Rename some roles to make ansible-lint happy.
This commit is contained in:
Andreas B. Mundt
Andreas B. Mundt
parent
4d791a65f1
commit
1db0b6ec31
75 changed files with 29 additions and 29 deletions
6
roles/nfsserver/defaults/main.yml
Normal file
6
roles/nfsserver/defaults/main.yml
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
export_root: /srv/nfs4
|
||||
lan_homes: /home/lan
|
||||
basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}"
|
||||
min_id: 10000
|
||||
min_id_sssd: 5000
|
||||
max_id_sssd: 20000
|
||||
24
roles/nfsserver/handlers/main.yml
Normal file
24
roles/nfsserver/handlers/main.yml
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
- name: bind mount exported dir
|
||||
mount:
|
||||
path: "{{ export_root }}/home/"
|
||||
src: "{{ lan_homes }}"
|
||||
fstype: none
|
||||
state: mounted
|
||||
opts: bind
|
||||
listen: "bind mount exported dirs"
|
||||
|
||||
- name: restart nfs-kernel-server
|
||||
service: name=nfs-kernel-server state=restarted enabled=yes
|
||||
listen: "restart nfs-kernel-server"
|
||||
|
||||
- name: restart rpc-svcgssd
|
||||
service: name=rpc-svcgssd state=restarted enabled=yes
|
||||
listen: "restart rpc-svcgssd"
|
||||
|
||||
- name: restart sssd
|
||||
service: name=sssd state=restarted enabled=yes
|
||||
listen: "restart sssd"
|
||||
|
||||
- name: restart dnsmasq
|
||||
service: name=dnsmasq state=restarted enabled=yes
|
||||
listen: "restart dnsmasq"
|
||||
94
roles/nfsserver/tasks/main.yml
Normal file
94
roles/nfsserver/tasks/main.yml
Normal file
|
|
@ -0,0 +1,94 @@
|
|||
## Install and configure nfs-server
|
||||
---
|
||||
- name: check if ansible domain is nonempty
|
||||
fail: msg="The machine's domain must not be empty."
|
||||
when: ansible_domain | length == 0
|
||||
|
||||
- name: check if we are installing
|
||||
stat: path=/etc/exports
|
||||
register: exports
|
||||
|
||||
- name: install nfs-kernel-server
|
||||
apt:
|
||||
name:
|
||||
- nfs-kernel-server
|
||||
state: latest # noqa package-latest # noqa package-latest
|
||||
|
||||
- name: make sure the export paths exists
|
||||
file: path={{ export_root }}/home/ state=directory recurse=yes
|
||||
|
||||
- name: make sure the lan homes exists
|
||||
file: path={{ lan_homes }} state=directory recurse=yes
|
||||
notify: "bind mount exported dirs"
|
||||
|
||||
- name: configure exports
|
||||
blockinfile:
|
||||
dest: /etc/exports
|
||||
insertbefore: EOF
|
||||
block: |
|
||||
{{ export_root }} {{ ipaddr_lan | ipaddr('subnet') }}(sec=krb5p,rw,fsid=0,crossmnt,no_subtree_check)
|
||||
{{ export_root }}/home/ {{ ipaddr_lan | ipaddr('subnet') }}(sec=krb5p,rw,no_subtree_check)
|
||||
notify: "restart nfs-kernel-server"
|
||||
|
||||
- name: "make 'nfs' an alias hostname resolvable from the LAN"
|
||||
replace:
|
||||
path: /etc/hosts
|
||||
regexp: "^({{ ipaddr_lan | ipaddr('address') }}\\s.+)$"
|
||||
replace: '\1 nfs'
|
||||
when: not exports.stat.exists
|
||||
|
||||
- name: check if there is a local kadmin
|
||||
stat: path=/usr/sbin/kadmin.local
|
||||
register: kadmin
|
||||
|
||||
- name: create machine principal
|
||||
command: kadmin.local -q "addprinc -randkey nfs/{{ ansible_hostname }}.{{ ansible_domain }}"
|
||||
when: kadmin.stat.exists and not exports.stat.exists
|
||||
|
||||
- name: add principal to the keytab
|
||||
command: kadmin.local -q "ktadd nfs/{{ ansible_hostname }}.{{ ansible_domain }}"
|
||||
notify: "restart rpc-svcgssd"
|
||||
when: kadmin.stat.exists and not exports.stat.exists
|
||||
|
||||
- name: install sssd-krb5
|
||||
apt:
|
||||
name:
|
||||
- sssd-krb5
|
||||
- sssd-ldap
|
||||
- sssd-tools ## sss_cache -U -G
|
||||
state: latest # noqa package-latest
|
||||
when: kadmin.stat.exists
|
||||
|
||||
- name: provide identities from directory
|
||||
template:
|
||||
src: sssd.conf.j2
|
||||
dest: /etc/sssd/sssd.conf
|
||||
mode: 0600
|
||||
notify: restart sssd
|
||||
when: kadmin.stat.exists
|
||||
|
||||
- name: copy home from /etc/skel for dummy user foo
|
||||
shell: cp -r /etc/skel {{ lan_homes }}/foo && chmod -R o-rwx {{ lan_homes }}/foo && chown -R {{ min_id }}:{{ min_id }} {{ lan_homes }}/foo
|
||||
args:
|
||||
creates: "{{ lan_homes }}/foo"
|
||||
when: foo_pwd is defined and foo_pwd | length > 0
|
||||
|
||||
- name: check if our dnsmasq is used
|
||||
stat: path=/etc/dnsmasq.d/dnsmasq-dhcp
|
||||
register: dnsmasq
|
||||
|
||||
- name: send domain to clients
|
||||
template:
|
||||
src: dhcp-send-domain.j2
|
||||
dest: /etc/dnsmasq.d/dhcp-send-domain
|
||||
mode: 0644
|
||||
notify: "restart dnsmasq"
|
||||
when: dnsmasq.stat.exists
|
||||
|
||||
- name: allow nfs service in firewalld
|
||||
firewalld:
|
||||
zone: internal
|
||||
service: nfs
|
||||
permanent: true
|
||||
immediate: true
|
||||
state: enabled
|
||||
2
roles/nfsserver/templates/dhcp-send-domain.j2
Normal file
2
roles/nfsserver/templates/dhcp-send-domain.j2
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
expand-hosts
|
||||
domain={{ ansible_domain }}
|
||||
22
roles/nfsserver/templates/sssd.conf.j2
Normal file
22
roles/nfsserver/templates/sssd.conf.j2
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
[sssd]
|
||||
domains = LDAP
|
||||
config_file_version = 2
|
||||
|
||||
[nss]
|
||||
filter_groups = root
|
||||
filter_users = root
|
||||
|
||||
[pam]
|
||||
|
||||
[domain/LDAP]
|
||||
id_provider = ldap
|
||||
ldap_uri = ldap://{{ ansible_hostname }}/
|
||||
ldap_search_base = {{ basedn }}
|
||||
|
||||
auth_provider = krb5
|
||||
krb5_server = {{ ansible_hostname }}
|
||||
krb5_realm = {{ ansible_domain | upper }}
|
||||
cache_credentials = false
|
||||
|
||||
min_id = {{ min_id_sssd }}
|
||||
max_id = {{ max_id_sssd }}
|
||||
Loading…
Add table
Add a link
Reference in a new issue