Обновить ansible/promote_dc.yml
This commit is contained in:
+14
-21
@@ -3,17 +3,14 @@
|
|||||||
hosts: all
|
hosts: all
|
||||||
gather_facts: yes
|
gather_facts: yes
|
||||||
|
|
||||||
# В Ansible Semaphore эти переменные лучше передавать через Environment (Extra Variables)
|
|
||||||
# и использовать защищенные хранилища (Key Store) для паролей!
|
|
||||||
vars:
|
|
||||||
domain_name: "example.local" # Имя вашего домена
|
|
||||||
primary_dc_ip: "192.168.1.10" # IP-адрес текущего контроллера домена (для DNS)
|
|
||||||
domain_admin_user: "Administrator@example.local" # Учетная запись админа домена
|
|
||||||
# domain_admin_password: "{{ vault_domain_admin_password }}"
|
|
||||||
# safe_mode_password: "{{ vault_safe_mode_password }}" # Пароль восстановления DSRM
|
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Set Primary DC as DNS server (Required for Domain Join)
|
- name: Expand C drive if disk was increased
|
||||||
|
ansible.windows.win_shell: |
|
||||||
|
$size = Get-PartitionSupportedSize -DriveLetter C
|
||||||
|
Resize-Partition -DriveLetter C -Size $size.SizeMax
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
|
- name: Set primary DC as DNS server
|
||||||
ansible.windows.win_dns_client:
|
ansible.windows.win_dns_client:
|
||||||
adapter_names: "*"
|
adapter_names: "*"
|
||||||
ipv4_addresses:
|
ipv4_addresses:
|
||||||
@@ -25,33 +22,29 @@
|
|||||||
name: AD-Domain-Services
|
name: AD-Domain-Services
|
||||||
state: present
|
state: present
|
||||||
include_management_tools: yes
|
include_management_tools: yes
|
||||||
register: ad_feature
|
|
||||||
|
|
||||||
- name: Promote server to Additional Domain Controller
|
- name: Promote server to additional domain controller
|
||||||
microsoft.ad.domain_controller:
|
microsoft.ad.domain_controller:
|
||||||
domain_name: "{{ domain_name }}"
|
dns_domain_name: "{{ domain_name }}"
|
||||||
domain_admin_user: "{{ domain_admin_user }}"
|
domain_admin_user: "{{ domain_admin_user }}"
|
||||||
domain_admin_password: "{{ domain_admin_password }}"
|
domain_admin_password: "{{ domain_admin_password }}"
|
||||||
safe_mode_password: "{{ safe_mode_password }}"
|
safe_mode_password: "{{ safe_mode_password }}"
|
||||||
state: domain_controller
|
state: domain_controller
|
||||||
# Указываем, что сервер должен стать дополнительным DC в существующем домене
|
|
||||||
register: dc_promotion
|
register: dc_promotion
|
||||||
|
|
||||||
- name: Reboot after promotion
|
- name: Reboot after promotion
|
||||||
ansible.windows.win_reboot:
|
ansible.windows.win_reboot:
|
||||||
msg: "Rebooting to apply Domain Controller promotion"
|
msg: "Rebooting to apply Domain Controller promotion"
|
||||||
reboot_timeout: 600
|
reboot_timeout: 1800
|
||||||
post_reboot_delay: 60 # Даем время на инициализацию служб AD после перезагрузки
|
post_reboot_delay: 60
|
||||||
when: dc_promotion.reboot_required
|
when: dc_promotion.reboot_required
|
||||||
|
|
||||||
# Active Directory настраивает репликацию автоматически.
|
- name: Force Active Directory replication
|
||||||
# Следующий шаг принудительно инициирует синхронизацию для проверки.
|
|
||||||
- name: Force Active Directory Replication (SyncAll)
|
|
||||||
ansible.windows.win_command: repadmin /syncall /A /e /d
|
ansible.windows.win_command: repadmin /syncall /A /e /d
|
||||||
register: repadmin_result
|
register: repadmin_result
|
||||||
changed_when: false
|
changed_when: false
|
||||||
ignore_errors: yes # Игнорируем ошибки, если топология еще не построилась
|
ignore_errors: yes
|
||||||
|
|
||||||
- name: Show Replication Status
|
- name: Show replication status
|
||||||
ansible.builtin.debug:
|
ansible.builtin.debug:
|
||||||
var: repadmin_result.stdout_lines
|
var: repadmin_result.stdout_lines
|
||||||
Reference in New Issue
Block a user