roles/samba-dc: Support joining existing domain

The *samba-dc* role now supports joining an existing Active Directory domain as an additional domain controller. The `samba_is_first_dc` variable controls whether the machine will be provisioned with a new domain (when true) or added to an existing domain (when false). Joining an existing domain naturally requires credentials of a user with permission to add a new DC, the `samba_dc_join_username` and `samba_dc_join_password` variables can be used to specify them. Alternatively, if these variables are not defined, then the process will attempt to use Kerberos credentials. This would require playbooks to make a ticket-granting-ticket available somehow, such as by executing `kinit` prior to applying the *samba-dc* role.
2018-01-29 13:35:26 -06:00
parent 1ccb8928bf
commit cb7c36d65a
3 changed files with 44 additions and 5 deletions
--- a/roles/samba-dc/tasks/main.yml
+++ b/roles/samba-dc/tasks/main.yml
@@ -32,6 +32,9 @@
    domain={{ netbios_domain|d(omit) }}
    use_rfc2307={{ samba_dc_use_rfc2307 }}
    dns_backend={{ samba_dc_dns_backend|d(omit) }}
+    username={{ samba_dc_join_username|d(omit) }}
+    password={{ samba_dc_join_password|d(omit) }}
+    state={{ 'provisioned' if samba_is_first_dc else 'joined' }}
  register: samba_dc_provision
  notify:
  - restore samba file contexts