162 lines
4.4 KiB
YAML
162 lines
4.4 KiB
YAML
---
|
|
# - name: Install pexpect # required for verify.yml
|
|
# ansible.builtin.apt:
|
|
# pkg: pexpect
|
|
# state: latest
|
|
|
|
- name: Install required packages
|
|
ansible.builtin.apt:
|
|
pkg: '{{ samba_packages }}'
|
|
state: latest
|
|
# update_cache: yes
|
|
autoclean: yes
|
|
autoremove: yes
|
|
purge: true
|
|
|
|
# - name: Install required packages
|
|
# ansible.builtin.package:
|
|
# name: '{{ samba_packages }}'
|
|
# state: latest
|
|
|
|
# - name: Stop samba-ad-dc before provisioning (if running)
|
|
# ansible.builtin.service:
|
|
# name: samba-ad-dc
|
|
# state: stopped
|
|
# enabled: no
|
|
# ignore_errors: true
|
|
|
|
# known regression in certain Samba 4.22.x builds
|
|
|
|
# - name: Check installed Samba version
|
|
# ansible.builtin.command: samba --version
|
|
# register: samba_version
|
|
# changed_when: false
|
|
# failed_when: false
|
|
|
|
# - name: Show installed Samba version
|
|
# ansible.builtin.debug:
|
|
# msg: "Samba version: {{ samba_version.stdout }}"
|
|
|
|
# - name: Warn if Samba version is 4.22.4
|
|
# ansible.builtin.debug:
|
|
# msg: "⚠️ Detected buggy Samba version 4.22.4 — upgrade recommended!"
|
|
# when: "'4.22.4' in samba_version.stdout"
|
|
|
|
# - name: Add Samba Team Debian GPG key (modern method)
|
|
# ansible.builtin.get_url:
|
|
# # url: https://pkg.samba.org/keys/samba-pubkey.asc
|
|
# url: https://download.samba.org/pub/samba/samba-pubkey.asc
|
|
# dest: /usr/share/keyrings/samba-team-archive-keyring.gpg
|
|
# mode: '0644'
|
|
# when: "'4.22.4' in samba_version.stdout"
|
|
|
|
# - name: Add Samba Team Debian repository (modern method)
|
|
# ansible.builtin.apt_repository:
|
|
# # repo: "deb [signed-by=/usr/share/keyrings/samba-team-archive-keyring.gpg] http://pkg.samba.org/packages/debian {{ ansible_lsb.codename | default('bookworm') }} samba-422"
|
|
# repo: "deb [signed-by=/usr/share/keyrings/samba-team-archive-keyring.gpg] http://download.samba.org/pub/samba/packages/debian {{ ansible_distribution_release }} samba-422"
|
|
# state: present
|
|
# filename: samba-team
|
|
# when: "'4.22.4' in samba_version.stdout"
|
|
|
|
# - name: Add Samba Team Debian GPG key (only if upgrade is needed)
|
|
# ansible.builtin.apt_key:
|
|
# url: https://pkg.samba.org/keys/samba-pubkey.asc
|
|
# state: present
|
|
# when: "'4.22.4' in samba_version.stdout"
|
|
|
|
# - name: Add Samba Team Debian repository (only if upgrade is needed)
|
|
# ansible.builtin.apt_repository:
|
|
# repo: "deb http://pkg.samba.org/packages/debian $(lsb_release -cs) samba-422"
|
|
# state: present
|
|
# filename: samba-team
|
|
# when: "'4.22.4' in samba_version.stdout"
|
|
|
|
# - name: Update APT cache (only if upgrade is needed)
|
|
# ansible.builtin.apt:
|
|
# update_cache: yes
|
|
# when: "'4.22.4' in samba_version.stdout"
|
|
|
|
# - name: Upgrade Samba packages if version is 4.22.4
|
|
# ansible.builtin.apt:
|
|
# name:
|
|
# - samba
|
|
# - samba-dsdb-modules
|
|
# - samba-common-bin
|
|
# - python3-samba
|
|
# state: latest
|
|
# when: "'4.22.4' in samba_version.stdout"
|
|
|
|
# - name: Verify installed Samba version
|
|
# ansible.builtin.command: samba --version
|
|
# register: samba_version
|
|
# changed_when: false
|
|
|
|
# - name: Display upgraded Samba version
|
|
# ansible.builtin.debug:
|
|
# msg: "✅ Samba version after upgrade: {{ samba_version.stdout }}"
|
|
|
|
# - name: Stop Samba services before provisioning
|
|
# ansible.builtin.service:
|
|
# name: '{{ item }}'
|
|
# state: stopped
|
|
# ignore_errors: true
|
|
# loop:
|
|
# - samba-ad-dc
|
|
# - smbd
|
|
# - nmbd
|
|
# - winbind
|
|
|
|
- name: Disable and stop regular Samba services
|
|
ansible.builtin.systemd:
|
|
name: "{{ item }}"
|
|
enabled: false
|
|
state: stopped
|
|
masked: true
|
|
loop:
|
|
- smbd
|
|
- nmbd
|
|
- winbind
|
|
|
|
- name: Unmask and enable Samba AD/DC service (but do not start it)
|
|
ansible.builtin.systemd:
|
|
name: samba-ad-dc
|
|
masked: false
|
|
enabled: true
|
|
state: stopped
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# - name: Check if backup exist
|
|
|
|
# - name: Provision AD domain
|
|
# include_tasks: provision.yml
|
|
|
|
# - name: Deploy smb.conf
|
|
# ansible.builtin.template:
|
|
# src: smb.conf.j2
|
|
# dest: '{{ samba_conf_path }}'
|
|
# owner: root
|
|
# group: root
|
|
# mode: '0644'
|
|
# notify: Restart Samba AD DC
|
|
|
|
# - name: Enable and start samba-ad-dc service
|
|
# ansible.builtin.service:
|
|
# name: samba-ad-dc
|
|
# state: started
|
|
# enabled: yes
|
|
|
|
# - name: Configure Kerberos
|
|
# include_tasks: kerberos.yml
|
|
|
|
# - name: Set DNS resolver and hosts entry
|
|
# include_tasks: dns_hosts.yml
|
|
|
|
# - name: Run verification checks
|
|
# include_tasks: verify.yml
|
|
# when: samba_verify | bool
|