roles/samba: Manage LDAP TLS certificates

This commit adds tasks to the *samba-dc* role to install TLS
certificates for the Samba LDAP server, and configures Samba to use
them.

roles/samba-dc/tasks/main.yml

@@ -36,6 +36,32 @@
   - restore samba file contexts
   - display generated admin password
 
+- name: ensure samba certificate is installed
+  copy:
+    src={{ item }}
+    dest={{ samba_tls_certfile }}
+    mode=0644
+  with_fileglob:
+  - certs/samba/{{ inventory_hostname }}/samba.cer
+  notify: restart samba
+- name: ensure samba certificate private key is installed
+  copy:
+    src={{ item }}
+    dest={{ samba_tls_keyfile }}
+    mode=0600
+  with_fileglob:
+  - certs/samba/{{ inventory_hostname }}/samba.key
+  notify: restart samba
+- name: ensure samba ca certificate is installed
+  copy:
+    src={{ item }}
+    dest={{ samba_tls_cafile }}
+    mode=0644
+  with_fileglob:
+  - certs/samba/{{ inventory_hostname }}/samba-ca.crt
+  when: samba_tls_cafile is defined
+  notify: restart samba
+
 - name: ensure smb.conf is configured
   template:
     src=smb.conf.j2