--- # Disable tools, such as resolvconf, that automatically update your /etc/resolv.conf DNS resolver configuration file - name: Stop and disable systemd-resolved if present ansible.builtin.systemd: name: systemd-resolved enabled: false state: stopped when: ansible_facts.services['systemd-resolved.service'] is defined - name: Remove /etc/resolv.conf if it's a symlink to systemd-resolved ansible.builtin.file: path: /etc/resolv.conf state: absent when: "'/run/systemd/resolve' in ansible_facts.lsb.description | default('')" - name: Create static /etc/resolv.conf ansible.builtin.copy: dest: /etc/resolv.conf content: | nameserver {{ location_internal_dns }} nameserver {{ location_external_dns }} owner: root group: root mode: '0644' - name: Disable resolvconf package (if installed) ansible.builtin.package: name: resolvconf state: absent - name: Disable DNS updates from NetworkManager (if present) ansible.builtin.blockinfile: path: /etc/NetworkManager/NetworkManager.conf block: | [main] dns=none notify: Restart NetworkManager when: ansible_facts.services['NetworkManager.service'] is defined - name: Prevent dhclient from modifying resolv.conf (if present) ansible.builtin.lineinfile: path: /etc/dhcp/dhclient.conf regexp: '^#?supersede domain-name-servers' line: 'supersede domain-name-servers {{ location_internal_dns }}, {{ location_external_dns }};' create: yes # Verify that the /etc/hosts file on the DC correctly resolves the fully-qualified domain name (FQDN) and short host name to the LAN IP address of the DC - name: Set /etc/hosts entry for Samba AD DC ansible.builtin.lineinfile: path: /etc/hosts line: '{{ addc_ansible_host }} {{ addc_hostname | upper }}.{{ addc_tld | lower }} {{ addc_hostname | upper }}' state: present create: yes - name: Ensure '127.0.0.1 localhost' is present and nothing else on that line ansible.builtin.lineinfile: path: /etc/hosts regexp: '^127\.0\.0\.1\s+' line: '127.0.0.1 localhost' state: present # Remove any existing smb.conf file - name: Get compiled default smb.conf path from smbd ansible.builtin.shell: smbd -b | grep CONFIGFILE | awk '{print $2}' register: smb_conf_path changed_when: false failed_when: smb_conf_path.rc != 0 - name: Remove smb.conf using discovered path ansible.builtin.file: path: '{{ smb_conf_path.stdout }}' state: absent # Remove all Samba database files, such as *.tdb and *.ldb files - name: Get Samba directories from smbd -b ansible.builtin.shell: smbd -b | egrep 'LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR' | awk '{print $2}' register: samba_dirs changed_when: false failed_when: samba_dirs.rc != 0 - name: Filter existing directories ansible.builtin.find: paths: '{{ item }}' file_type: directory recurse: no loop: '{{ samba_dirs.stdout_lines }}' register: existing_dirs - name: Collect existing directories ansible.builtin.set_fact: valid_dirs: "{{ existing_dirs.results | selectattr('matched', '>', 0) | map(attribute='files') | sum(start=[]) | map(attribute='path') | list }}" - name: Find *.tdb and *.ldb files ansible.builtin.find: paths: '{{ item }}' patterns: '*.tdb,*.ldb' recurse: yes use_regex: false loop: '{{ valid_dirs }}' register: db_files - name: Remove found tdb/ldb files ansible.builtin.file: path: '{{ item.path }}' state: absent loop: "{{ db_files.results | map(attribute='files') | sum(start=[]) }}" when: item.path is defined - name: Report removed files ansible.builtin.debug: msg: 'Removed: {{ item.path }}' loop: "{{ db_files.results | map(attribute='files') | sum(start=[]) }}"