roles/samba-dc: Deploy a Samba AD DC

The *samba-dc* role installs Samba on the managed node and configures it
as an Active Directory Domain controller. A custom module,
`samba_domain` handles the provisioning using `samba-tool domain
provision` in an idempotent way.

roles/samba-dc/tasks/main.yml

@@ -0,0 +1,60 @@
+- name: load distribution-specific values
+  include_vars: '{{ item }}'
+  with_first_found:
+  - '{{ ansible_distribution }}.yml'
+  - defaults.yml
+  tags:
+  - always
+
+- name: ensure packages are installed
+  package:
+    name={{ samba_dc_packages|join(',') }}
+    state=present
+  tags:
+  - install
+
+- name: ensure selinux file contexts are correct
+  sefcontext:
+    target={{ item.path }}
+    setype={{ item.setype }}
+    state=present
+  with_items: '{{ samba_selinux_contexts }}'
+  notify: restore samba file contexts
+
+- name: ensure kerberos is configured
+  template:
+    src=krb5.conf.j2
+    dest=/etc/krb5.conf.d/samba.conf
+
+- name: ensure domain is provisioned
+  samba_domain:
+    realm={{ krb5_realm }}
+    domain={{ netbios_domain|d(omit) }}
+    use_rfc2307={{ samba_dc_use_rfc2307 }}
+    dns_backend={{ samba_dc_dns_backend|d(omit) }}
+  register: samba_dc_provision
+  notify:
+  - restore samba file contexts
+  - display generated admin password
+
+- name: ensure samba starts at boot
+  service:
+    name=samba
+    enabled=yes
+- name: ensure samba is running
+  service:
+    name=samba
+    state=started
+
+- name: ensure firewall is configured for samba
+  firewalld:
+    service={{ item if '/' not in item else omit }}
+    port={{ item if '/' in item else omit }}
+    state=enabled
+    permanent=no
+    immediate=yes
+  with_items: '{{ samba_firewall }}'
+  notify: save firewalld configuration
+  when: host_users_firewalld|d(true)|bool
+  tags:
+  - firewalld