87 lines
2.4 KiB
Markdown
87 lines
2.4 KiB
Markdown
# Ansible Role: samba_ad_dc
|
|
|
|
Ansible role to **install**, **provision**, and optionally **remove** a Samba Active Directory Domain Controller (AD DC) on **Debian-based systems** (e.g., Debian, Ubuntu).
|
|
|
|
---
|
|
|
|
## ✅ Features
|
|
|
|
- Installs and configures Samba as an AD Domain Controller
|
|
- Uses `samba-tool` to provision the domain
|
|
- Idempotent: Won't re-provision if already set up
|
|
- Reversible: Set `state: absent` to cleanly remove Samba AD DC
|
|
- Sets up `/etc/hosts` and DNS resolver
|
|
- Separate Kerberos configuration
|
|
- Logging of provisioning
|
|
- Molecule tests included for both `present` and `absent` states
|
|
|
|
---
|
|
|
|
## 📦 Role Variables
|
|
|
|
### Main Variables
|
|
|
|
| Variable | Description | Default |
|
|
|--------------------------|----------------------------------------------|----------------------|
|
|
| `samba_ad_dc_state` | `present` to install, `absent` to remove | `present` |
|
|
| `samba_realm` | Kerberos Realm (e.g., `EXAMPLE.COM`) | `EXAMPLE.COM` |
|
|
| `samba_domain` | NetBIOS domain name (e.g., `EXAMPLE`) | `EXAMPLE` |
|
|
| `samba_admin_password` | Admin password for the domain | `StrongAdminPassword123!` |
|
|
| `samba_dns_backend` | DNS backend (`SAMBA_INTERNAL`, `BIND9_DLZ`) | `SAMBA_INTERNAL` |
|
|
| `samba_hostname` | Hostname for the server | `inventory_hostname` |
|
|
|
|
---
|
|
|
|
## 🧰 Example Playbook
|
|
|
|
```yaml
|
|
- hosts: samba
|
|
become: true
|
|
roles:
|
|
- role: samba_ad_dc
|
|
vars:
|
|
samba_realm: "CORP.EXAMPLE.COM"
|
|
samba_domain: "CORP"
|
|
samba_admin_password: "SuperSecretPassw0rd!"
|
|
|
|
❌ Remove Samba AD DC
|
|
- hosts: samba
|
|
become: true
|
|
roles:
|
|
- role: samba_ad_dc
|
|
vars:
|
|
samba_ad_dc_state: absent
|
|
|
|
📁 Included Tasks
|
|
|
|
install.yml: Installs and provisions Samba AD
|
|
|
|
remove.yml: Stops and removes Samba AD
|
|
|
|
kerberos.yml: Configures Kerberos (/etc/krb5.conf)
|
|
|
|
verify.yml: Validates the installation (samba-tool, kinit)
|
|
|
|
dns_hosts.yml: Ensures /etc/hosts and DNS resolvers are set
|
|
|
|
logging.yml: Logs provisioning output
|
|
|
|
📄 Templates
|
|
|
|
smb.conf.j2: Samba configuration
|
|
|
|
krb5.conf.j2: Kerberos configuration
|
|
|
|
🔒 Security Notes
|
|
|
|
Passwords should be stored in Ansible Vault for production.
|
|
|
|
DNS and Kerberos configuration assumes internal AD DNS — adjust for external resolvers if needed.
|
|
|
|
🧩 Compatibility
|
|
|
|
OS: Debian 10/11/12+, Ubuntu 20.04/22.04+
|
|
|
|
Ansible: 2.9+
|
|
|