From 0d6e747ba84cfda2331bbc06ac9cbd5cddbb3985 Mon Sep 17 00:00:00 2001 From: Jose Date: Wed, 5 Nov 2025 18:57:30 +0100 Subject: [PATCH] commit-message undefined: Improve Samba service management Enhanced the provision.yml to properly stop and mask regular Samba services, while unmasking and enabling the Samba AD/DC service. This ensures a more robust setup for the domain controller. --- tasks/install.yml | 28 ++++++++++++++++++++++------ tasks/kerberos.yml | 2 +- tasks/main.yml | 16 ++++++++-------- tasks/provision.yml | 2 +- tasks/verify.yml | 6 +++--- 5 files changed, 35 insertions(+), 19 deletions(-) diff --git a/tasks/install.yml b/tasks/install.yml index 194b64a..f1e05f6 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -90,18 +90,34 @@ # ansible.builtin.debug: # msg: "✅ Samba version after upgrade: {{ samba_version.stdout }}" -- name: Stop Samba services before provisioning - ansible.builtin.service: - name: '{{ item }}' +# - name: Stop Samba services before provisioning +# ansible.builtin.service: +# name: '{{ item }}' +# state: stopped +# ignore_errors: true +# loop: +# - samba-ad-dc +# - smbd +# - nmbd +# - winbind + +- name: Disable and stop regular Samba services + ansible.builtin.systemd: + name: "{{ item }}" + enabled: false state: stopped - ignore_errors: true + masked: true loop: - - samba-ad-dc - smbd - nmbd - winbind - +- name: Unmask and enable Samba AD/DC service (but do not start it) + ansible.builtin.systemd: + name: samba-ad-dc + masked: false + enabled: true + state: stopped diff --git a/tasks/kerberos.yml b/tasks/kerberos.yml index a51a9fc..7046cd6 100644 --- a/tasks/kerberos.yml +++ b/tasks/kerberos.yml @@ -3,7 +3,7 @@ # The samba-tool output usually contains the path on a specific line. # We extract the path using regex and the 'search' filter. ansible.builtin.set_fact: - krb5_conf_path: '{{ samba_provision_output.stdout | regex_search('krb5.conf file is located at (.*)', '\\1') | first }}' + krb5_conf_path: "{{ samba_provision_output.stdout | regex_search('krb5.conf file is located at (.*)', '\\1') | first }}" when: samba_provision_output.stdout is defined - name: Copy krb5.conf to /etc/krb5.conf diff --git a/tasks/main.yml b/tasks/main.yml index 68f5036..3e6570b 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -8,15 +8,15 @@ - name: Provision include_tasks: provision.yml -- name: Setup DNS resolver - include_tasks: setupresolver.yml +# - name: Setup DNS resolver +# include_tasks: setupresolver.yml -- name: Configure Kerberos - include_tasks: kerberos.yml +# - name: Configure Kerberos +# include_tasks: kerberos.yml -- name: Testing Samba AD DC - include_tasks: verify.yml +# - name: Testing Samba AD DC +# include_tasks: verify.yml -- name: Configure Time Synchronization - include_tasks: ntpd.yml +# - name: Configure Time Synchronization +# include_tasks: ntpd.yml \ No newline at end of file diff --git a/tasks/provision.yml b/tasks/provision.yml index 6c225f8..f3aea06 100644 --- a/tasks/provision.yml +++ b/tasks/provision.yml @@ -13,7 +13,7 @@ executable: /bin/bash changed_when: false when: not samba_provisioned.stat.exists - + - name: Provision the Samba AD DC ansible.builtin.command: > samba-tool domain provision diff --git a/tasks/verify.yml b/tasks/verify.yml index 1921d98..a32129d 100644 --- a/tasks/verify.yml +++ b/tasks/verify.yml @@ -55,7 +55,7 @@ ansible.builtin.command: host -t SRV _ldap._tcp.{{ addc_auth_domain | lower }}. register: ldap_srv_check changed_when: false - failed_when: ''has SRV record' not in ldap_srv_check.stdout' + failed_when: "'has SRV record' not in ldap_srv_check.stdout" - name: Debug - Show LDAP SRV check result ansible.builtin.debug: @@ -66,7 +66,7 @@ ansible.builtin.command: host -t SRV _kerberos._udp.{{ addc_auth_domain | lower }}. register: kerberos_srv_check changed_when: false - failed_when: ''has SRV record' not in kerberos_srv_check.stdout' + failed_when: "'has SRV record' not in kerberos_srv_check.stdout" - name: Debug - Show Kerberos SRV check result ansible.builtin.debug: @@ -89,7 +89,7 @@ register: ptr_record_check changed_when: false # Assuming dc1.{{ addc_auth_domain }} is the expected output for the reverse record - failed_when: ''domain name pointer {{ addc_hostname | lower }}.{{ addc_auth_domain | lower }}' not in ptr_record_check.stdout' + failed_when: "'domain name pointer {{ addc_hostname | lower }}.{{ addc_auth_domain | lower }}' not in ptr_record_check.stdout" - name: Debug - Show PTR Record check result ansible.builtin.debug: