112 lines
3.7 KiB
YAML
112 lines
3.7 KiB
YAML
---
|
|
# Disable tools, such as resolvconf, that automatically update your /etc/resolv.conf DNS resolver configuration file
|
|
- name: Stop and disable systemd-resolved if present
|
|
ansible.builtin.systemd:
|
|
name: systemd-resolved
|
|
enabled: false
|
|
state: stopped
|
|
when: ansible_facts.services['systemd-resolved.service'] is defined
|
|
|
|
- name: Remove /etc/resolv.conf if it's a symlink to systemd-resolved
|
|
ansible.builtin.file:
|
|
path: /etc/resolv.conf
|
|
state: absent
|
|
when: ''/run/systemd/resolve' in ansible_facts.lsb.description | default('')'
|
|
|
|
- name: Create static /etc/resolv.conf
|
|
ansible.builtin.copy:
|
|
dest: /etc/resolv.conf
|
|
content: |
|
|
nameserver {{ location_internal_dns }}
|
|
nameserver {{ location_external_dns }}
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Disable resolvconf package (if installed)
|
|
ansible.builtin.package:
|
|
name: resolvconf
|
|
state: absent
|
|
|
|
- name: Disable DNS updates from NetworkManager (if present)
|
|
ansible.builtin.blockinfile:
|
|
path: /etc/NetworkManager/NetworkManager.conf
|
|
block: |
|
|
[main]
|
|
dns=none
|
|
notify: Restart NetworkManager
|
|
when: ansible_facts.services['NetworkManager.service'] is defined
|
|
|
|
- name: Prevent dhclient from modifying resolv.conf (if present)
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/dhcp/dhclient.conf
|
|
regexp: '^#?supersede domain-name-servers'
|
|
line: 'supersede domain-name-servers {{ location_internal_dns }}, {{ location_external_dns }};'
|
|
create: yes
|
|
|
|
# Verify that the /etc/hosts file on the DC correctly resolves the fully-qualified domain name (FQDN) and short host name to the LAN IP address of the DC
|
|
- name: Set /etc/hosts entry for Samba AD DC
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/hosts
|
|
line: '{{ addc_ansible_host }} {{ addc_hostname | upper }}.{{ addc_tld | lower }} {{ addc_hostname | upper }}'
|
|
state: present
|
|
create: yes
|
|
|
|
- name: Ensure '127.0.0.1 localhost' is present and nothing else on that line
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/hosts
|
|
regexp: '^127\.0\.0\.1\s+'
|
|
line: '127.0.0.1 localhost'
|
|
state: present
|
|
|
|
# Remove any existing smb.conf file
|
|
- name: Get compiled default smb.conf path from smbd
|
|
ansible.builtin.shell: smbd -b | grep CONFIGFILE | awk '{print $2}'
|
|
register: smb_conf_path
|
|
changed_when: false
|
|
failed_when: smb_conf_path.rc != 0
|
|
|
|
- name: Remove smb.conf using discovered path
|
|
ansible.builtin.file:
|
|
path: '{{ smb_conf_path.stdout }}'
|
|
state: absent
|
|
|
|
# Remove all Samba database files, such as *.tdb and *.ldb files
|
|
- name: Get Samba directories from smbd -b
|
|
ansible.builtin.shell: smbd -b | egrep 'LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR' | awk '{print $2}'
|
|
register: samba_dirs
|
|
changed_when: false
|
|
failed_when: samba_dirs.rc != 0
|
|
|
|
- name: Filter existing directories
|
|
ansible.builtin.find:
|
|
paths: '{{ item }}'
|
|
file_type: directory
|
|
recurse: no
|
|
loop: '{{ samba_dirs.stdout_lines }}'
|
|
register: existing_dirs
|
|
|
|
- name: Collect existing directories
|
|
ansible.builtin.set_fact:
|
|
valid_dirs: '{{ existing_dirs.results | selectattr('matched', '>', 0) | map(attribute='files') | sum(start=[]) | map(attribute='path') | list }}'
|
|
|
|
- name: Find *.tdb and *.ldb files
|
|
ansible.builtin.find:
|
|
paths: '{{ item }}'
|
|
patterns: '*.tdb,*.ldb'
|
|
recurse: yes
|
|
use_regex: false
|
|
loop: '{{ valid_dirs }}'
|
|
register: db_files
|
|
|
|
- name: Remove found tdb/ldb files
|
|
ansible.builtin.file:
|
|
path: '{{ item.path }}'
|
|
state: absent
|
|
loop: '{{ db_files.results | map(attribute='files') | sum(start=[]) }}'
|
|
when: item.path is defined
|
|
|
|
- name: Report removed files
|
|
ansible.builtin.debug:
|
|
msg: 'Removed: {{ item.path }}'
|
|
loop: '{{ db_files.results | map(attribute='files') | sum(start=[]) }}' |