From a95fbd482268102aace19f3cfc4b79287faade6a Mon Sep 17 00:00:00 2001 From: Jose Date: Tue, 4 Nov 2025 19:22:07 +0100 Subject: [PATCH] Replaced " with ' --- defaults/main.yml | 26 +++++++++++++------------- tasks/0backupcheck.yml | 10 +++++----- tasks/install.yml | 8 ++++---- tasks/kerberos.yml | 4 ++-- tasks/ntpd.yml | 8 ++++---- tasks/preparing.yml | 28 ++++++++++++++-------------- tasks/provision.yml | 8 ++++---- tasks/verify.yml | 32 ++++++++++++++++---------------- 8 files changed, 62 insertions(+), 62 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index a317b17..d77c477 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,31 +1,31 @@ # AD Provisioning details # Hostname = DC1 -addc_hostname: "DC1" +addc_hostname: 'DC1' # DC local IP Address = 10.99.0.1 -addc_ansible_host: "10.99.0.1" +addc_ansible_host: '10.99.0.1' # NetBIOS domain name (Workgroup). -addc_netbios_domain: "SAMDOM" +addc_netbios_domain: 'SAMDOM' # Top level Domain = EXAMPLE.COM -addc_tld: "EXAMPLE.COM" +addc_tld: 'EXAMPLE.COM' # Authentication Domain = SAMDOM.EXAMPLE.COM -addc_auth_domain: "{{ addc_netbios_domain | upper }}.{{ addc_tld | upper }}" +addc_auth_domain: '{{ addc_netbios_domain | upper }}.{{ addc_tld | upper }}' -addc_admin_password: "Passw0rd" -addc_dns_backend: "SAMBA_INTERNAL" -addc_server_role: "dc" +addc_admin_password: 'Passw0rd' +addc_dns_backend: 'SAMBA_INTERNAL' +addc_server_role: 'dc' addc_ip_network_prefix: "{{ addc_ansible_host.split('.')[:3] | join('.') }}" addc_ip_last_octet: "{{ addc_ansible_host.split('.')[-1] }}" addc_reverse_zone_name: "{{ addc_ip_network_prefix.split('.') | reverse | join('.') }}.in-addr.arpa" samba_domain_info: - realm: "{{ addc_auth_domain | upper }}" - domain: "{{ addc_netbios_domain | upper }}" + realm: '{{ addc_auth_domain | upper }}' + domain: '{{ addc_netbios_domain | upper }}' server_role: "{{ addc_server_role | default('dc') }}" dns_backend: "{{ addc_dns_backend | default('SAMBA_INTERNAL') }}" - adminpass: "{{ addc_admin_password }}" + adminpass: '{{ addc_admin_password }}' interfaces: "{{ samba_iface_list | join(' ') }}" - bind_interfaces_only: "yes" + bind_interfaces_only: 'yes' samba_iface_list: - lo @@ -49,4 +49,4 @@ samba_packages: location_internal_dns: 192.168.1.1 location_external_dns: 8.8.8.8 -backup_path: "/path/to/your/backup/directory" \ No newline at end of file +backup_path: '/path/to/your/backup/directory' \ No newline at end of file diff --git a/tasks/0backupcheck.yml b/tasks/0backupcheck.yml index 077dce8..f35a083 100644 --- a/tasks/0backupcheck.yml +++ b/tasks/0backupcheck.yml @@ -1,12 +1,12 @@ --- - name: Check if backup directory exists stat: - path: "{{ backup_path }}" + path: '{{ backup_path }}' register: backup_dir_stat - name: Check if backup directory is not empty find: - paths: "{{ backup_path }}" + paths: '{{ backup_path }}' file_type: any recurse: false when: backup_dir_stat.stat.exists and backup_dir_stat.stat.isdir @@ -15,8 +15,8 @@ - name: Check if each required file exists stat: - path: "{{ dir_path }}/{{ item }}" - loop: "{{ backup_required_files }}" + path: '{{ dir_path }}/{{ item }}' + loop: '{{ backup_required_files }}' register: required_file_stats - name: Determine missing files @@ -52,5 +52,5 @@ - name: Debug - Show final result debug: - msg: "Backup directory exists and is not empty." + msg: 'Backup directory exists and is not empty.' when: backup_dir_valid | default(false) diff --git a/tasks/install.yml b/tasks/install.yml index 2e566e4..5ae8063 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -1,7 +1,7 @@ --- - name: Install required packages ansible.builtin.apt: - pkg: "{{ samba_packages }}" + pkg: '{{ samba_packages }}' state: latest update_cache: yes autoclean: yes @@ -10,7 +10,7 @@ # - name: Install required packages # ansible.builtin.package: -# name: "{{ samba_packages }}" +# name: '{{ samba_packages }}' # state: latest # - name: Stop samba-ad-dc before provisioning (if running) @@ -22,7 +22,7 @@ - name: Stop Samba services before provisioning ansible.builtin.service: - name: "{{ item }}" + name: '{{ item }}' state: stopped ignore_errors: true loop: @@ -47,7 +47,7 @@ # - name: Deploy smb.conf # ansible.builtin.template: # src: smb.conf.j2 -# dest: "{{ samba_conf_path }}" +# dest: '{{ samba_conf_path }}' # owner: root # group: root # mode: '0644' diff --git a/tasks/kerberos.yml b/tasks/kerberos.yml index 9ab994c..a51a9fc 100644 --- a/tasks/kerberos.yml +++ b/tasks/kerberos.yml @@ -3,12 +3,12 @@ # The samba-tool output usually contains the path on a specific line. # We extract the path using regex and the 'search' filter. ansible.builtin.set_fact: - krb5_conf_path: "{{ samba_provision_output.stdout | regex_search('krb5.conf file is located at (.*)', '\\1') | first }}" + krb5_conf_path: '{{ samba_provision_output.stdout | regex_search('krb5.conf file is located at (.*)', '\\1') | first }}' when: samba_provision_output.stdout is defined - name: Copy krb5.conf to /etc/krb5.conf ansible.builtin.copy: - src: "{{ krb5_conf_path }}" + src: '{{ krb5_conf_path }}' dest: /etc/krb5.conf owner: root group: root diff --git a/tasks/ntpd.yml b/tasks/ntpd.yml index 95ba29a..05c59a3 100644 --- a/tasks/ntpd.yml +++ b/tasks/ntpd.yml @@ -17,7 +17,7 @@ - name: Set the path variable, failing if not found ansible.builtin.set_fact: - ntp_signd_path: "{{ find_ntp_signd.files[0].path }}" + ntp_signd_path: '{{ find_ntp_signd.files[0].path }}' # This conditional logic ensures the playbook stops if the directory is missing, # or if more than one directory named 'ntp_signd' is found (which is unlikely/undesirable). when: find_ntp_signd.matched == 1 @@ -25,7 +25,7 @@ - name: Verify permissions on the detected 'ntp_signd' directory ansible.builtin.stat: - path: "{{ ntp_signd_path }}" + path: '{{ ntp_signd_path }}' register: ntp_signd_stats - name: Assert that the permissions allow read access @@ -34,8 +34,8 @@ # Check if the directory exists and has permissions that grant read/execute to 'other' (r-x) - ntp_signd_stats.stat.exists - ntp_signd_stats.stat.mode is search('[rwx-]{2}[rwx-]{2}[4-7]') - fail_msg: "FATAL: The detected ntp_signd directory ({{ ntp_signd_path }}) does not have necessary read permissions (mode: {{ ntp_signd_stats.stat.mode }})." - success_msg: "SUCCESS: Permissions on {{ ntp_signd_path }} are correctly configured." + fail_msg: 'FATAL: The detected ntp_signd directory ({{ ntp_signd_path }}) does not have necessary read permissions (mode: {{ ntp_signd_stats.stat.mode }}).' + success_msg: 'SUCCESS: Permissions on {{ ntp_signd_path }} are correctly configured.' - name: Configure ntp.conf for Active Directory Domain Controller (AD DC) ansible.builtin.template: diff --git a/tasks/preparing.yml b/tasks/preparing.yml index 97f16b5..678397c 100644 --- a/tasks/preparing.yml +++ b/tasks/preparing.yml @@ -11,7 +11,7 @@ ansible.builtin.file: path: /etc/resolv.conf state: absent - when: "'/run/systemd/resolve' in ansible_facts.lsb.description | default('')" + when: ''/run/systemd/resolve' in ansible_facts.lsb.description | default('')' - name: Create static /etc/resolv.conf ansible.builtin.copy: @@ -48,7 +48,7 @@ - name: Set /etc/hosts entry for Samba AD DC ansible.builtin.lineinfile: path: /etc/hosts - line: "{{ addc_ansible_host }} {{ addc_hostname | upper }}.{{ addc_tld | lower }} {{ addc_hostname | upper }}" + line: '{{ addc_ansible_host }} {{ addc_hostname | upper }}.{{ addc_tld | lower }} {{ addc_hostname | upper }}' state: present create: yes @@ -68,45 +68,45 @@ - name: Remove smb.conf using discovered path ansible.builtin.file: - path: "{{ smb_conf_path.stdout }}" + path: '{{ smb_conf_path.stdout }}' state: absent # Remove all Samba database files, such as *.tdb and *.ldb files - name: Get Samba directories from smbd -b - ansible.builtin.shell: smbd -b | egrep "LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR" | awk '{print $2}' + ansible.builtin.shell: smbd -b | egrep 'LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR' | awk '{print $2}' register: samba_dirs changed_when: false failed_when: samba_dirs.rc != 0 - name: Filter existing directories ansible.builtin.find: - paths: "{{ item }}" + paths: '{{ item }}' file_type: directory recurse: no - loop: "{{ samba_dirs.stdout_lines }}" + loop: '{{ samba_dirs.stdout_lines }}' register: existing_dirs - name: Collect existing directories ansible.builtin.set_fact: - valid_dirs: "{{ existing_dirs.results | selectattr('matched', '>', 0) | map(attribute='files') | sum(start=[]) | map(attribute='path') | list }}" + valid_dirs: '{{ existing_dirs.results | selectattr('matched', '>', 0) | map(attribute='files') | sum(start=[]) | map(attribute='path') | list }}' - name: Find *.tdb and *.ldb files ansible.builtin.find: - paths: "{{ item }}" - patterns: "*.tdb,*.ldb" + paths: '{{ item }}' + patterns: '*.tdb,*.ldb' recurse: yes use_regex: false - loop: "{{ valid_dirs }}" + loop: '{{ valid_dirs }}' register: db_files - name: Remove found tdb/ldb files ansible.builtin.file: - path: "{{ item.path }}" + path: '{{ item.path }}' state: absent - loop: "{{ db_files.results | map(attribute='files') | sum(start=[]) }}" + loop: '{{ db_files.results | map(attribute='files') | sum(start=[]) }}' when: item.path is defined - name: Report removed files ansible.builtin.debug: - msg: "Removed: {{ item.path }}" - loop: "{{ db_files.results | map(attribute='files') | sum(start=[]) }}" \ No newline at end of file + msg: 'Removed: {{ item.path }}' + loop: '{{ db_files.results | map(attribute='files') | sum(start=[]) }}' \ No newline at end of file diff --git a/tasks/provision.yml b/tasks/provision.yml index 7795a5d..6c225f8 100644 --- a/tasks/provision.yml +++ b/tasks/provision.yml @@ -6,7 +6,7 @@ - name: Remove smb.conf if server role conflicts ansible.builtin.shell: | - if grep -q "server role = standalone server" /etc/samba/smb.conf 2>/dev/null; then + if grep -q 'server role = standalone server' /etc/samba/smb.conf 2>/dev/null; then mv /etc/samba/smb.conf /etc/samba/smb.conf.bak.$(date +%s) fi args: @@ -22,9 +22,9 @@ --domain={{ samba_domain_info.domain }} --server-role={{ samba_domain_info.server_role }} --dns-backend={{ samba_domain_info.dns_backend }} - --adminpass="{{ addc_admin_password }}" - --option="interfaces={{ samba_domain_info.interfaces }}" - --option="bind interfaces only={{ samba_domain_info.bind_interfaces_only }}" + --adminpass='{{ addc_admin_password }}' + --option='interfaces={{ samba_domain_info.interfaces }}' + --option='bind interfaces only={{ samba_domain_info.bind_interfaces_only }}' when: not samba_provisioned.stat.exists register: samba_provision_output changed_when: samba_provision_output.rc == 0 diff --git a/tasks/verify.yml b/tasks/verify.yml index 808642c..1921d98 100644 --- a/tasks/verify.yml +++ b/tasks/verify.yml @@ -8,10 +8,10 @@ - name: Create the reverse DNS zone {{ addc_reverse_zone_name }} community.general.expect: # Note: The 'expect' module is in the 'community.general' collection - command: "samba-tool dns zonecreate {{ addc_ansible_host }} {{ addc_reverse_zone_name }} -U Administrator" + command: 'samba-tool dns zonecreate {{ addc_ansible_host }} {{ addc_reverse_zone_name }} -U Administrator' responses: # Use the '(?i)' flag for case-insensitive matching of the prompt. - '(?i)password for.*:': "{{ addc_admin_password }}" + '(?i)password for.*:': '{{ addc_admin_password }}' no_log: true # Highly recommended to prevent the password from appearing in logs - name: Create the PTR (reverse) DNS record @@ -25,7 +25,7 @@ -U Administrator responses: # Expects the standard Samba password prompt - '(?i)password for.*:': "{{ addc_admin_password }}" + '(?i)password for.*:': '{{ addc_admin_password }}' no_log: true # Hide sensitive data from logs @@ -36,7 +36,7 @@ - name: Report the results of the smbclient verification ansible.builtin.debug: - msg: "Samba Shares found: {{ smbclient_output.stdout }}" + msg: 'Samba Shares found: {{ smbclient_output.stdout }}' - name: Verify Samba AD authentication by accessing the netlogon share community.general.expect: @@ -45,7 +45,7 @@ command: smbclient //localhost/netlogon -UAdministrator -c 'ls' responses: # Use the (?i) flag for case-insensitive matching of the prompt. - '(?i)password:': "{{ addc_admin_password }}" + '(?i)password:': '{{ addc_admin_password }}' no_log: true # CRITICAL: Prevents the password from being logged register: auth_verification changed_when: false # This is a verification/check, not a change @@ -55,7 +55,7 @@ ansible.builtin.command: host -t SRV _ldap._tcp.{{ addc_auth_domain | lower }}. register: ldap_srv_check changed_when: false - failed_when: "'has SRV record' not in ldap_srv_check.stdout" + failed_when: ''has SRV record' not in ldap_srv_check.stdout' - name: Debug - Show LDAP SRV check result ansible.builtin.debug: @@ -66,7 +66,7 @@ ansible.builtin.command: host -t SRV _kerberos._udp.{{ addc_auth_domain | lower }}. register: kerberos_srv_check changed_when: false - failed_when: "'has SRV record' not in kerberos_srv_check.stdout" + failed_when: ''has SRV record' not in kerberos_srv_check.stdout' - name: Debug - Show Kerberos SRV check result ansible.builtin.debug: @@ -77,7 +77,7 @@ ansible.builtin.command: host -t A {{ addc_hostname | lower }}.{{ addc_auth_domain | lower }}. register: a_record_check changed_when: false - failed_when: "{{ addc_ansible_host }} not in a_record_check.stdout" + failed_when: '{{ addc_ansible_host }} not in a_record_check.stdout' - name: Debug - Show A Record check result ansible.builtin.debug: @@ -89,7 +89,7 @@ register: ptr_record_check changed_when: false # Assuming dc1.{{ addc_auth_domain }} is the expected output for the reverse record - failed_when: "'domain name pointer {{ addc_hostname | lower }}.{{ addc_auth_domain | lower }}' not in ptr_record_check.stdout" + failed_when: ''domain name pointer {{ addc_hostname | lower }}.{{ addc_auth_domain | lower }}' not in ptr_record_check.stdout' - name: Debug - Show PTR Record check result ansible.builtin.debug: @@ -102,14 +102,14 @@ responses: # Expects the standard Kerberos password prompt # The (?i) flag ensures case-insensitive matching. - '(?i)password for administrator.*:': "{{ addc_admin_password }}" + '(?i)password for administrator.*:': '{{ addc_admin_password }}' no_log: true # CRITICAL: Prevents the password from being logged register: kinit_check changed_when: false # This is a verification/check, not a change - name: Debug - Show kinit verification result (should be empty on success) ansible.builtin.debug: - msg: "Kerberos kinit verification successful. Output: {{ kinit_check.stdout }}" + msg: 'Kerberos kinit verification successful. Output: {{ kinit_check.stdout }}' - name: Optional - Show the cached Kerberos ticket ansible.builtin.command: klist @@ -136,11 +136,11 @@ # - name: Assert that the domain is provisioned # assert: # that: -# - "'Netbios name' in domain_info.stdout" -# - "'Server Role: ACTIVE DIRECTORY DOMAIN CONTROLLER' in domain_info.stdout" +# - ''Netbios name' in domain_info.stdout' +# - ''Server Role: ACTIVE DIRECTORY DOMAIN CONTROLLER' in domain_info.stdout' # - name: Attempt kinit with administrator -# command: echo "{{ samba_admin_password }}" | kinit administrator@{{ samba_realm }} +# command: echo '{{ samba_admin_password }}' | kinit administrator@{{ samba_realm }} # register: kinit_result # changed_when: false # failed_when: kinit_result.rc != 0 @@ -153,7 +153,7 @@ # - name: Assert Kerberos ticket exists # assert: # that: -# - "'krbtgt/{{ samba_realm }}@{{ samba_realm }}' in klist_result.stdout" +# - ''krbtgt/{{ samba_realm }}@{{ samba_realm }}' in klist_result.stdout' # - name: Check Samba AD DC service status # service_facts: @@ -161,5 +161,5 @@ # - name: Assert samba-ad-dc service is active # assert: # that: -# - "'samba-ad-dc' in ansible_facts.services" +# - ''samba-ad-dc' in ansible_facts.services' # - ansible_facts.services['samba-ad-dc'].state == 'running'