Replaced " with '

2025-11-04 19:22:07 +01:00
parent 3e62e137da
commit a95fbd4822
8 changed files with 62 additions and 62 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,31 +1,31 @@
 # AD Provisioning details
 # Hostname = DC1
-addc_hostname: "DC1"
+addc_hostname: 'DC1'
 # DC local IP Address = 10.99.0.1
-addc_ansible_host: "10.99.0.1"
+addc_ansible_host: '10.99.0.1'
 # NetBIOS domain name (Workgroup).
-addc_netbios_domain: "SAMDOM"
+addc_netbios_domain: 'SAMDOM'
 # Top level Domain = EXAMPLE.COM
-addc_tld: "EXAMPLE.COM"
+addc_tld: 'EXAMPLE.COM'
 # Authentication Domain = SAMDOM.EXAMPLE.COM
-addc_auth_domain: "{{ addc_netbios_domain | upper }}.{{ addc_tld | upper }}"
+addc_auth_domain: '{{ addc_netbios_domain | upper }}.{{ addc_tld | upper }}'

-addc_admin_password: "Passw0rd"
-addc_dns_backend: "SAMBA_INTERNAL"
-addc_server_role: "dc"
+addc_admin_password: 'Passw0rd'
+addc_dns_backend: 'SAMBA_INTERNAL'
+addc_server_role: 'dc'

 addc_ip_network_prefix: "{{ addc_ansible_host.split('.')[:3] | join('.') }}"
 addc_ip_last_octet: "{{ addc_ansible_host.split('.')[-1] }}"
 addc_reverse_zone_name: "{{ addc_ip_network_prefix.split('.') | reverse | join('.') }}.in-addr.arpa"

 samba_domain_info:
-  realm: "{{ addc_auth_domain | upper }}"
-  domain: "{{ addc_netbios_domain | upper }}"
+  realm: '{{ addc_auth_domain | upper }}'
+  domain: '{{ addc_netbios_domain | upper }}'
  server_role: "{{ addc_server_role | default('dc') }}"
  dns_backend: "{{ addc_dns_backend | default('SAMBA_INTERNAL') }}"
-  adminpass: "{{ addc_admin_password }}"
+  adminpass: '{{ addc_admin_password }}'
  interfaces: "{{ samba_iface_list | join(' ') }}"
-  bind_interfaces_only: "yes"
+  bind_interfaces_only: 'yes'

 samba_iface_list:
  - lo
@@ -49,4 +49,4 @@ samba_packages:
 location_internal_dns: 192.168.1.1
 location_external_dns: 8.8.8.8

-backup_path: "/path/to/your/backup/directory"
+backup_path: '/path/to/your/backup/directory'
--- a/tasks/0backupcheck.yml
+++ b/tasks/0backupcheck.yml
@@ -1,12 +1,12 @@
 ---
 - name: Check if backup directory exists
  stat:
-    path: "{{ backup_path }}"
+    path: '{{ backup_path }}'
  register: backup_dir_stat

 - name: Check if backup directory is not empty
  find:
-    paths: "{{ backup_path }}"
+    paths: '{{ backup_path }}'
    file_type: any
    recurse: false
  when: backup_dir_stat.stat.exists and backup_dir_stat.stat.isdir
@@ -15,8 +15,8 @@

 - name: Check if each required file exists
  stat:
-    path: "{{ dir_path }}/{{ item }}"
-  loop: "{{ backup_required_files }}"
+    path: '{{ dir_path }}/{{ item }}'
+  loop: '{{ backup_required_files }}'
  register: required_file_stats

 - name: Determine missing files
@@ -52,5 +52,5 @@

 - name: Debug - Show final result
  debug:
-    msg: "Backup directory exists and is not empty."
+    msg: 'Backup directory exists and is not empty.'
  when: backup_dir_valid | default(false)
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -1,7 +1,7 @@
 ---
 - name: Install required packages
  ansible.builtin.apt:  
-    pkg: "{{ samba_packages }}"
+    pkg: '{{ samba_packages }}'
    state: latest
    update_cache: yes
    autoclean: yes
@@ -10,7 +10,7 @@

 # - name: Install required packages
 #   ansible.builtin.package:  
-#     name: "{{ samba_packages }}"
+#     name: '{{ samba_packages }}'
 #     state: latest

 # - name: Stop samba-ad-dc before provisioning (if running)
@@ -22,7 +22,7 @@

 - name: Stop Samba services before provisioning
  ansible.builtin.service:
-    name: "{{ item }}"
+    name: '{{ item }}'
    state: stopped
  ignore_errors: true
  loop:
@@ -47,7 +47,7 @@
 # - name: Deploy smb.conf
 #   ansible.builtin.template:
 #     src: smb.conf.j2
-#     dest: "{{ samba_conf_path }}"
+#     dest: '{{ samba_conf_path }}'
 #     owner: root
 #     group: root
 #     mode: '0644'
--- a/tasks/kerberos.yml
+++ b/tasks/kerberos.yml
@@ -3,12 +3,12 @@
  # The samba-tool output usually contains the path on a specific line.
  # We extract the path using regex and the 'search' filter.
  ansible.builtin.set_fact:
-    krb5_conf_path: "{{ samba_provision_output.stdout | regex_search('krb5.conf file is located at (.*)', '\\1') | first }}"
+    krb5_conf_path: '{{ samba_provision_output.stdout | regex_search('krb5.conf file is located at (.*)', '\\1') | first }}'
  when: samba_provision_output.stdout is defined

 - name: Copy krb5.conf to /etc/krb5.conf
  ansible.builtin.copy:
-    src: "{{ krb5_conf_path }}"
+    src: '{{ krb5_conf_path }}'
    dest: /etc/krb5.conf
    owner: root
    group: root
--- a/tasks/ntpd.yml
+++ b/tasks/ntpd.yml
@@ -17,7 +17,7 @@

 - name: Set the path variable, failing if not found
  ansible.builtin.set_fact:
-    ntp_signd_path: "{{ find_ntp_signd.files[0].path }}"
+    ntp_signd_path: '{{ find_ntp_signd.files[0].path }}'
  # This conditional logic ensures the playbook stops if the directory is missing,
  # or if more than one directory named 'ntp_signd' is found (which is unlikely/undesirable).
  when: find_ntp_signd.matched == 1
@@ -25,7 +25,7 @@
  
 - name: Verify permissions on the detected 'ntp_signd' directory
  ansible.builtin.stat:
-    path: "{{ ntp_signd_path }}"
+    path: '{{ ntp_signd_path }}'
  register: ntp_signd_stats

 - name: Assert that the permissions allow read access
@@ -34,8 +34,8 @@
      # Check if the directory exists and has permissions that grant read/execute to 'other' (r-x)
      - ntp_signd_stats.stat.exists
      - ntp_signd_stats.stat.mode is search('[rwx-]{2}[rwx-]{2}[4-7]')
-    fail_msg: "FATAL: The detected ntp_signd directory ({{ ntp_signd_path }}) does not have necessary read permissions (mode: {{ ntp_signd_stats.stat.mode }})."
-    success_msg: "SUCCESS: Permissions on {{ ntp_signd_path }} are correctly configured."
+    fail_msg: 'FATAL: The detected ntp_signd directory ({{ ntp_signd_path }}) does not have necessary read permissions (mode: {{ ntp_signd_stats.stat.mode }}).'
+    success_msg: 'SUCCESS: Permissions on {{ ntp_signd_path }} are correctly configured.'

 - name: Configure ntp.conf for Active Directory Domain Controller (AD DC)
  ansible.builtin.template:
--- a/tasks/preparing.yml
+++ b/tasks/preparing.yml
@@ -11,7 +11,7 @@
  ansible.builtin.file:
    path: /etc/resolv.conf
    state: absent
-  when: "'/run/systemd/resolve' in ansible_facts.lsb.description | default('')"
+  when: ''/run/systemd/resolve' in ansible_facts.lsb.description | default('')'

 - name: Create static /etc/resolv.conf
  ansible.builtin.copy:
@@ -48,7 +48,7 @@
 - name: Set /etc/hosts entry for Samba AD DC
  ansible.builtin.lineinfile:
    path: /etc/hosts
-    line: "{{ addc_ansible_host }} {{ addc_hostname | upper }}.{{ addc_tld | lower }} {{ addc_hostname | upper }}"
+    line: '{{ addc_ansible_host }} {{ addc_hostname | upper }}.{{ addc_tld | lower }} {{ addc_hostname | upper }}'
    state: present
    create: yes

@@ -68,45 +68,45 @@

 - name: Remove smb.conf using discovered path
  ansible.builtin.file:
-    path: "{{ smb_conf_path.stdout }}"
+    path: '{{ smb_conf_path.stdout }}'
    state: absent

 # Remove all Samba database files, such as *.tdb and *.ldb files
 - name: Get Samba directories from smbd -b
-  ansible.builtin.shell: smbd -b | egrep "LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR" | awk '{print $2}'
+  ansible.builtin.shell: smbd -b | egrep 'LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR' | awk '{print $2}'
  register: samba_dirs
  changed_when: false
  failed_when: samba_dirs.rc != 0

 - name: Filter existing directories
  ansible.builtin.find:
-    paths: "{{ item }}"
+    paths: '{{ item }}'
    file_type: directory
    recurse: no
-  loop: "{{ samba_dirs.stdout_lines }}"
+  loop: '{{ samba_dirs.stdout_lines }}'
  register: existing_dirs

 - name: Collect existing directories
  ansible.builtin.set_fact:
-    valid_dirs: "{{ existing_dirs.results | selectattr('matched', '>', 0) | map(attribute='files') | sum(start=[]) | map(attribute='path') | list }}"
+    valid_dirs: '{{ existing_dirs.results | selectattr('matched', '>', 0) | map(attribute='files') | sum(start=[]) | map(attribute='path') | list }}'

 - name: Find *.tdb and *.ldb files
  ansible.builtin.find:
-    paths: "{{ item }}"
-    patterns: "*.tdb,*.ldb"
+    paths: '{{ item }}'
+    patterns: '*.tdb,*.ldb'
    recurse: yes
    use_regex: false
-  loop: "{{ valid_dirs }}"
+  loop: '{{ valid_dirs }}'
  register: db_files

 - name: Remove found tdb/ldb files
  ansible.builtin.file:
-    path: "{{ item.path }}"
+    path: '{{ item.path }}'
    state: absent
-  loop: "{{ db_files.results | map(attribute='files') | sum(start=[]) }}"
+  loop: '{{ db_files.results | map(attribute='files') | sum(start=[]) }}'
  when: item.path is defined

 - name: Report removed files
  ansible.builtin.debug:
-    msg: "Removed: {{ item.path }}"
-  loop: "{{ db_files.results | map(attribute='files') | sum(start=[]) }}"
+    msg: 'Removed: {{ item.path }}'
+  loop: '{{ db_files.results | map(attribute='files') | sum(start=[]) }}'
--- a/tasks/provision.yml
+++ b/tasks/provision.yml
@@ -6,7 +6,7 @@

 - name: Remove smb.conf if server role conflicts
  ansible.builtin.shell: |
-    if grep -q "server role = standalone server" /etc/samba/smb.conf 2>/dev/null; then
+    if grep -q 'server role = standalone server' /etc/samba/smb.conf 2>/dev/null; then
      mv /etc/samba/smb.conf /etc/samba/smb.conf.bak.$(date +%s)
    fi
  args:
@@ -22,9 +22,9 @@
    --domain={{ samba_domain_info.domain }}
    --server-role={{ samba_domain_info.server_role }}
    --dns-backend={{ samba_domain_info.dns_backend }}
-    --adminpass="{{ addc_admin_password }}"
-    --option="interfaces={{ samba_domain_info.interfaces }}"
-    --option="bind interfaces only={{ samba_domain_info.bind_interfaces_only }}"
+    --adminpass='{{ addc_admin_password }}'
+    --option='interfaces={{ samba_domain_info.interfaces }}'
+    --option='bind interfaces only={{ samba_domain_info.bind_interfaces_only }}'
  when: not samba_provisioned.stat.exists
  register: samba_provision_output
  changed_when: samba_provision_output.rc == 0
--- a/tasks/verify.yml
+++ b/tasks/verify.yml
@@ -8,10 +8,10 @@
 - name: Create the reverse DNS zone {{ addc_reverse_zone_name }}
  community.general.expect:
    # Note: The 'expect' module is in the 'community.general' collection
-    command: "samba-tool dns zonecreate {{ addc_ansible_host }} {{ addc_reverse_zone_name }} -U Administrator"
+    command: 'samba-tool dns zonecreate {{ addc_ansible_host }} {{ addc_reverse_zone_name }} -U Administrator'
    responses:
      # Use the '(?i)' flag for case-insensitive matching of the prompt.
-      '(?i)password for.*:': "{{ addc_admin_password }}"
+      '(?i)password for.*:': '{{ addc_admin_password }}'
  no_log: true # Highly recommended to prevent the password from appearing in logs

 - name: Create the PTR (reverse) DNS record
@@ -25,7 +25,7 @@
      -U Administrator
    responses:
      # Expects the standard Samba password prompt
-      '(?i)password for.*:': "{{ addc_admin_password }}"
+      '(?i)password for.*:': '{{ addc_admin_password }}'
  no_log: true # Hide sensitive data from logs


@@ -36,7 +36,7 @@

 - name: Report the results of the smbclient verification
  ansible.builtin.debug:
-    msg: "Samba Shares found: {{ smbclient_output.stdout }}"
+    msg: 'Samba Shares found: {{ smbclient_output.stdout }}'

 - name: Verify Samba AD authentication by accessing the netlogon share
  community.general.expect:
@@ -45,7 +45,7 @@
    command: smbclient //localhost/netlogon -UAdministrator -c 'ls'
    responses:
      # Use the (?i) flag for case-insensitive matching of the prompt.
-      '(?i)password:': "{{ addc_admin_password }}"
+      '(?i)password:': '{{ addc_admin_password }}'
  no_log: true # CRITICAL: Prevents the password from being logged
  register: auth_verification
  changed_when: false # This is a verification/check, not a change
@@ -55,7 +55,7 @@
  ansible.builtin.command: host -t SRV _ldap._tcp.{{ addc_auth_domain | lower }}.
  register: ldap_srv_check
  changed_when: false
-  failed_when: "'has SRV record' not in ldap_srv_check.stdout"
+  failed_when: ''has SRV record' not in ldap_srv_check.stdout'

 - name: Debug - Show LDAP SRV check result
  ansible.builtin.debug:
@@ -66,7 +66,7 @@
  ansible.builtin.command: host -t SRV _kerberos._udp.{{ addc_auth_domain | lower }}.
  register: kerberos_srv_check
  changed_when: false
-  failed_when: "'has SRV record' not in kerberos_srv_check.stdout"
+  failed_when: ''has SRV record' not in kerberos_srv_check.stdout'

 - name: Debug - Show Kerberos SRV check result
  ansible.builtin.debug:
@@ -77,7 +77,7 @@
  ansible.builtin.command: host -t A {{ addc_hostname | lower }}.{{ addc_auth_domain | lower }}.
  register: a_record_check
  changed_when: false
-  failed_when: "{{ addc_ansible_host }} not in a_record_check.stdout"
+  failed_when: '{{ addc_ansible_host }} not in a_record_check.stdout'

 - name: Debug - Show A Record check result
  ansible.builtin.debug:
@@ -89,7 +89,7 @@
  register: ptr_record_check
  changed_when: false
  # Assuming dc1.{{ addc_auth_domain }} is the expected output for the reverse record
-  failed_when: "'domain name pointer {{ addc_hostname | lower }}.{{ addc_auth_domain | lower }}' not in ptr_record_check.stdout"
+  failed_when: ''domain name pointer {{ addc_hostname | lower }}.{{ addc_auth_domain | lower }}' not in ptr_record_check.stdout'

 - name: Debug - Show PTR Record check result
  ansible.builtin.debug:
@@ -102,14 +102,14 @@
    responses:
      # Expects the standard Kerberos password prompt
      # The (?i) flag ensures case-insensitive matching.
-      '(?i)password for administrator.*:': "{{ addc_admin_password }}"
+      '(?i)password for administrator.*:': '{{ addc_admin_password }}'
  no_log: true # CRITICAL: Prevents the password from being logged
  register: kinit_check
  changed_when: false # This is a verification/check, not a change

 - name: Debug - Show kinit verification result (should be empty on success)
  ansible.builtin.debug:
-    msg: "Kerberos kinit verification successful. Output: {{ kinit_check.stdout }}"
+    msg: 'Kerberos kinit verification successful. Output: {{ kinit_check.stdout }}'

 - name: Optional - Show the cached Kerberos ticket
  ansible.builtin.command: klist
@@ -136,11 +136,11 @@
 # - name: Assert that the domain is provisioned
 #   assert:
 #     that:
-#       - "'Netbios name' in domain_info.stdout"
-#       - "'Server Role: ACTIVE DIRECTORY DOMAIN CONTROLLER' in domain_info.stdout"
+#       - ''Netbios name' in domain_info.stdout'
+#       - ''Server Role: ACTIVE DIRECTORY DOMAIN CONTROLLER' in domain_info.stdout'

 # - name: Attempt kinit with administrator
-#   command: echo "{{ samba_admin_password }}" | kinit administrator@{{ samba_realm }}
+#   command: echo '{{ samba_admin_password }}' | kinit administrator@{{ samba_realm }}
 #   register: kinit_result
 #   changed_when: false
 #   failed_when: kinit_result.rc != 0
@@ -153,7 +153,7 @@
 # - name: Assert Kerberos ticket exists
 #   assert:
 #     that:
-#       - "'krbtgt/{{ samba_realm }}@{{ samba_realm }}' in klist_result.stdout"
+#       - ''krbtgt/{{ samba_realm }}@{{ samba_realm }}' in klist_result.stdout'

 # - name: Check Samba AD DC service status
 #   service_facts:
@@ -161,5 +161,5 @@
 # - name: Assert samba-ad-dc service is active
 #   assert:
 #     that:
-#       - "'samba-ad-dc' in ansible_facts.services"
+#       - ''samba-ad-dc' in ansible_facts.services'
 #       - ansible_facts.services['samba-ad-dc'].state == 'running'