commit-message undefined: Improve Samba service management

Enhanced the provision.yml to properly stop and mask regular Samba services, while unmasking and enabling the Samba AD/DC service. This ensures a more robust setup for the domain controller.

tasks/install.yml

@@ -90,18 +90,34 @@
 #   ansible.builtin.debug:
 #     msg: "✅ Samba version after upgrade: {{ samba_version.stdout }}"
 
-- name: Stop Samba services before provisioning
+# - name: Stop Samba services before provisioning
-  ansible.builtin.service:
+#   ansible.builtin.service:
-    name: '{{ item }}'
+#     name: '{{ item }}'
+#     state: stopped
+#   ignore_errors: true
+#   loop:
+#     - samba-ad-dc
+#     - smbd
+#     - nmbd
+#     - winbind
+
+- name: Disable and stop regular Samba services
+  ansible.builtin.systemd:
+    name: "{{ item }}"
+    enabled: false
     state: stopped
-  ignore_errors: true
+    masked: true
   loop:
-    - samba-ad-dc
     - smbd
     - nmbd
     - winbind
 
-
+- name: Unmask and enable Samba AD/DC service (but do not start it)
+  ansible.builtin.systemd:
+    name: samba-ad-dc
+    masked: false
+    enabled: true
+    state: stopped
 
 
 

tasks/kerberos.yml

@@ -3,7 +3,7 @@
   # The samba-tool output usually contains the path on a specific line.
   # We extract the path using regex and the 'search' filter.
   ansible.builtin.set_fact:
-    krb5_conf_path: '{{ samba_provision_output.stdout | regex_search('krb5.conf file is located at (.*)', '\\1') | first }}'
+    krb5_conf_path: "{{ samba_provision_output.stdout | regex_search('krb5.conf file is located at (.*)', '\\1') | first }}"
   when: samba_provision_output.stdout is defined
 
 - name: Copy krb5.conf to /etc/krb5.conf

tasks/main.yml

@@ -8,15 +8,15 @@
 - name: Provision
   include_tasks: provision.yml
 
-- name: Setup DNS resolver
+# - name: Setup DNS resolver
-  include_tasks: setupresolver.yml
+#   include_tasks: setupresolver.yml
 
-- name: Configure Kerberos
+# - name: Configure Kerberos
-  include_tasks: kerberos.yml
+#   include_tasks: kerberos.yml
 
-- name: Testing Samba AD DC
+# - name: Testing Samba AD DC
-  include_tasks: verify.yml
+#   include_tasks: verify.yml
 
-- name: Configure Time Synchronization
+# - name: Configure Time Synchronization
-  include_tasks: ntpd.yml
+#   include_tasks: ntpd.yml
   

tasks/provision.yml

@@ -13,7 +13,7 @@
     executable: /bin/bash
   changed_when: false
   when: not samba_provisioned.stat.exists
-  
+
 - name: Provision the Samba AD DC
   ansible.builtin.command: >
     samba-tool domain provision

tasks/verify.yml

@@ -55,7 +55,7 @@
   ansible.builtin.command: host -t SRV _ldap._tcp.{{ addc_auth_domain | lower }}.
   register: ldap_srv_check
   changed_when: false
-  failed_when: ''has SRV record' not in ldap_srv_check.stdout'
+  failed_when: "'has SRV record' not in ldap_srv_check.stdout"
 
 - name: Debug - Show LDAP SRV check result
   ansible.builtin.debug:
@@ -66,7 +66,7 @@
   ansible.builtin.command: host -t SRV _kerberos._udp.{{ addc_auth_domain | lower }}.
   register: kerberos_srv_check
   changed_when: false
-  failed_when: ''has SRV record' not in kerberos_srv_check.stdout'
+  failed_when: "'has SRV record' not in kerberos_srv_check.stdout"
 
 - name: Debug - Show Kerberos SRV check result
   ansible.builtin.debug:
@@ -89,7 +89,7 @@
   register: ptr_record_check
   changed_when: false
   # Assuming dc1.{{ addc_auth_domain }} is the expected output for the reverse record
-  failed_when: ''domain name pointer {{ addc_hostname | lower }}.{{ addc_auth_domain | lower }}' not in ptr_record_check.stdout'
+  failed_when: "'domain name pointer {{ addc_hostname | lower }}.{{ addc_auth_domain | lower }}' not in ptr_record_check.stdout"
 
 - name: Debug - Show PTR Record check result
   ansible.builtin.debug: