54 lines
1.8 KiB
YAML
54 lines
1.8 KiB
YAML
---
|
|
- name: Ensure the ntp package is installed
|
|
ansible.builtin.package:
|
|
name: ntp
|
|
state: present
|
|
|
|
- name: Search common Samba locations for the 'ntp_signd' directory
|
|
ansible.builtin.find:
|
|
paths:
|
|
# Common paths for Samba installations
|
|
- /var/lib/samba/
|
|
- /usr/local/samba/
|
|
- /etc/samba/
|
|
pattern: ntp_signd
|
|
file_type: directory
|
|
register: find_ntp_signd
|
|
|
|
- name: Set the path variable, failing if not found
|
|
ansible.builtin.set_fact:
|
|
ntp_signd_path: '{{ find_ntp_signd.files[0].path }}'
|
|
# This conditional logic ensures the playbook stops if the directory is missing,
|
|
# or if more than one directory named 'ntp_signd' is found (which is unlikely/undesirable).
|
|
when: find_ntp_signd.matched == 1
|
|
failed_when: find_ntp_signd.matched != 1
|
|
|
|
- name: Verify permissions on the detected 'ntp_signd' directory
|
|
ansible.builtin.stat:
|
|
path: '{{ ntp_signd_path }}'
|
|
register: ntp_signd_stats
|
|
|
|
- name: Assert that the permissions allow read access
|
|
ansible.builtin.assert:
|
|
that:
|
|
# Check if the directory exists and has permissions that grant read/execute to 'other' (r-x)
|
|
- ntp_signd_stats.stat.exists
|
|
- ntp_signd_stats.stat.mode is search('[rwx-]{2}[rwx-]{2}[4-7]')
|
|
fail_msg: 'FATAL: The detected ntp_signd directory ({{ ntp_signd_path }}) does not have necessary read permissions (mode: {{ ntp_signd_stats.stat.mode }}).'
|
|
success_msg: 'SUCCESS: Permissions on {{ ntp_signd_path }} are correctly configured.'
|
|
|
|
- name: Configure ntp.conf for Active Directory Domain Controller (AD DC)
|
|
ansible.builtin.template:
|
|
src: templates/ntp.conf.j2 # Path to your NTP template file
|
|
dest: /etc/ntp.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
notify:
|
|
- Restart ntp service
|
|
|
|
- name: Enable and start the ntp service
|
|
ansible.builtin.service:
|
|
name: ntp
|
|
state: started
|
|
enabled: true |