configpolicy/roles/samba-dc/tasks/main.yml

- name: load distribution-specific values
  include_vars: '{{ item }}'
  with_first_found:
  - '{{ ansible_distribution }}.yml'
  - defaults.yml
  tags:
  - always

- name: ensure packages are installed
  package:
    name={{ samba_dc_packages|join(',') }}
    state=present
  tags:
  - install

- name: ensure selinux file contexts are correct
  sefcontext:
    target={{ item.path }}
    setype={{ item.setype }}
    state=present
  with_items: '{{ samba_selinux_contexts }}'
  notify: restore samba file contexts

- name: ensure kerberos is configured
  template:
    src=krb5.conf.j2
    dest=/etc/krb5.conf.d/samba.conf

- name: ensure domain is provisioned
  samba_domain:
    realm={{ krb5_realm }}
    domain={{ netbios_domain|d(omit) }}
    use_rfc2307={{ samba_dc_use_rfc2307 }}
    dns_backend={{ samba_dc_dns_backend|d(omit) }}
    username={{ samba_dc_join_username|d(omit) }}
    password={{ samba_dc_join_password|d(omit) }}
    state={{ 'provisioned' if samba_is_first_dc else 'joined' }}
  register: samba_dc_provision
  notify:
  - restore samba file contexts
  - display generated admin password

- name: ensure samba starts at boot
  service:
    name=samba
    enabled=yes
- name: ensure samba is running
  service:
    name=samba
    state=started

- name: ensure firewall is configured for samba
  firewalld:
    service={{ item if '/' not in item else omit }}
    port={{ item if '/' in item else omit }}
    state=enabled
    permanent=no
    immediate=yes
  with_items: '{{ samba_firewall }}'
  notify: save firewalld configuration
  when: host_users_firewalld|d(true)|bool
  tags:
  - firewalld