Rowland Penny
2023-May-22 12:53 UTC
[Samba] Usage of '--domain-guid' parameter of 'samba-tool domain provision'
On 22/05/2023 09:56, Olivier MARTIN via samba wrote:> I am testing my deployment Ansible script that create a AD DC domain > environment. Every time I relaunched my script it recreates an AD DC > with the given parameters (always the same domain parameters) > >That explains what you are trying to achieve, but not really why. If you are trying to create an Ansible script to create a new domain, then you do not require any DC GUID's, as the first DC in your new domain will have a new unique GUID. If you are trying to create an Ansible script to recreate a failed domain from a backup, then this works in pretty much the same way. You should never try to backup a DC, only the domain. If a single DC fails, replace it with a new DC. If all the DC's fail, then restore the domain from a backup, you can use 'samba-tool domain backup' to create the required backup. Rowland
Andrew Bartlett
2023-May-22 19:36 UTC
[Samba] Usage of '--domain-guid' parameter of 'samba-tool domain provision'
On Mon, 2023-05-22 at 13:53 +0100, Rowland Penny via samba wrote:> > On 22/05/2023 09:56, Olivier MARTIN via samba wrote: > > I am testing my deployment Ansible script that create a AD DC domain > > environment. Every time I relaunched my script it recreates an AD DC > > with the given parameters (always the same domain parameters) > > > > > > That explains what you are trying to achieve, but not really why. > > If you are trying to create an Ansible script to create a new domain, > then you do not require any DC GUID's, as the first DC in your new > domain will have a new unique GUID. > > If you are trying to create an Ansible script to recreate a failed > domain from a backup, then this works in pretty much the same way. > > You should never try to backup a DC, only the domain. If a single DC > fails, replace it with a new DC. If all the DC's fail, then restore the > domain from a backup, you can use 'samba-tool domain backup' to create > the required backup.Kia Ora Rowland, Please leave this thread here, this isn't helping nor is the combativeness making the mailing list a nice place to be.? It is fine to be curious - say "I'm curious, how does rebuilding the domain over and over help with your testing" - but we shouldn't be in a position where your extensive experience is the only experience possible in Samba administration. Others have skills and practices from their own professional worlds that can and should touch on Samba. ?Samba certainly has its own quirks, but the more we integrate with modern professional system administration practice the better.? Building infrastructure with Ansible - infrastructure as code - is an awesome thing, particularly to check that surrounding services also integrate well with Samba, and should be celebrated not belittled. ?The benefits are similar to the automated testing that makes Samba itself so solid. (I don't do a lot with Ansible, but Samba does use it to build our GitLab CI bastion host for our private runners, and I maintain that script. ?I'm very glad we can reproduce this process on demand).? Even for the initial deployment, having a clear "as code" record of how the system was built would be much more than I ever had in my days as a sysadmin. ? Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba