--- - name: Install required packages ansible.builtin.apt: pkg: '{{ samba_packages }}' state: latest update_cache: yes autoclean: yes autoremove: yes purge: true # - name: Install required packages # ansible.builtin.package: # name: '{{ samba_packages }}' # state: latest # - name: Stop samba-ad-dc before provisioning (if running) # ansible.builtin.service: # name: samba-ad-dc # state: stopped # enabled: no # ignore_errors: true # known regression in certain Samba 4.22.x builds # - name: Check installed Samba version # ansible.builtin.command: samba --version # register: samba_version # changed_when: false # failed_when: false # - name: Show installed Samba version # ansible.builtin.debug: # msg: "Samba version: {{ samba_version.stdout }}" # - name: Warn if Samba version is 4.22.4 # ansible.builtin.debug: # msg: "⚠️ Detected buggy Samba version 4.22.4 — upgrade recommended!" # when: "'4.22.4' in samba_version.stdout" # - name: Add Samba Team Debian GPG key (modern method) # ansible.builtin.get_url: # # url: https://pkg.samba.org/keys/samba-pubkey.asc # url: https://download.samba.org/pub/samba/samba-pubkey.asc # dest: /usr/share/keyrings/samba-team-archive-keyring.gpg # mode: '0644' # when: "'4.22.4' in samba_version.stdout" # - name: Add Samba Team Debian repository (modern method) # ansible.builtin.apt_repository: # # repo: "deb [signed-by=/usr/share/keyrings/samba-team-archive-keyring.gpg] http://pkg.samba.org/packages/debian {{ ansible_lsb.codename | default('bookworm') }} samba-422" # repo: "deb [signed-by=/usr/share/keyrings/samba-team-archive-keyring.gpg] http://download.samba.org/pub/samba/packages/debian {{ ansible_distribution_release }} samba-422" # state: present # filename: samba-team # when: "'4.22.4' in samba_version.stdout" # - name: Add Samba Team Debian GPG key (only if upgrade is needed) # ansible.builtin.apt_key: # url: https://pkg.samba.org/keys/samba-pubkey.asc # state: present # when: "'4.22.4' in samba_version.stdout" # - name: Add Samba Team Debian repository (only if upgrade is needed) # ansible.builtin.apt_repository: # repo: "deb http://pkg.samba.org/packages/debian $(lsb_release -cs) samba-422" # state: present # filename: samba-team # when: "'4.22.4' in samba_version.stdout" # - name: Update APT cache (only if upgrade is needed) # ansible.builtin.apt: # update_cache: yes # when: "'4.22.4' in samba_version.stdout" # - name: Upgrade Samba packages if version is 4.22.4 # ansible.builtin.apt: # name: # - samba # - samba-dsdb-modules # - samba-common-bin # - python3-samba # state: latest # when: "'4.22.4' in samba_version.stdout" # - name: Verify installed Samba version # ansible.builtin.command: samba --version # register: samba_version # changed_when: false # - name: Display upgraded Samba version # ansible.builtin.debug: # msg: "✅ Samba version after upgrade: {{ samba_version.stdout }}" # - name: Stop Samba services before provisioning # ansible.builtin.service: # name: '{{ item }}' # state: stopped # ignore_errors: true # loop: # - samba-ad-dc # - smbd # - nmbd # - winbind - name: Disable and stop regular Samba services ansible.builtin.systemd: name: "{{ item }}" enabled: false state: stopped masked: true loop: - smbd - nmbd - winbind - name: Unmask and enable Samba AD/DC service (but do not start it) ansible.builtin.systemd: name: samba-ad-dc masked: false enabled: true state: stopped # - name: Check if backup exist # - name: Provision AD domain # include_tasks: provision.yml # - name: Deploy smb.conf # ansible.builtin.template: # src: smb.conf.j2 # dest: '{{ samba_conf_path }}' # owner: root # group: root # mode: '0644' # notify: Restart Samba AD DC # - name: Enable and start samba-ad-dc service # ansible.builtin.service: # name: samba-ad-dc # state: started # enabled: yes # - name: Configure Kerberos # include_tasks: kerberos.yml # - name: Set DNS resolver and hosts entry # include_tasks: dns_hosts.yml # - name: Run verification checks # include_tasks: verify.yml # when: samba_verify | bool