Linux AD Join Role Updates (#374)

* Add error handling * New tag and user data to test ansible role --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
ministryofjustice · Oct 24, 2023 · bc78b96 · bc78b96
1 parent efe2abb
commit bc78b96
Show file tree

Hide file tree

Showing 8 changed files with 32 additions and 7 deletions.
diff --git a/ansible/group_vars/ami_hmpps_domain_services_rhel_8_5.yml b/ansible/group_vars/ami_hmpps_domain_services_rhel_8_5.yml
@@ -0,0 +1,8 @@
+---
+ansible_python_interpreter: python3.9
+
+ami_roles_list:
+  - join-devtest-ad-linux
+
+# the below vars are defined in multiple groups.  Keep the values the same to avoid unexpected behaviour
+roles_list: "{{ (ami_roles_list | default([]) | difference(server_type_roles_list | default([]))) + (server_type_roles_list | default([])) }}"
diff --git a/ansible/group_vars/server_type_hmpps_domain_services.yml b/ansible/group_vars/server_type_hmpps_domain_services.yml
@@ -2,4 +2,6 @@
 ansible_python_interpreter: python3.9
 
 server_type_roles_list:
-  - join-ad-linux
+  - join-devtest-ad-linux
+
+roles_list: "{{ (ami_roles_list | default([]) | difference(server_type_roles_list | default([]))) + (server_type_roles_list | default([])) }}"
diff --git a/ansible/roles/join-ad-linux/README.md → ...ble/roles/join-devtest-ad-linux/README.md b/ansible/roles/join-ad-linux/README.md → ...ble/roles/join-devtest-ad-linux/README.md
diff --git a/...ble/roles/join-ad-linux/defaults/main.yml → ...s/join-devtest-ad-linux/defaults/main.yml b/...ble/roles/join-ad-linux/defaults/main.yml → ...s/join-devtest-ad-linux/defaults/main.yml
diff --git a/...ble/roles/join-ad-linux/handlers/main.yml → ...s/join-devtest-ad-linux/handlers/main.yml b/...ble/roles/join-ad-linux/handlers/main.yml → ...s/join-devtest-ad-linux/handlers/main.yml
diff --git a/...e/roles/join-ad-linux/tasks/get_facts.yml → ...join-devtest-ad-linux/tasks/get_facts.yml b/...e/roles/join-ad-linux/tasks/get_facts.yml → ...join-devtest-ad-linux/tasks/get_facts.yml
diff --git a/...roles/join-ad-linux/tasks/join_domain.yml → ...in-devtest-ad-linux/tasks/join_domain.yml b/...roles/join-ad-linux/tasks/join_domain.yml → ...in-devtest-ad-linux/tasks/join_domain.yml
@@ -1,4 +1,15 @@
 ---
+- name: Check if instance is already joined to the domain
+  command: getent passwd {{ join_domain_linux_service_account_username }}@{{ ad_domain }}
+  changed_when: false
+  register: result
+  ignore_errors: yes
+
+- name: Exit out of the play if instance is already joined to the domain
+  meta: end_host
+  when:
+    - result.rc == 0
+
 - name: Configure sshd_config
   lineinfile:
     path: /etc/ssh/sshd_config
@@ -28,3 +39,13 @@
     command: /bin/bash -c "/usr/sbin/realm join --user={{ join_domain_linux_service_account_username }}@{{ ad_domain|upper }} {{ ad_domain|lower }} -v"
     responses:
       Password for *: "{{ join_domain_linux_service_account_password }}"
+
+- name: Validate the AD join
+  command: getent passwd {{ join_domain_linux_service_account_username }}@{{ ad_domain }}
+  register: result
+  ignore_errors: yes
+
+- name: Check the validation result
+  fail:
+    msg: "AD join validation failed, {{ result.stderr }}"
+  when: result.rc != 0
diff --git a/ansible/roles/join-ad-linux/tasks/main.yml → ...oles/join-devtest-ad-linux/tasks/main.yml b/ansible/roles/join-ad-linux/tasks/main.yml → ...oles/join-devtest-ad-linux/tasks/main.yml
@@ -1,15 +1,9 @@
 ---
-- name: Set instance hostname
-  import_role:
-    name: set-ec2-hostname
-
 - name: Get linux service account details
   import_tasks: get_facts.yml
   tags:
     - ec2provision
-  when: ansible_distribution in ['RedHat']
 
 - import_tasks: join_domain.yml
   tags:
     - ec2provision
-  when: ansible_distribution in ['RedHat']