From 81d0348ea9b15a49b2234100abe2708655813003 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=94=D0=BE=D0=BB=D0=B3=D0=B8=D0=B9=20=D0=90=D1=80=D1=82?= =?UTF-8?q?=D1=91=D0=BC?= Date: Thu, 24 Aug 2023 14:51:20 +0300 Subject: [PATCH] add samba users and clients --- ansible/ansible.cfg | 1 + ansible_deploy_dc/add_samba_clients.yml | 74 +++++++++++++++++++ ansible_deploy_dc/add_samba_users.yml | 2 +- ansible_deploy_dc/ansible.cfg | 1 + ansible_deploy_dc/check_primary_dc.yml | 1 + ansible_deploy_dc/deploy_primary_dc.yml | 8 +- ansible_deploy_dc/hosts.ini | 6 +- ansible_deploy_dc/mutable_vars.yml | 8 ++ .../{users.yml => samba_users.yml} | 0 ansible_deploy_dc/vars.yml | 13 ++-- 10 files changed, 103 insertions(+), 11 deletions(-) create mode 100644 ansible_deploy_dc/add_samba_clients.yml create mode 100644 ansible_deploy_dc/mutable_vars.yml rename ansible_deploy_dc/{users.yml => samba_users.yml} (100%) diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index 01fac29..7bcfcce 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -3,3 +3,4 @@ host_key_checking = false inventory = ./hosts.ini #private_key_file = /home/sysadmin/.ssh/id_rsa private_key_file = /home/da2001/.ssh/id_rsa +interpreter_python=/usr/bin/python3 diff --git a/ansible_deploy_dc/add_samba_clients.yml b/ansible_deploy_dc/add_samba_clients.yml new file mode 100644 index 0000000..ade69fe --- /dev/null +++ b/ansible_deploy_dc/add_samba_clients.yml @@ -0,0 +1,74 @@ +--- + +- name: Добавление компьютеров в контроллер + hosts: testws + vars_files: + - vars.yml + - mutable_vars.yml + + tasks: + - name: Проверка того, что узел не является членом домена + ansible.builtin.shell: net ads testjoin + register: testjoin + ignore_errors: yes + - name: Результат проверки + ansible.builtin.debug: + var: testjoin.stdout_lines + failed_when: testjoin.rc == 0 + + - name: Обновление системы + apt_rpm: + update_cache: true + dist_upgrade: true + clean: true + + - name: Назначение корректного имени хоста + ansible.builtin.hostname: + name: "{{ inventory_hostname }}.{{ dc_details.realm }}" + use: systemd + + - name: Настройка синхронизации времени с контроллером домена - {{ dc_details.dc_ip }} + ansible.builtin.lineinfile: + path: /etc/resolvconf.conf + regexp: '^server .*' + line: server {{ dc_details.dc_ip }} + + - name: Перезапуск службы синхронизации времени + ansible.builtin.systemd: + name: "{{ sync_time_daemon }}" + enabled: true + state: restarted + masked: false + + - name: Настройка резолвера на контроллер домена - {{ dc_details.dc_ip }} + ansible.builtin.lineinfile: + path: /etc/resolvconf.conf + regexp: '^name_servers' + line: name_servers={{ dc_details.dc_ip }} + + - name: Обновление конфигурации резолвера + ansible.builtin.shell: "resolvconf -u" + + - name: Установка клиентского пакета Samba {{ samba_client_package }} + apt_rpm: + package: "{{ samba_client_package }}" + state: present + update_cache: yes + + - name: Ввод в домен + ansible.builtin.shell: | + system-auth write ad {{ dc_details.realm }} {{ inventory_hostname }} {{ dc_details.domain }} \ + '{{ dc_details.admin }}' '{{ dc_details.adminpass }}' + register: add_to_domain + - name: Итог ввода + ansible.builtin.debug: + var: add_to_domain.stdout_lines + + - name: Проверка ввода в домен + ansible.builtin.shell: net ads testjoin + register: testjoin + failed_when: testjoin.rc != 0 + + - name: Перезагрузка узла после добваления в домен + ansible.builtin.reboot: + reboot_timeout: 3600 diff --git a/ansible_deploy_dc/add_samba_users.yml b/ansible_deploy_dc/add_samba_users.yml index d2bc7ec..6082cca 100644 --- a/ansible_deploy_dc/add_samba_users.yml +++ b/ansible_deploy_dc/add_samba_users.yml @@ -3,7 +3,7 @@ - name: Создание пользователей контроллера домена hosts: dctest vars_files: - - users.yml + - samba_users.yml tasks: - name: Пользователи в домене Samba diff --git a/ansible_deploy_dc/ansible.cfg b/ansible_deploy_dc/ansible.cfg index 01fac29..7bcfcce 100644 --- a/ansible_deploy_dc/ansible.cfg +++ b/ansible_deploy_dc/ansible.cfg @@ -3,3 +3,4 @@ host_key_checking = false inventory = ./hosts.ini #private_key_file = /home/sysadmin/.ssh/id_rsa private_key_file = /home/da2001/.ssh/id_rsa +interpreter_python=/usr/bin/python3 diff --git a/ansible_deploy_dc/check_primary_dc.yml b/ansible_deploy_dc/check_primary_dc.yml index 7c3a571..93c8148 100644 --- a/ansible_deploy_dc/check_primary_dc.yml +++ b/ansible_deploy_dc/check_primary_dc.yml @@ -4,6 +4,7 @@ hosts: dctest vars_files: - vars.yml + - mutable_vars.yml tasks: - name: Проверка наличия развёрнутого домена на хосте {{ ansible_hostname }} diff --git a/ansible_deploy_dc/deploy_primary_dc.yml b/ansible_deploy_dc/deploy_primary_dc.yml index 86b8376..e3f5beb 100644 --- a/ansible_deploy_dc/deploy_primary_dc.yml +++ b/ansible_deploy_dc/deploy_primary_dc.yml @@ -4,6 +4,7 @@ hosts: dctest vars_files: - vars.yml + - mutable_vars.yml tasks: - name: Проверка соответствия ОС @@ -27,6 +28,11 @@ update_cache: true dist_upgrade: true clean: true + + - name: Назначение корректного имени хоста + ansible.builtin.hostname: + name: "{{ inventory_hostname }}.{{ dc_details.realm }}" + use: systemd - name: Установка пакетов {{ packages }} apt_rpm: @@ -85,7 +91,7 @@ --option="dns forwarder={{ dc_details.dns_forwarder }}" --server-role=dc --use-rfc2307 register: dc_provision_output - ansible.builtin.debug: - msg: dc_provision_output + msg: dc_provision_output.stdout_lines - name: Включение службы {{ samba_service }} ansible.builtin.systemd: diff --git a/ansible_deploy_dc/hosts.ini b/ansible_deploy_dc/hosts.ini index a94aa37..f3d86eb 100644 --- a/ansible_deploy_dc/hosts.ini +++ b/ansible_deploy_dc/hosts.ini @@ -6,4 +6,8 @@ alts2 ansible_host=10.1.1.12 ansible_user=root alts3 ansible_host=10.1.1.13 ansible_user=root [test] -dctest ansible_host=192.168.13.139 ansible_user=root \ No newline at end of file +dctest ansible_host=192.168.13.139 ansible_user=root + +[testws] +altws ansible_host=192.168.13.152 ansible_user=root +altkws ansible_host=192.168.13.153 ansible_user=root \ No newline at end of file diff --git a/ansible_deploy_dc/mutable_vars.yml b/ansible_deploy_dc/mutable_vars.yml new file mode 100644 index 0000000..8138490 --- /dev/null +++ b/ansible_deploy_dc/mutable_vars.yml @@ -0,0 +1,8 @@ +dc_details: + dc_ip: 192.168.13.139 + realm: alt.lan + realm_u: ALT.LAN + domain: alt + admin: Administrator + adminpass: P@ssw0rd + dns_forwarder: 77.88.8.8 \ No newline at end of file diff --git a/ansible_deploy_dc/users.yml b/ansible_deploy_dc/samba_users.yml similarity index 100% rename from ansible_deploy_dc/users.yml rename to ansible_deploy_dc/samba_users.yml diff --git a/ansible_deploy_dc/vars.yml b/ansible_deploy_dc/vars.yml index 55e1643..1a3c5c1 100644 --- a/ansible_deploy_dc/vars.yml +++ b/ansible_deploy_dc/vars.yml @@ -1,3 +1,4 @@ +# Переменные для настройки контроллера домена packages: - task-samba-dc - chrony @@ -21,12 +22,8 @@ folder_for_gp: gp_folder: /var/lib/samba/sysvol -dc_details: - realm: alt.lan - realm_u: ALT.LAN - domain: alt - admin: administrator - adminpass: P@ssw0rd - dns_forwarder: 77.88.8.8 - samba_service: samba + +# Переменные для настройки компьютеров-клиентов домена +sync_time_daemon: chronyd +samba_client_package: task-auth-ad-sssd