First draft generated by LLM

tasks/provision.yml

@@ -0,0 +1,37 @@
+---
+---
+- name: Ensure Samba log directory exists
+  file:
+    path: "{{ samba_log_dir }}"
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+
+- name: Provision the Samba AD DC (with logging)
+  command: >
+    samba-tool domain provision
+    --use-rfc2307
+    --realm={{ samba_realm }}
+    --domain={{ samba_domain }}
+    --server-role=dc
+    --dns-backend={{ samba_dns_backend }}
+    --adminpass={{ samba_admin_password }}
+  args:
+    creates: "{{ samba_samdb_path }}"
+  register: samba_provision_output
+  no_log: false  # You may toggle this if password should be hidden
+
+- name: Write provisioning output to log
+  copy:
+    content: "{{ samba_provision_output.stdout }}"
+    dest: "{{ samba_provision_log_file }}"
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Redact passwords in provisioning log (optional)
+  replace:
+    path: "{{ samba_provision_log_file }}"
+    regexp: "--adminpass=.*"
+    replace: "--adminpass=********"