fws
/
ansible-roles
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
675 Commits
1 Branch
0 Tags
7.5 MiB
 
 
 
 
 
 
Tag: Branch: Tree: 7e1bf86baa
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7e1bf86baa'
${ noResults }
ansible-roles/roles/omv/tasks/main.yml

168 lines
5.2 KiB
Raw Blame History

---
- name: Install needed packages
apt:
name:
- libsasl2-modules-gssapi-mit
- libwbclient-sssd
- python-lxml # Needed for XML file manipulation
- patch # Needed to patch session.inc to support Auth HTTP
when: ad_auth | default(False)
tags: omv
- name: Install Extra repo
apt: deb=https://github.com/OpenMediaVault-Plugin-Developers/packages/raw/master/openmediavault-omvextrasorg_latest_all4.deb
environment:
- https_proxy: "{{ system_proxy | default('') }}"
tags: omv
- name: Check if we've joined the domaine
command: net ads info
register: omv_joined
ignore_errors: True
changed_when: False
when: ad_auth | default(False)
tags: omv
- name: Configure OMV system
xml:
path: /etc/openmediavault/config.xml
xpath: /config/{{ item.element }}
value: "{{ item.value }}"
with_items:
- element: services/smb/enable
value: 1
- element: services/smb/workgroup
value: "{{ ad_domain | default(samba_domain) }}"
- element: services/smb/loglevel
value: 3
- element: services/smb/extraoptions
value: |
security = ads
realm = {{ ad_realm | default(samba_realm) }}
kerberos method = secrets and keytab
idmap config {{ ad_realm | default(samba_realm) }} : backend = sss
idmap config *:backend = tdb
idmap config *:range = 1000-19999
logging = systemd
- element: system/powermanagement/powerbtn
value: shutdown
- element: services/ssh/enable
value: 1
- element: services/ssh/permitrootlogin
value: "{{ sshd_permit_root_login | default(False) | ternary('1','0') }}"
register: omv_conf
when: ad_auth | default(False)
tags: omv
- name: Configure proxy
xml:
path: /etc/openmediavault/config.xml
xpath: /config/proxy/{{ item.1 }}/{{ item.0.element }}
value: "{{ item.0.value }}"
with_nested:
- - element: enable
value: 1
- element: host
value: "{{ system_proxy | urlsplit('hostname') }}"
- element: port
value: "{{ system_proxy | urlsplit('port') }}"
- - http
- https
- ftp
when: system_proxy is defined and system_proxy != ''
tags: omv
- name: Disable proxy
xml:
path: /etc/openmediavault/config.xml
xpath: /config/proxy/{{ item }}/enable
value: 0
with_items:
- http
- https
- ftp
when: system_proxy is not defined or system_proxy == ''
tags: omv
- name: Expand configuration
command: /usr/share/openmediavault/mkconf/{{ item }}
with_items:
- samba
- profile
- timezone
when: ad_auth | default(False) and omv_conf.changed
tags: omv
- name: Start and enable smbd
service: name=smbd state=started enabled=True
tags: omv
- name: Join the domain with net ads to populate secrets.tdb
command: net ads join {{ ad_realm | default(samba_realm) | upper }} -U {{ ad_admin | default('Administrator') }}%{{ samba_dc_admin_pass }}
no_log: True
when: ad_auth | default(False) and omv_joined.rc != 0
tags: omv
- name: Rise max uid and gid so domain accounts are available (and only domain accounts
lineinfile:
path: /etc/login.defs
regexp: "^{{ item.0 }}_{{ item.1.minmax }}"
line: "{{ item.0 }}_{{ item.1.minmax }} {{ item.1.value }}"
with_nested:
- - GID
- UID
- - minmax: MAX
value: 2000200000
- minmax: MIN
value: 20000
when: ad_auth | default(False)
tags: omv
- name: Install pre and post backup scripts
template: src=omv_{{ item }}_backup.sh.j2 dest=/etc/backup/{{ item }}.d/omv.sh mode=755
with_items:
- pre
- post
tags: omv
- name: Handle services ports
iptables_raw:
name: "{{ item.description }}"
state: "{{ (item.ports | length > 0) | ternary('present','absent') }}"
rules: "{% if 'tcp' in item.proto | default(['tcp']) or item.proto | default('tcp') == 'tcp' %}-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ item.ports | join(',') }} -s {{ item.src | join(',') }} -j ACCEPT\n{% endif %}
{% if 'udp' in item.proto | default(['tcp']) or item.proto | default('tcp') == 'udp' %}-A INPUT -m state --state NEW -p udp -m multiport --dports {{ item.ports | join(',') }} -s {{ item.src | join(',') }} -j ACCEPT{% endif %}"
when: iptables_manage | default(True)
with_items:
- ports: "{{ omv_http_ports }}"
description: omv_http_ports
src: "{{ omv_http_src_ip }}"
- ports: "{{ omv_rsyncd_ports }}"
description: omv_rsyncd_ports
src: "{{ omv_rsyncd_src_ip }}"
- ports: "{{ omv_smb_ports }}"
description: omv_smb_ports
src: "{{ omv_smb_src_ip }}"
- ports: "{{ omv_ftp_ports }}"
description: omv_ftp_ports
src: "{{ omv_ftp_src_ip }}"
- ports: "{{ omv_nfs_ports }}"
description: omv_nfs_ports
src: "{{ omv_nfs_src_ip }}"
proto: [tcp,udp]
tags: [firewall,omv]
- name: Patch the web interface to support HTTP auth
patch:
src: auth_http.patch
dest: /usr/share/php/openmediavault/session.inc
backup: True
when: omv_auth_http | default(False)
tags: omv
- name: Patch the engine daemon to prevent resetting file owner
patch:
src: dont_reset_owner.patch
dest: /usr/share/openmediavault/engined/rpc/sharemgmt.inc
backup: True
notify: restart openmediavault-engined
tags: omv