Fixes and improvements, NFS/KDC/LDAP related.

roles/kde/tasks/main.yml

@@ -2,6 +2,7 @@
   apt:
     name:
       - task-kde-desktop
+      - sddm-theme-debian-breeze
       - cups
     state: latest
 

roles/krb5-kdc-ldap/tasks/main.yml

@@ -2,7 +2,7 @@
 ##  run most tasks only on krb5-kdc-ldap installation.
 ---
 - fail: msg="The machine's domain must not be empty."
-  when: ansible_domain | length == 0 
+  when: ansible_domain | length == 0
 
 - name: check if slapd is already there
   stat: path=/usr/sbin/krb5kdc
@@ -142,35 +142,38 @@
   notify: "restart krb5-kdc"
   when: not krb5kdc.stat.exists
 
-- name: add root/admin as kadmin  
-  command: kadmin.local -q "addprinc -pw {{ kadmin_pwd }} root/admin"
+- name: add root/admin as kadmin
+  command: kadmin.local -q 'addprinc -pw "{{ kadmin_pwd }}" root/admin'
   when: not krb5kdc.stat.exists
 
 - name: dump kadmin password
   shell: echo -n "{{ kadmin_pwd }}" > "{{ kadmin_pwd_file }}" ; chmod 0600 "{{ kadmin_pwd_file }}"
   no_log: true
   when: not krb5kdc.stat.exists
-  
+
 - name: add default policy to silence warning when using kadmin
   command: kadmin.local -q "add_policy default"
   when: not krb5kdc.stat.exists
 
 - name: create machine principals
-  command: kadmin.local -q "addprinc -randkey {{ item }}/{{ ansible_hostname }}.{{ ansible_domain }}"
+  command: kadmin.local -q 'addprinc -randkey {{ item }}/{{ ansible_hostname }}.{{ ansible_domain }}'
   with_items:
     - host
     - ldap
   when: not krb5kdc.stat.exists
 
 - name: add principal to the keytab
-  command: kadmin.local -q "ktadd {{ item }}/{{ ansible_hostname }}.{{ ansible_domain }}"
+  command: kadmin.local -q 'ktadd {{ item }}/{{ ansible_hostname }}.{{ ansible_domain }}'
   with_items:
     - host
     - ldap
   when: not krb5kdc.stat.exists
 
 ##############
-  
+
 - name: kerberize dummy user foo
-  command: kadmin.local -q 'add_principal -pw {{ foo_pwd }} -x dn="uid=foo,ou=people,{{ basedn }}" foo'
-  when: foo_pwd is defined
+  command: kadmin.local -q 'add_principal -pw "{{ foo_pwd }}" -x dn="uid=foo,ou=people,{{ basedn }}" foo'
+  register: kerberize_result
+  changed_when: kerberize_result.stderr is not search('already exists while creating')
+  no_log: true
+  when: foo_pwd is defined and foo_pwd | length > 0

roles/lan-client/tasks/main.yml

@@ -33,6 +33,8 @@
       - nfs-common
     state: latest
 
+## oddjob-mkhomedir works only with sec=sys for the NFSv4 share
+    
 - name: provide identities from directory
   template:
     src: sssd.conf.j2
@@ -46,17 +48,19 @@
 
 ## Activate machine after installation:
 - name: create machine principal
-  command: kadmin -p root/admin -w {{ lookup('password', '/root/kadmin.pwd') }} -q "addprinc -randkey nfs/{{ ansible_hostname }}.{{ ansible_domain }}"
+  command: kadmin -p root/admin -w {{ kadmin_pwd }} -q "addprinc -randkey nfs/{{ ansible_hostname }}.{{ ansible_domain }}"
+  register: kerberize_result
+  changed_when: kerberize_result.stderr is not search('already exists while creating')
   no_log: true
-  when: not run_in_installer|default(false)|bool
+  when: not run_in_installer|default(false)|bool and kadmin_pwd | length > 0
 
 - name: add principal to keytab
-  command: kadmin -p root/admin -w {{ lookup('password', '/root/kadmin.pwd') }} -q "ktadd nfs/{{ ansible_hostname }}.{{ ansible_domain }}"
+  command: kadmin -p root/admin -w {{ kadmin_pwd }} -q "ktadd nfs/{{ ansible_hostname }}.{{ ansible_domain }}"
   args:
     creates: /etc/krb5.keytab
   no_log: true
   notify: "restart rpc-gssd"
-  when: not run_in_installer|default(false)|bool
+  when: not run_in_installer|default(false)|bool and kadmin_pwd | length > 0
 
 - name: automount
   lineinfile:

roles/ldap/defaults/main.yml

@@ -1,4 +1,4 @@
 ldap_admin_pwd: "{{ lookup('password', '/tmp/ldap_admin.pwd length=24') }}"
-ldap_pwd_file: "/root/ldap-admin.pwd"
+ldap_admin_pwd_file: "/root/ldap-admin.pwd"
 basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}"
 lan_homes:  /home/lan

roles/ldap/tasks/main.yml

@@ -2,7 +2,7 @@
 ##  run most tasks only on slapd installation.
 ---
 - fail: msg="The machine's domain must not be empty."
-  when: ansible_domain | length == 0 
+  when: ansible_domain | length == 0
 
 - name: check if slapd is already there
   stat: path=/usr/sbin/slapd
@@ -35,7 +35,7 @@
   when: not slapd.stat.exists
 
 - name: dump admin password
-  shell: echo -n "{{ ldap_admin_pwd }}" > "{{ ldap_pwd_file }}" ; chmod 0600 "{{ ldap_pwd_file }}"
+  shell: echo -n "{{ ldap_admin_pwd }}" > "{{ ldap_admin_pwd_file }}" ; chmod 0600 "{{ ldap_admin_pwd_file }}"
   no_log: true
   when: not slapd.stat.exists
 
@@ -80,6 +80,11 @@
     bind_dn: "cn=admin,{{ basedn }}"
     bind_pw: "{{ ldap_admin_pwd }}"
 
+- name: provide simple script to add/delete users
+  template:
+    src: debian-lan.j2
+    dest: /usr/local/sbin/debian-lan
+    mode: 0744
 
 ## Add user
 - name: add dummy user foo
@@ -98,7 +103,7 @@
       loginShell: /bin/bash
     bind_dn: "cn=admin,{{ basedn }}"
     bind_pw: "{{ ldap_admin_pwd }}"
-  when: foo_pwd is defined
+  when: foo_pwd is defined and foo_pwd | length > 0
 
 - name: add dummy group foo
   ldap_entry:
@@ -109,7 +114,7 @@
       gidNumber: 10000
     bind_dn: "cn=admin,{{ basedn }}"
     bind_pw: "{{ ldap_admin_pwd }}"
-  when: foo_pwd is defined
+  when: foo_pwd is defined and foo_pwd | length > 0
 
 ## ldapaddgroup tom
 ## ldapadduser tom tom

roles/nfs-server/handlers/main.yml

@@ -1,3 +1,12 @@
+- name: bind mount exported dir
+  mount:
+    path: "{{ export_root }}/home/"
+    src: "{{ lan_homes }}"
+    fstype: none
+    state: mounted
+    opts: bind
+  listen: "bind mount exported dirs"
+
 - name: restart nfs-kernel-server
   service: name=nfs-kernel-server state=restarted enabled=yes
   listen: "restart nfs-kernel-server"
@@ -9,3 +18,7 @@
 - name: restart sssd
   service: name=sssd state=restarted enabled=yes
   listen: "restart sssd"
+
+- name: restart dnsmasq
+  service: name=dnsmasq state=restarted enabled=yes
+  listen: "restart dnsmasq"

roles/nfs-server/tasks/main.yml

@@ -1,7 +1,7 @@
 ## Install and configure nfs-server
 ---
 - fail: msg="The machine's domain must not be empty."
-  when: ansible_domain | length == 0 
+  when: ansible_domain | length == 0
 
 - name: check if there are installing
   stat: path=/etc/exports
@@ -13,19 +13,12 @@
       - nfs-kernel-server
     state: latest
 
-- name: make sure the export exists
+- name: make sure the export paths exists
   file: path={{ export_root }}/home/ state=directory recurse=yes
 
-- name: make sure the export exists
+- name: make sure the lan homes exists
   file: path={{ lan_homes }} state=directory recurse=yes
-
-- name: bind mount exported dir
-  mount:
-    path: "{{ export_root }}/home/"
-    src: "{{ lan_homes }}"
-    fstype: none
-    state: mounted
-    opts: bind
+  notify: "bind mount exported dirs"
 
 - name: configure exports
   blockinfile:
@@ -36,8 +29,6 @@
       {{ export_root }}/home/   *(sec=krb5p,rw,no_subtree_check)
   notify: "restart nfs-kernel-server"
 
-
-
 - name: check if there is a local kadmin
   stat: path=/usr/sbin/kadmin.local
   register: kadmin
@@ -71,4 +62,15 @@
   shell: cp -r /etc/skel {{ lan_homes }}/foo && chmod -R o-rwx {{ lan_homes }}/foo && chown -R foo:foo {{ lan_homes }}/foo
   args:
     creates: "{{ lan_homes }}/foo"
-  when: foo_pwd is defined
+  when: foo_pwd is defined and foo_pwd | length > 0
+
+- name: check if our dnsmasq is used
+  stat: path=/etc/dnsmasq.d/dnsmasq-dhcp
+  register: dnsmasq
+
+- name: send domain to clients
+  template:
+    src: dhcp-send-domain.j2
+    dest: /etc/dnsmasq.d/dhcp-send-domain
+  notify: "restart dnsmasq"
+  when: dnsmasq.stat.exists

roles/nfs-server/templates/dhcp-send-domain.j2

@@ -0,0 +1,2 @@
+expand-hosts
+domain={{ ansible_domain }}