Jose
fd4da57a3c
Updated the role to include optional tests after running it, ensuring that DNS resolution is correctly configured. The code has been refactored to improve readability and maintainability.
118 lines
2.8 KiB
YAML
118 lines
2.8 KiB
YAML
---
|
|
- name: Gather service facts
|
|
service_facts:
|
|
|
|
- name: Determine DNS manager
|
|
set_fact:
|
|
dns_manager: >-
|
|
{% if 'systemd-resolved.service' in ansible_facts.services and ansible_facts.services['systemd-resolved.service'].state == 'running' %}
|
|
systemd-resolved
|
|
{% elif 'NetworkManager.service' in ansible_facts.services and ansible_facts.services['NetworkManager.service'].state == 'running' %}
|
|
NetworkManager
|
|
{% else %}
|
|
manual
|
|
{% endif %}
|
|
|
|
- name: Configure DNS for systemd-resolved
|
|
when: dns_manager == 'systemd-resolved'
|
|
template:
|
|
src: resolved.conf.j2
|
|
dest: /etc/systemd/resolved.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
notify: Restart systemd-resolved
|
|
|
|
- name: Ensure /etc/resolv.conf points to systemd stub
|
|
when: dns_manager == 'systemd-resolved'
|
|
file:
|
|
src: /run/systemd/resolve/stub-resolv.conf
|
|
dest: /etc/resolv.conf
|
|
state: link
|
|
force: true
|
|
|
|
- name: Configure DNS via NetworkManager (nmcli)
|
|
when: dns_manager == 'NetworkManager'
|
|
block:
|
|
- name: Set DNS servers with nmcli
|
|
shell: >
|
|
nmcli con mod "{{ nm_connection_name }}"
|
|
ipv4.dns "{{ dns_servers | join(' ') }}"
|
|
ipv4.ignore-auto-dns yes
|
|
args:
|
|
warn: false
|
|
|
|
- name: Set search domain with nmcli
|
|
shell: >
|
|
nmcli con mod "{{ nm_connection_name }}"
|
|
ipv4.dns-search "{{ dns_search }}"
|
|
args:
|
|
warn: false
|
|
|
|
- name: Bring connection down and up to apply changes
|
|
shell: >
|
|
nmcli con down "{{ nm_connection_name }}" && nmcli con up "{{ nm_connection_name }}"
|
|
ignore_errors: true
|
|
|
|
when: dns_manager == 'manual'
|
|
template:
|
|
src: resolv.conf.j2
|
|
dest: /etc/resolv.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Install required packages
|
|
apt:
|
|
name:
|
|
- samba
|
|
- krb5-user
|
|
- winbind
|
|
- libpam-winbind
|
|
- libnss-winbind
|
|
state: present
|
|
become: yes
|
|
|
|
- name: Configure /etc/resolv.conf for AD DNS resolution
|
|
template:
|
|
src: resolv.conf.j2
|
|
dest: /etc/resolv.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
notify: Restart networking if required
|
|
|
|
- name: Configure Kerberos
|
|
template:
|
|
src: krb5.conf.j2
|
|
dest: /etc/krb5.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Configure Samba
|
|
template:
|
|
src: smb.conf.j2
|
|
dest: /etc/samba/smb.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Join the domain
|
|
shell: |
|
|
echo "{{ ad_admin_password }}" | net ads join -U {{ ad_admin_user }}%{{ ad_admin_password }}
|
|
args:
|
|
warn: false
|
|
register: join_result
|
|
changed_when: "'Joined domain' in join_result.stdout"
|
|
|
|
- name: Enable and start required services
|
|
service:
|
|
name: "{{ item }}"
|
|
state: started
|
|
enabled: yes
|
|
loop:
|
|
- smbd
|
|
- nmbd
|
|
- winbind
|