mikepell/dsfin-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
7e68ea16b3a2272d8cd328a07d9f5191a29441d7
dsfin-ansible/roles/role-samba4-primary-ad-dc/tasks/ubuntu-2004-amd64.yml
Michael Pellegrino 7e68ea16b3 Update Readme 
add requirements.yml for additional modules
2021-08-30 08:39:21 -04:00

152 lines
3.6 KiB
YAML
Raw Blame History

---
# title: role-samba4-primary-ad-dc
#
# Author: bitfinity-nl
# Version: 1.0
# File: tasks/ubt-1804-amd64.yml
#
# Description: Creating a primairy Active Directory Domain Controller.
- name: "Check OS if is allready DC"
shell: "samba-tool domain info {{ ansible_default_ipv4.address }}"
register: smb_dc_result
ignore_errors: yes
- name: "Preseed Kerberos version 5: krb5-config/default_realm"
raw: "echo krb5-config krb5-config/default_realm string {{ smb_realm }} | sudo debconf-set-selections"
when:
- smb_dc_result.failed == true
- name: "Preseed Kerberos version 5: krb5-config/add_servers_realm"
raw: "echo krb5-config krb5-config/add_servers_realm string {{ smb_realm }} | sudo debconf-set-selections"
when:
- smb_dc_result.failed == true
- name: "Preseed PAM Configuration"
raw: "echo libpam-runtime libpam-runtime/profiles multiselect unix, winbind, systemd, mkhomedir | sudo debconf-set-selections"
when:
- smb_dc_result.failed == true
#- name: "Add additional repositories"
# apt_repository:
# repo: ppa:linux-schools/samba-latest
# when:
# - smb_repository == 'latest'
- name: "Install dependencies"
apt:
name: "{{ packages }}"
update_cache: yes
state: present
vars:
packages:
- acl
- samba
- smbclient
- krb5-config
- krb5-user
- winbind
- libpam-winbind
- libnss-winbind
- name: "Disable Services"
systemd:
enabled: no
state: stopped
name: "{{ item }}"
with_items:
- samba-ad-dc.service
- smbd.service
- nmbd.service
- winbind.service
- systemd-resolved
when:
- smb_dc_result.failed == true
#- name: "Disable Services"
# systemd:
# enabled: no
# state: stopped
# name: "{{ item }}"
# with_items:
# - systemd-resolved
# when:
# - smb_dc_result.failed == true
# - smb_repository == 'latest'
- name: "back-up the initial /etc/samba/smb.conf to /etc/samba/smb.conf.initial"
copy:
src: /etc/samba/smb.conf
dest: /etc/samba/smb.conf.initial
remote_src: yes
force: no
when:
- smb_dc_result.failed == true
- name: "rm /etc/samba/smb.conf"
file:
path: /etc/samba/smb.conf
state: absent
when:
- smb_dc_result.failed == true
- name: "Start domain provisioning"
raw: "samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=SAMBA_INTERNAL --realm={{ smb_realm }} --domain={{ smb_workgroup }} --adminpass={{ smb_password }}"
when:
- smb_dc_result.failed == true
- name: "Configure DNS forwarder in /etc/samba/smb.conf"
replace:
path: /etc/samba/smb.conf
regexp: '127.0.0.53'
replace: '{{ def_ad_dns_forwarder }}'
backup: yes
- name: "back-Up the initial /etc/krb5.conf to /etc/krb5.conf.initial"
copy:
src: /etc/krb5.conf
dest: /etc/krb5.conf.initial
remote_src: yes
force: no
- name: "Symlink to /var/lib/samba/private/krb5.conf to /etc/krb5.conf"
file:
src: /var/lib/samba/private/krb5.conf
dest: /etc/krb5.conf
state: link
force: yes
- name: "Enable Services"
systemd:
masked: no
enabled: yes
state: started
name: "{{ item }}"
with_items:
- samba-ad-dc.service
- name: "Edit Fstab"
replace:
path: /etc/fstab
#regexp: 'errors=remount-ro 0'
regexp: 'defaults'
replace: 'user_xattr,acl,barrier=1,errors=remount-ro,relatime 0'
backup: yes
- name: "Allow traffic for Application Samba4 AD-DC"
ufw:
rule: allow
name: Samba
- name: "Allow all DNS traffic on port 53/tcp"
ufw:
rule: allow
port: '53'
proto: "{{ item }}"
with_items:
- tcp
- udp
- name: "Ubuntu login"
import_tasks: ubuntu-1804-amd64-login.yml
Reference in New Issue View Git Blame Copy Permalink