[Samba] Usage of '--domain-guid' parameter of 'samba-tool domain provision'

Andrew Bartlett abartlet at samba.org
Mon May 22 19:36:47 UTC 2023 

On Mon, 2023-05-22 at 13:53 +0100, Rowland Penny via samba wrote:
> 
> On 22/05/2023 09:56, Olivier MARTIN via samba wrote:
> > I am testing my deployment Ansible script that create a AD DC domain 
> > environment. Every time I relaunched my script it recreates an AD DC 
> > with the given parameters (always the same domain parameters)
> > 
> > 
> 
> That explains what you are trying to achieve, but not really why.
> 
> If you are trying to create an Ansible script to create a new domain, 
> then you do not require any DC GUID's, as the first DC in your new 
> domain will have a new unique GUID.
> 
> If you are trying to create an Ansible script to recreate a failed 
> domain from a backup, then this works in pretty much the same way.
> 
> You should never try to backup a DC, only the domain. If a single DC 
> fails, replace it with a new DC. If all the DC's fail, then restore the 
> domain from a backup, you can use 'samba-tool domain backup' to create 
> the required backup.

Kia Ora Rowland,

Please leave this thread here, this isn't helping nor is the
combativeness making the mailing list a nice place to be. 

It is fine to be curious - say "I'm curious, how does rebuilding the
domain over and over help with your testing" - but we shouldn't be in a
position where your extensive experience is the only experience
possible in Samba administration.

Others have skills and practices from their own professional worlds
that can and should touch on Samba.  Samba certainly has its own
quirks, but the more we integrate with modern professional system
administration practice the better. 

Building infrastructure with Ansible - infrastructure as code - is an
awesome thing, particularly to check that surrounding services also
integrate well with Samba, and should be celebrated not belittled.  The
benefits are similar to the automated testing that makes Samba itself
so solid.

(I don't do a lot with Ansible, but Samba does use it to build our
GitLab CI bastion host for our private runners, and I maintain that
script.  I'm very glad we can reproduce this process on demand). 

Even for the initial deployment, having a clear "as code" record of how
the system was built would be much more than I ever had in my days as a
sysadmin.  

Andrew Bartlett

-- 
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba

More information about the samba mailing list