Implement basic LAN client.

roles/lan-client/tasks/main.yml

@@ -0,0 +1,63 @@
+---
+- name: preseed krb5-config realm
+  debconf:
+    name: krb5-config
+    question: krb5-config/default_realm
+    value: "{{ ldap_domain | upper }}"
+    vtype: string
+
+- name: preseed krb5-config kerberos servers
+  debconf:
+    name: krb5-config
+    question: krb5-config/kerberos_servers
+    value: "{{ krb_server }}"
+    vtype: string
+
+- name: preseed krb5-config admin server
+  debconf:
+    name: krb5-config
+    question: krb5-config/admin_server
+    value: "{{ krb_server }}"
+    vtype: string
+
+- name: install needed packages
+  apt:
+    name:
+      - krb5-config
+      - krb5-user
+      - sssd-krb5
+      - sssd-ldap
+      - nfs-common
+    state: latest
+
+- name: provide identities from directory
+  template:
+    src: sssd.conf.j2
+    dest: /etc/sssd/sssd.conf
+    mode: 0600
+  notify: restart sssd
+
+- name: make sure the home mount directory exists
+  file: path={{ lan_homes }} state=directory recurse=yes
+
+
+## Activate machine after installation:
+- name: create machine principal
+  command: kadmin -p root/admin -w {{ lookup('password', '/root/kadmin.pwd') }} -q "addprinc -randkey nfs/{{ ansible_hostname }}.{{ ldap_domain }}"
+  no_log: true
+  when: not run_in_installer|default(false)|bool
+
+- name: add principal to keytab
+  command: kadmin -p root/admin -w {{ lookup('password', '/root/kadmin.pwd') }} -q "ktadd nfs/{{ ansible_hostname }}.{{ ldap_domain }}"
+  args:
+    creates: /etc/krb5.keytab
+  no_log: true
+  notify: "restart rpc-gssd"
+  when: not run_in_installer|default(false)|bool
+
+- name: automount
+  lineinfile:
+    dest: /etc/fstab
+    line: "{{ nfs_server}}:/home  {{ lan_homes }}  nfs4  sec=krb5p,_netdev,noauto,x-systemd.automount,x-systemd.idle-timeout=60  0  0"
+  notify: reload systemd
+  when: not run_in_installer|default(false)|bool