2025-09-30 17:40:18 +02:00
|
|
|
---
|
2025-11-02 17:42:35 +01:00
|
|
|
- name: check if domain already provisioned
|
|
|
|
|
ansible.builtin.stat:
|
|
|
|
|
path: /var/lib/samba/private/adsync.conf
|
|
|
|
|
register: samba_provisioned
|
|
|
|
|
|
2025-11-03 19:46:40 +01:00
|
|
|
- name: Remove smb.conf if server role conflicts
|
|
|
|
|
ansible.builtin.shell: |
|
2025-11-04 19:22:07 +01:00
|
|
|
if grep -q 'server role = standalone server' /etc/samba/smb.conf 2>/dev/null; then
|
2025-11-03 19:46:40 +01:00
|
|
|
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak.$(date +%s)
|
|
|
|
|
fi
|
|
|
|
|
args:
|
|
|
|
|
executable: /bin/bash
|
|
|
|
|
changed_when: false
|
|
|
|
|
when: not samba_provisioned.stat.exists
|
|
|
|
|
|
2025-10-19 22:25:19 +02:00
|
|
|
- name: Provision the Samba AD DC
|
|
|
|
|
ansible.builtin.command: >
|
2025-09-30 17:40:18 +02:00
|
|
|
samba-tool domain provision
|
|
|
|
|
--use-rfc2307
|
2025-11-02 18:16:05 +01:00
|
|
|
--realm={{ samba_domain_info.realm }}
|
|
|
|
|
--domain={{ samba_domain_info.domain }}
|
|
|
|
|
--server-role={{ samba_domain_info.server_role }}
|
|
|
|
|
--dns-backend={{ samba_domain_info.dns_backend }}
|
2025-11-04 19:22:07 +01:00
|
|
|
--adminpass='{{ addc_admin_password }}'
|
|
|
|
|
--option='interfaces={{ samba_domain_info.interfaces }}'
|
|
|
|
|
--option='bind interfaces only={{ samba_domain_info.bind_interfaces_only }}'
|
2025-11-02 17:42:35 +01:00
|
|
|
when: not samba_provisioned.stat.exists
|
2025-09-30 17:40:18 +02:00
|
|
|
register: samba_provision_output
|
2025-10-19 22:25:19 +02:00
|
|
|
changed_when: samba_provision_output.rc == 0
|
2025-11-03 18:26:30 +01:00
|
|
|
no_log: false # You may toggle this if password should be hidden
|
2025-11-02 18:16:05 +01:00
|
|
|
|
|
|
|
|
|
