Jose/ansible_samba_tasks
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
c4d76c5cb17de3fa81c2345ef6300435a00cd5bf
ansible_samba_tasks/tasks/setupacdc.yml
Jose c4d76c5cb1 feat : Added detection of system's CA store path for various OS families 
This commit introduces new tasks to detect and set the trusted CA store path based on the operating system family. The changes include adding support for Debian/Ubuntu, RedHat/CentOS/Fedora, macOS, and Windows systems. Additionally, it downloads Proxmox's SSL certificate and adds it to the system's trusted CA store.
2025-11-01 12:26:37 +01:00

107 lines
4.1 KiB
YAML
Raw Blame History

- hosts: localhost
gather_facts: yes
vars:
addc_hostname: "DC1"
mac_address: "8E:90:31:DE:31:36"
node_ip: "{{ hostvars['node0']['ansible_host'] }}"
tasks:
- name: Detect the system's CA store path for Debian/Ubuntu
ansible.builtin.set_fact:
ca_store_path: "/etc/ssl/certs/"
when: ansible_facts.os_family == "Debian"
- name: Detect the system's CA store path for RedHat/CentOS/Fedora
ansible.builtin.set_fact:
ca_store_path: "/etc/pki/tls/certs/"
when: ansible_facts.os_family == "RedHat"
- name: Detect the system's CA store path for macOS
ansible.builtin.set_fact:
ca_store_path: "/System/Library/Keychains/SystemRootCertificates.keychain"
when: ansible_facts.system == "Darwin"
- name: Detect the system's CA store path for Windows
ansible.builtin.set_fact:
ca_store_path: "Windows Certificate Store (use certmgr.msc)"
when: ansible_facts.system == "Windows"
- name: Show the detected CA store path
ansible.builtin.debug:
msg: "The trusted CA store path is: {{ ca_store_path }}"
- name: Download Proxmox's SSL certificate
ansible.builtin.get_url:
url: "https://{{ node_ip }}:8006/pve2/cluster-ca.pem" # Assuming the Proxmox certificate URL
dest: "/tmp/proxmox-ca.pem"
mode: '0644'
register: download_cert
ignore_errors: yes # In case the certificate is already available locally
- name: Check if certificate was downloaded
ansible.builtin.stat:
path: "/tmp/proxmox-ca.pem"
register: cert_stat
- name: Add the Proxmox certificate to the system's trusted CA store
ansible.builtin.copy:
src: "/tmp/proxmox-ca.pem"
dest: "/usr/local/share/ca-certificates/proxmox-ca.crt"
mode: '0644'
when: cert_stat.stat.exists
- name: Update CA certificates (on Debian-based systems)
ansible.builtin.command:
cmd: update-ca-certificates
when: cert_stat.stat.exists
- name: Restart Semaphore UI service to apply certificate change (if necessary)
ansible.builtin.systemd:
name: semaphore
state: restarted
when: cert_stat.stat.exists
- name: Install 'proxmoxer' and 'requests' Python libraries for the ansible controller
ansible.builtin.pip:
name:
- proxmoxer
- requests
state: present
become: no
- name: Print node IP
debug:
msg: "The IP address of node0 is {{ node_ip }}"
- name: Create lxc container
community.proxmox.proxmox:
vmid: 200
node: "{{ node_ip }}"
api_user: root@pam
api_password: "{{ proxmox_password }}"
api_host: "{{ node_ip }}"
password: 123456
hostname: "{{ addc_hostname }}"
# ostype: debian
ostemplate: 'local:vztmpl/debian-13-standard_13.1-1_amd64.tar.zst'
# description: samba ad dc
# cores: 2
# memory: 2048
# disk: 'local-lvm:10'
# timezone: "Europe/Rome"
# onboot: true
# unprivileged: true
# features:
# - nesting=1
# - keyctl=1
# - mount=cifs
# pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCZgalXzHToHYdyl59O0dyZNffN0BGbILUCJGmJs/VNm7dpeJ6uj9/LDapcCK0dH1P4eaHd9aET4hkK04xSyX6CfVER2Wcz/G0z2wHCv9mQ3EUWPQI1ESxNhqtfGsPUmoDGzBdsOFK2qSS+FMJnZ/KUgXGU8lxdWUMHccQsSPWWp51Js/hfbhX80Q7TlacOBV1spoaMZDITuhWFhWRbL8X0Y+iG6QrnR36M9E4zMBk/LO33GAhqHlAoeQqjL62DpLQ7/+7aIM/IR6JzGTG5aaaPHpYFTXWJO4zSL3QcW+xbqrPozoszSnnw0Hc1WVwKY6bJSM7OoeFys27Ul7fMIuiZtQ2EfFgD1BGrPxU++k5Pdexg+IU+3QTWBH+GFlWrwjI+0siKw9VovljpLIIJk8EaK65gD/yrD4I5Wm2qVbzfYIT5tXIsGpoZDlw3dtcWfeSj3BYhN3PbDY7o2oqVygJTuN43EEuj0QehyRZKN52x1SBtJ/9KBrFhSLsU0F8mkpJyluiULbrFkOmnfig8e10OE1rZX9vIIDV7TnJ6i536pyGyvmY5VwDQ617qJpK5mbZWzWlv+J7KK4rTbmV9I97xSzpB0c+nVgtEAJ5AhsVBjlMHHawFDzucaoYK5rSnwBGlWHoj+/zy6aHkxiFDLfOsNg0yhPN6ATpCvOm849l8TQ== admin@localhost'
# netif:
# net0: "name=eth0,hwaddr={{ mac_address }},gw={{ location_gateway }},ip={{ addc_ansible_host }}/24,bridge=vmbr0"
validate_certs: false
Reference in New Issue View Git Blame Copy Permalink