/samba/private/krb5.conf to /etc/krb5.conf"
file:
src: /var/lib/samba/private/krb5.conf
dest: /etc/krb5.conf
state: link
force: yes
- name: "Enable Services"
systemd:
masked: no
enabled: yes
state: started
name: "{{ item }}"
with_items:
- samba-ad-dc.service
- name: "Edit Fstab"
replace:
path: /etc/fstab
regexp: 'errors=remount-ro 0'
replace: 'user_xattr,acl,barrier=1,errors=remount-ro,relatime 0'
backup: yes
- name: "Allow traffic for Application Samba4 AD-DC"
ufw:
rule: allow
name: Samba
- name: "Allow all DNS traffic on port 53/tcp"
ufw:
rule: allow
port: '53'
proto: "{{ item }}"
with_items:
- tcp
- udp
- name: "Ubuntu login"
import_tasks: ubuntu-1804-amd64-login.yml

120
roles/role-samba4-primary-ad-dc/tasks/ubuntu-1604-amd64.yml Normal file
View File

@@ -0,0 +1,120 @@
---
# title: ansible-role-samba4-primary-ad-dc
#
# Author: Luc Rutten
# Version: 1.0
# File: tasks/ubuntu-1604-amd64.yml
#
# Description: Creating a primairy Active Directory Domain Controller.
- name: "Check OS if is allready DC"
shell: "samba-tool domain info {{ ansible_default_ipv4.address }}"
register: smb_dc_result
ignore_errors: yes
- name: "Preseed Kerberos version 5: krb5-config/default_realm"
raw: "echo krb5-config krb5-config/default_realm string {{ smb_realm }} | sudo debconf-set-selections"
when:
- smb_dc_result.failed == true
- name: "Preseed Kerberos version 5: krb5-config/add_servers_realm"
raw: "echo krb5-config krb5-config/add_servers_realm string {{ smb_realm }} | sudo debconf-set-selections"
when:
- smb_dc_result.failed == true
- name: "Preseed PAM Configuration"
raw: "echo libpam-runtime libpam-runtime/profiles multiselect unix, winbind, systemd, mkhomedir | sudo debconf-set-selections"
when:
- smb_dc_result.failed == true
- name: "Install dependencies"
apt:
name: "{{ packages }}"
update_cache: yes
state: present
vars:
packages:
- acl
- samba
- smbclient
- krb5-config
- krb5-user
- winbind
- libpam-winbind
- libnss-winbind
when:
- smb_dc_result.failed == true
- name: "Disable Services"
systemd:
enabled: no
state: stopped
name: "{{ item }}"
with_items:
- samba-ad-dc.service
- smbd.service
- nmbd.service
- winbind.service
when:
- smb_dc_result.failed == true
- name: "back-Up the initial /etc/samba/smb.conf to /etc/samba/smb.conf.initial"
copy:
src: /etc/samba/smb.conf
dest: /etc/samba/smb.conf.initial
remote_src: yes
force: no
when:
- smb_dc_result.failed == true
- name: "rm /etc/samba/smb.conf"
file:
path: /etc/samba/smb.conf
state: absent
when:
- smb_dc_result.failed == true
- name: "Start domain provisioning"
raw: "samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=SAMBA_INTERNAL --realm={{ smb_realm }} --domain={{ smb_workgroup }} --adminpass={{ smb_password }}"
when:
- smb_dc_result.failed == true
- name: "back-Up the initial /etc/krb5.conf to /etc/krb5.conf.initial"
copy:
src: /etc/krb5.conf
dest: /etc/krb5.conf.initial
remote_src: yes
force: no
when:
- smb_dc_result.failed == true
- name: "Symlink to /var/lib/samba/private/krb5.conf to /etc/krb5.conf"
file:
src: /var/lib/samba/private/krb5.conf
dest: /etc/krb5.conf
state: link
force: yes
when:
- smb_dc_result.failed == true
- name: "Enable Services"
systemd:
enabled: yes
state: started
name: "{{ item }}"
with_items:
- samba-ad-dc.service
- smbd.service
- nmbd.service
- winbind.service
when:
- smb_dc_result.failed == true
- name: "Edit Fstab"
replace:
path: /etc/fstab
regexp: 'errors=remount-ro 0'
replace: 'user_xattr,acl,barrier=1,errors=remount-ro,relatime 0'
backup: yes
when:
- smb_dc_result.failed == true

69
roles/role-samba4-primary-ad-dc/tasks/ubuntu-1804-amd64-login.yml Normal file
View File

@@ -0,0 +1,69 @@
---
# title: role-samba4-primary-ad-dc
#
# Author: bitfinity-nl
# Version: 1.0
# File: tasks/ubt-1804-amd64-login.yml
#
# Description: Creating a primairy Active Directory Domain Controller.
- name: "Edit Fstab"
replace:
path: /etc/fstab
regexp: 'errors=remount-ro 0'
replace: 'user_xattr,acl,barrier=1,errors=remount-ro,relatime 0'
backup: yes
- name: "Download template smb.conf.j2 to /etc/samba/smb.conf"
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
backup: yes
with_items:
- { src: 'pam_winbind.conf.j2', dest: '/usr/share/doc/libpam-winbind/examples/pam_winbind/pam_winbind.conf' }
notify:
- restart_samba
- name: "Modify /etc/samba/smb.conf for AD logins"
blockinfile:
path: /etc/samba/smb.conf
insertafter: "use rfc2307 = yes"
block: |
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = yes
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
winbind offline logon = yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
marker: "# {mark} ANSIBLE MANAGED BLOCK"
notify: restart_samba
- name: "Transfer templates"
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
backup: yes
with_items:
- { src: 'nsswitch.conf.j2', dest: '/etc/nsswitch.conf'}
- name: "Configure PAM Configuration"
shell: DEBIAN_FRONTEND=noninteractive pam-auth-update
- name: "Configure PAM - /etc/pam.d/common-account"
lineinfile:
path: /etc/pam.d/common-account
line: 'session required pam_mkhomedir.so skel=/etc/skel/ umask=0022'
backup: yes
- name: "Download template domain-admins.j2 to /etc/sudoers.d/domain-admins"
template:
src: domain-admins.j2
dest: /etc/sudoers.d/domain-admins
owner: root
group: root
mode: 0440
backup: yes

150
roles/role-samba4-primary-ad-dc/tasks/ubuntu-1804-amd64.yml Normal file
View File

@@ -0,0 +1,150 @@
---
# title: role-samba4-primary-ad-dc
#
# Author: bitfinity-nl
# Version: 1.0
# File: tasks/ubt-1804-amd64.yml
#
# Description: Creating a primairy Active Directory Domain Controller.
- name: "Check OS if is allready DC"
shell: "samba-tool domain info {{ ansible_default_ipv4.address }}"
register: smb_dc_result
ignore_errors: yes
- name: "Preseed Kerberos version 5: krb5-config/default_realm"
raw: "echo krb5-config krb5-config/default_realm string {{ smb_realm }} | sudo debconf-set-selections"
when:
- smb_dc_result.failed == true
- name: "Preseed Kerberos version 5: krb5-config/add_servers_realm"
raw: "echo krb5-config krb5-config/add_servers_realm string {{ smb_realm }} | sudo debconf-set-selections"
when:
- smb_dc_result.failed == true
- name: "Preseed PAM Configuration"
raw: "echo libpam-runtime libpam-runtime/profiles multiselect unix, winbind, systemd, mkhomedir | sudo debconf-set-selections"
when:
- smb_dc_result.failed == true
#- name: "Add additional repositories"
# apt_repository:
# repo: ppa:linux-schools/samba-latest
# when:
# - smb_repository == 'latest'
- name: "Install dependencies"
apt:
name: "{{ packages }}"
update_cache: yes
state: present
vars:
packages:
- acl
- samba
- smbclient
- krb5-config
- krb5-user
- winbind
- libpam-winbind
- libnss-winbind
- name: "Disable Services"
systemd:
enabled: no
state: stopped
name: "{{ item }}"
with_items:
- samba-ad-dc.service
- smbd.service
- nmbd.service
- winbind.service
- systemd-resolved
when:
- smb_dc_result.failed == true
#- name: "Disable Services"
# systemd:
# enabled: no
# state: stopped
# name: "{{ item }}"
# with_items:
# - systemd-resolved
# when:
# - smb_dc_result.failed == true
# - smb_repository == 'latest'
- name: "back-up the initial /etc/samba/smb.conf to /etc/samba/smb.conf.initial"
copy:
src: /etc/samba/smb.conf
dest: /etc/samba/smb.conf.initial
remote_src: yes
force: no
when:
- smb_dc_result.failed == true
- name: "rm /etc/samba/smb.conf"
file:
path: /etc/samba/smb.conf
state: absent
when:
- smb_dc_result.failed == true
- name: "Start domain provisioning"
raw: "samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=SAMBA_INTERNAL --realm={{ smb_realm }} --domain={{ smb_workgroup }} --adminpass={{ smb_password }}"
when:
- smb_dc_result.failed == true
- name: "Configure DNS forwarder in /etc/samba/smb.conf"
replace:
path: /etc/samba/smb.conf
regexp: '127.0.0.53'
replace: '{{ def_ad_dns_forwarder }}'
backup: yes
- name: "back-Up the initial /etc/krb5.conf to /etc/krb5.conf.initial"
copy:
src: /etc/krb5.conf
dest: /etc/krb5.conf.initial
remote_src: yes
force: no
- name: "Symlink to /var/lib/samba/private/krb5.conf to /etc/krb5.conf"
file:
src: /var/lib/samba/private/krb5.conf
dest: /etc/krb5.conf
state: link
force: yes
- name: "Enable Services"
systemd:
masked: no
enabled: yes
state: started
name: "{{ item }}"
with_items:
- samba-ad-dc.service
- name: "Edit Fstab"
replace:
path: /etc/fstab
regexp: 'errors=remount-ro 0'
replace: 'user_xattr,acl,barrier=1,errors=remount-ro,relatime 0'
backup: yes
- name: "Allow traffic for Application Samba4 AD-DC"
ufw:
rule: allow
name: Samba
- name: "Allow all DNS traffic on port 53/tcp"
ufw:
rule: allow
port: '53'
proto: "{{ item }}"
with_items:
- tcp
- udp
- name: "Ubuntu login"
import_tasks: ubuntu-1804-amd64-login.yml

150
roles/role-samba4-primary-ad-dc/tasks/ubuntu-2004-amd64.yml Normal file
View File

@@ -0,0 +1,150 @@
---
# title: role-samba4-primary-ad-dc
#
# Author: bitfinity-nl
# Version: 1.0
# File: tasks/ubt-1804-amd64.yml
#
# Description: Creating a primairy Active Directory Domain Controller.
- name: "Check OS if is allready DC"
shell: "samba-tool domain info {{ ansible_default_ipv4.address }}"
register: smb_dc_result
ignore_errors: yes
- name: "Preseed Kerberos version 5: krb5-config/default_realm"
raw: "echo krb5-config krb5-config/default_realm string {{ smb_realm }} | sudo debconf-set-selections"
when:
- smb_dc_result.failed == true
- name: "Preseed Kerberos version 5: krb5-config/add_servers_realm"
raw: "echo krb5-config krb5-config/add_servers_realm string {{ smb_realm }} | sudo debconf-set-selections"
when:
- smb_dc_result.failed == true
- name: "Preseed PAM Configuration"
raw: "echo libpam-runtime libpam-runtime/profiles multiselect unix, winbind, systemd, mkhomedir | sudo debconf-set-selections"
when:
- smb_dc_result.failed == true
#- name: "Add additional repositories"
# apt_repository:
# repo: ppa:linux-schools/samba-latest
# when:
# - smb_repository == 'latest'
- name: "Install dependencies"
apt:
name: "{{ packages }}"
update_cache: yes
state: present
vars:
packages:
- acl
- samba
- smbclient
- krb5-config
- krb5-user
- winbind
- libpam-winbind
- libnss-winbind
- name: "Disable Services"
systemd:
enabled: no
state: stopped
name: "{{ item }}"
with_items:
- samba-ad-dc.service
- smbd.service
- nmbd.service
- winbind.service
- systemd-resolved
when:
- smb_dc_result.failed == true
#- name: "Disable Services"
# systemd:
# enabled: no
# state: stopped
# name: "{{ item }}"
# with_items:
# - systemd-resolved
# when:
# - smb_dc_result.failed == true
# - smb_repository == 'latest'
- name: "back-up the initial /etc/samba/smb.conf to /etc/samba/smb.conf.initial"
copy:
src: /etc/samba/smb.conf
dest: /etc/samba/smb.conf.initial
remote_src: yes
force: no
when:
- smb_dc_result.failed == true
- name: "rm /etc/samba/smb.conf"
file:
path: /etc/samba/smb.conf
state: absent
when:
- smb_dc_result.failed == true
- name: "Start domain provisioning"
raw: "samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=SAMBA_INTERNAL --realm={{ smb_realm }} --domain={{ smb_workgroup }} --adminpass={{ smb_password }}"
when:
- smb_dc_result.failed == true
- name: "Configure DNS forwarder in /etc/samba/smb.conf"
replace:
path: /etc/samba/smb.conf
regexp: '127.0.0.53'
replace: '{{ def_ad_dns_forwarder }}'
backup: yes
- name: "back-Up the initial /etc/krb5.conf to /etc/krb5.conf.initial"
copy:
src: /etc/krb5.conf
dest: /etc/krb5.conf.initial
remote_src: yes
force: no
- name: "Symlink to /var/lib/samba/private/krb5.conf to /etc/krb5.conf"
file:
src: /var/lib/samba/private/krb5.conf
dest: /etc/krb5.conf
state: link
force: yes
- name: "Enable Services"
systemd:
masked: no
enabled: yes
state: started
name: "{{ item }}"
with_items:
- samba-ad-dc.service
- name: "Edit Fstab"
replace:
path: /etc/fstab
regexp: 'errors=remount-ro 0'
replace: 'user_xattr,acl,barrier=1,errors=remount-ro,relatime 0'
backup: yes
- name: "Allow traffic for Application Samba4 AD-DC"
ufw:
rule: allow
name: Samba
- name: "Allow all DNS traffic on port 53/tcp"
ufw:
rule: allow
port: '53'
proto: "{{ item }}"
with_items:
- tcp
- udp
- name: "Ubuntu login"
import_tasks: ubuntu-1804-amd64-login.yml