Ansible roles
 
 
 
 
 
 

62 lines
1.6 KiB

---
- name: Install packages
yum: name={{ item }} state=present
with_items:
- sssd-ad
#- sssd-libwbclient
- adcli
- oddjob-mkhomedir
- krb5-workstation
tags: auth
- name: Set LDAP base
set_fact: ad_ldap_base=DC={{ ad_realm | regex_replace('\.',',DC=') }}
tags: auth
- name: Check if authconfig needs to update pam config
command: "grep -c -P '^auth\\s+sufficient\\s+pam_sss.so' /etc/pam.d/system-auth"
register: ad_authconfig_done
changed_when: False
ignore_errors: True
tags: auth
- name: Configure the PAM stack
command: authconfig --enablesssd --enablesssdauth --enablemkhomedir --update
when: ad_authconfig_done.stdout | int < 1
tags: auth
- name: Deploy sssd configuration
template: src=sssd.conf.j2 dest=/etc/sssd/sssd.conf mode=600
notify: restart sssd
tags: auth
- name: Deploy krb5 configuration
template: src=krb5.conf.j2 dest=/etc/krb5.conf
tags: auth
- name: Check if running on a DC
stat: path=/var/lib/samba/private/secrets.keytab
register: ad_dc_keytab
tags: auth
- name: Copy the keytab
copy: src=/var/lib/samba/private/secrets.keytab dest=/etc/krb5.keytab mode=600 remote_src=True
when: ad_dc_keytab.stat.exists
tags: auth
- name: Check if we already have our keytab file
stat: path=/etc/krb5.keytab
register: ad_keytab
tags: auth
- name: Join the domain
command: adcli join {{ ad_realm }} --login-user={{ ad_admin }} --host-fqdn={{ ansible_hostname }}.{{ ad_realm }} --stdin-password
args:
stdin: "{{ ad_admin_pass }}"
when: not ad_keytab.stat.exists
tags: auth
- name: Start and enable sssd
service: name=sssd state=started enabled=True
tags: auth