commit-message undefined: Improve Samba service management

Enhanced the provision.yml to properly stop and mask regular Samba services, while unmasking and enabling the Samba AD/DC service. This ensures a more robust setup for the domain controller.
2025-11-05 18:57:30 +01:00
parent 767ebb022b
commit 0d6e747ba8
5 changed files with 35 additions and 19 deletions
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -90,18 +90,34 @@
 #   ansible.builtin.debug:
 #     msg: "✅ Samba version after upgrade: {{ samba_version.stdout }}"

- name: Stop Samba services before provisioning
-  ansible.builtin.service:
-    name: '{{ item }}'
+# - name: Stop Samba services before provisioning
+#   ansible.builtin.service:
+#     name: '{{ item }}'
+#     state: stopped
+#   ignore_errors: true
+#   loop:
+#     - samba-ad-dc
+#     - smbd
+#     - nmbd
+#     - winbind
+
+- name: Disable and stop regular Samba services
+  ansible.builtin.systemd:
+    name: "{{ item }}"
+    enabled: false
    state: stopped
-  ignore_errors: true
+    masked: true
  loop:
-    - samba-ad-dc
    - smbd
    - nmbd
    - winbind

-
+- name: Unmask and enable Samba AD/DC service (but do not start it)
+  ansible.builtin.systemd:
+    name: samba-ad-dc
+    masked: false
+    enabled: true
+    state: stopped



--- a/tasks/kerberos.yml
+++ b/tasks/kerberos.yml
@@ -3,7 +3,7 @@
  # The samba-tool output usually contains the path on a specific line.
  # We extract the path using regex and the 'search' filter.
  ansible.builtin.set_fact:
-    krb5_conf_path: '{{ samba_provision_output.stdout | regex_search('krb5.conf file is located at (.*)', '\\1') | first }}'
+    krb5_conf_path: "{{ samba_provision_output.stdout | regex_search('krb5.conf file is located at (.*)', '\\1') | first }}"
  when: samba_provision_output.stdout is defined

 - name: Copy krb5.conf to /etc/krb5.conf
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -8,15 +8,15 @@
 - name: Provision
  include_tasks: provision.yml

- name: Setup DNS resolver
-  include_tasks: setupresolver.yml
+# - name: Setup DNS resolver
+#   include_tasks: setupresolver.yml

- name: Configure Kerberos
-  include_tasks: kerberos.yml
+# - name: Configure Kerberos
+#   include_tasks: kerberos.yml

- name: Testing Samba AD DC
-  include_tasks: verify.yml
+# - name: Testing Samba AD DC
+#   include_tasks: verify.yml

- name: Configure Time Synchronization
-  include_tasks: ntpd.yml
+# - name: Configure Time Synchronization
+#   include_tasks: ntpd.yml
  
--- a/tasks/provision.yml
+++ b/tasks/provision.yml
@@ -13,7 +13,7 @@
    executable: /bin/bash
  changed_when: false
  when: not samba_provisioned.stat.exists
-  
+
 - name: Provision the Samba AD DC
  ansible.builtin.command: >
    samba-tool domain provision
--- a/tasks/verify.yml
+++ b/tasks/verify.yml
@@ -55,7 +55,7 @@
  ansible.builtin.command: host -t SRV _ldap._tcp.{{ addc_auth_domain | lower }}.
  register: ldap_srv_check
  changed_when: false
-  failed_when: ''has SRV record' not in ldap_srv_check.stdout'
+  failed_when: "'has SRV record' not in ldap_srv_check.stdout"

 - name: Debug - Show LDAP SRV check result
  ansible.builtin.debug:
@@ -66,7 +66,7 @@
  ansible.builtin.command: host -t SRV _kerberos._udp.{{ addc_auth_domain | lower }}.
  register: kerberos_srv_check
  changed_when: false
-  failed_when: ''has SRV record' not in kerberos_srv_check.stdout'
+  failed_when: "'has SRV record' not in kerberos_srv_check.stdout"

 - name: Debug - Show Kerberos SRV check result
  ansible.builtin.debug:
@@ -89,7 +89,7 @@
  register: ptr_record_check
  changed_when: false
  # Assuming dc1.{{ addc_auth_domain }} is the expected output for the reverse record
-  failed_when: ''domain name pointer {{ addc_hostname | lower }}.{{ addc_auth_domain | lower }}' not in ptr_record_check.stdout'
+  failed_when: "'domain name pointer {{ addc_hostname | lower }}.{{ addc_auth_domain | lower }}' not in ptr_record_check.stdout"

 - name: Debug - Show PTR Record check result
  ansible.builtin.debug: