From a8529d4f727c935ee2747fea46d02c807dec16f1 Mon Sep 17 00:00:00 2001 From: Emiliano Vavassori Date: Sun, 13 Jul 2025 20:53:27 +0200 Subject: [PATCH] Primi passaggi di correzione; playbook ancora da testare. --- ansible.cfg | 2 ++ deploy.yml | 8 ++++++ deploy_vars.yml | 5 ++++ hosts | 2 ++ roles/domsearch/tasks/main.yml | 49 ++++++++++++++++++++++++++++++++++ roles/fqdn/tasks/main.yml | 22 +++++++++++++++ 6 files changed, 88 insertions(+) create mode 100644 ansible.cfg create mode 100644 deploy.yml create mode 100644 deploy_vars.yml create mode 100644 hosts create mode 100644 roles/domsearch/tasks/main.yml create mode 100644 roles/fqdn/tasks/main.yml diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..ed865bf --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +inventory = hosts diff --git a/deploy.yml b/deploy.yml new file mode 100644 index 0000000..2e4cb8a --- /dev/null +++ b/deploy.yml @@ -0,0 +1,8 @@ +--- +- hosts: all + vars_files: + - deploy_vars.yml + roles: + - fqdn + become: true + become_user: root diff --git a/deploy_vars.yml b/deploy_vars.yml new file mode 100644 index 0000000..6cfa466 --- /dev/null +++ b/deploy_vars.yml @@ -0,0 +1,5 @@ +--- +netbios: TEST +realm: TEST.LCL +domain: test.lcl +domainadmin: administrator diff --git a/hosts b/hosts new file mode 100644 index 0000000..f737d5b --- /dev/null +++ b/hosts @@ -0,0 +1,2 @@ +#localhost ansible_connection=local +zorin ansible_hostname=192.168.33.243 ansible_user=utente diff --git a/roles/domsearch/tasks/main.yml b/roles/domsearch/tasks/main.yml new file mode 100644 index 0000000..2d7c2da --- /dev/null +++ b/roles/domsearch/tasks/main.yml @@ -0,0 +1,49 @@ +--- +# Sistemiamo la ricerca per dominio, che potrebbe essere a ramengo. + +- name: Individuiamo l'interfaccia di rete nativa + ansible.builtin.set_fact: + nic: "{{ ansible_default_ipv4.interface }}" + +- name: Identifichiamo il profilo di connessione di NetworkManager + ansible.builtin.shell: >- + set -o pipefail; + nmcli connection | awk -F" " "/{{ nic }}/ { print $1 }' + args: + executable: /bin/bash + register: nm_connection + +- name: Forziamo il dominio di ricerca sulla connessione + ansible.builtin.command: >- + nmcli connection modify "{{ nm_connection.stdout|trim }}" + ipv4.dns-search {{ domain }} + +- name: Forziamo temporaneamente per questa sessione il dominio di ricerca + ansible.builtin.command: >- + resolvectl domain {{ nic }} {{ domain }} + +# Assumiamo che il server DNS inserito risolva il dominio. +# Consultiamo il DNS per ricevere informazioni sul domain controller. + +- name: Determiniamo il nome del domain controller + ansible.builtin.shell: >- + set -o pipeline; + dig +short _ldap._tcp.{{ domain }} SRV | cut -d' ' -f 4 | sed -e 's/\.$//' + args: + executable: /bin/bash + register: dcname + +- name: Determiniamo l'IP del domain controller + ansible.builtin.command: dig +short {{ dcname.stdout | trim }}. + register: dcipaddr + +- name: Impostiamo qualche fact + ansible.builtin.set_fact: + dc.name: "{{ dcname.stdout | trim }}" + dc.shortname: "{{ dc.name.split('.')[0] }}" + dc.ipaddr: "{{ dcipaddr | trim }}" + +- name: Verifichiamo che il PC effettivamente risolva gli shortname + ansible.builtin.command: dig +short {{ dc.shortname }} + register: check_shortnames + failed_when: check_shortnames.stdout|trim != {{ dc.ipaddr }} diff --git a/roles/fqdn/tasks/main.yml b/roles/fqdn/tasks/main.yml new file mode 100644 index 0000000..a5af5cb --- /dev/null +++ b/roles/fqdn/tasks/main.yml @@ -0,0 +1,22 @@ +--- +# Sistemiamo un po' di impostazioni legate al dominio + +- name: Impostazione del dominio + ansible.builtin.file: + path: /etc/domainname + content: | + {{ domain }} + owner: root + group: root + mode: '0644' + +- name: Sistemiamo il file hosts + ansible.builtin.lineinfile: + line: "127.0.1.1\t{{ ansible_hostname }}.{{ domain }}\t{{ ansible_hostname }}" + regexp: "^127.0.1.1" + path: /etc/hosts + +- name: Verifichiamo che tutto sia in ordine + ansible.builtin.command: hostname -f + register: returned_fqdn + failed_when: returned_fqdn.stdout != "{{ ansible_hostname }}.{{ domain }}"