Switch to systemd automount for /srv/samba/schools/default-school
Replaced pam_mount with systemd automount to manage the mounting of the default school Samba share. This change improves system integration and simplifies the mount process by leveraging systemd's capabilities.
This commit is contained in:
Raphael Dannecker
parent
b6988ef640
commit
9df6c93636
3 changed files with 67 additions and 26 deletions
|
|
@ -24,28 +24,28 @@
|
||||||
insertafter: "<!-- Volume definitions -->"
|
insertafter: "<!-- Volume definitions -->"
|
||||||
when: web_dav is defined and web_dav | length > 0
|
when: web_dav is defined and web_dav | length > 0
|
||||||
|
|
||||||
- name: Configure pam_mount for LMN homes
|
# - name: Configure pam_mount for LMN homes
|
||||||
ansible.builtin.blockinfile:
|
# ansible.builtin.blockinfile:
|
||||||
dest: /etc/security/pam_mount.conf.xml
|
# dest: /etc/security/pam_mount.conf.xml
|
||||||
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (mount LMN home) -->"
|
# marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (mount LMN home) -->"
|
||||||
block: |
|
# block: |
|
||||||
<volume
|
# <volume
|
||||||
fstype="cifs"
|
# fstype="cifs"
|
||||||
server="{{ smb_server }}"
|
# server="{{ smb_server }}"
|
||||||
path="{{ smb_share }}"
|
# path="{{ smb_share }}"
|
||||||
mountpoint="/srv/samba/schools/default-school"
|
# mountpoint="/srv/samba/schools/default-school"
|
||||||
options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=%(USERGID),file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600{{ cifsopt | default(",cache=loose") }}"
|
# options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=%(USERGID),file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600{{ cifsopt | default(",cache=loose") }}"
|
||||||
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
|
# ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
|
||||||
</volume>
|
# </volume>
|
||||||
insertafter: "<!-- Volume definitions -->"
|
# insertafter: "<!-- Volume definitions -->"
|
||||||
when: not nfs4
|
# when: not nfs4
|
||||||
|
|
||||||
- name: Prepare mount point for homes
|
# - name: Prepare mount point for homes
|
||||||
ansible.builtin.file:
|
# ansible.builtin.file:
|
||||||
path: /srv/samba/schools/default-school/
|
# path: /srv/samba/schools/default-school/
|
||||||
state: directory
|
# state: directory
|
||||||
mode: '0755'
|
# mode: '0755'
|
||||||
when: not nfs4
|
# when: not nfs4
|
||||||
|
|
||||||
- name: Prepare persistent user cache base directory
|
- name: Prepare persistent user cache base directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
|
|
@ -75,11 +75,11 @@
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
|
||||||
|
|
||||||
- name: Clean up all user processes after logout
|
# - name: Clean up all user processes after logout
|
||||||
ansible.builtin.replace:
|
# ansible.builtin.replace:
|
||||||
path: /etc/security/pam_mount.conf.xml
|
# path: /etc/security/pam_mount.conf.xml
|
||||||
regexp: '^(<logout wait="0" hup="no" term="no" kill="no" />)$'
|
# regexp: '^(<logout wait="0" hup="no" term="no" kill="no" />)$'
|
||||||
replace: '<!-- \1 -->\n<logout wait="1000" hup="yes" term="yes" kill="yes" />'
|
# replace: '<!-- \1 -->\n<logout wait="1000" hup="yes" term="yes" kill="yes" />'
|
||||||
|
|
||||||
- name: Kill all user processes on logout
|
- name: Kill all user processes on logout
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
|
|
@ -112,3 +112,12 @@
|
||||||
state: present
|
state: present
|
||||||
fstype: nfs4
|
fstype: nfs4
|
||||||
when: nfs4
|
when: nfs4
|
||||||
|
|
||||||
|
- name: Mount SMB home directory
|
||||||
|
ansible.posix.mount:
|
||||||
|
src: //fileserver.pn.steinbeis.schule/default-school
|
||||||
|
path: /srv/samba/schools/default-school
|
||||||
|
opts: "multiuser,sec=krb5i,mfsymlinks,nobrl,actimeo=600,cache=loose,_netdev,x-systemd.automount,x-systemd.idle-timeout=60s"
|
||||||
|
state: present
|
||||||
|
fstype: cifs
|
||||||
|
when: not nfs4
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@
|
||||||
- sssd-ad
|
- sssd-ad
|
||||||
- sssd-tools
|
- sssd-tools
|
||||||
- adcli
|
- adcli
|
||||||
|
- kstart
|
||||||
|
|
||||||
- name: Provide user identities from AD
|
- name: Provide user identities from AD
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
|
@ -22,3 +23,23 @@
|
||||||
when: >
|
when: >
|
||||||
ansible_cmdline.adpw | default('') | length > 0 or
|
ansible_cmdline.adpw | default('') | length > 0 or
|
||||||
adpw.user_input | default('') | length > 0
|
adpw.user_input | default('') | length > 0
|
||||||
|
|
||||||
|
- name: Set CCache file name
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
dest: /etc/krb5.conf
|
||||||
|
line: ' default_ccache_name = FILE:/tmp/krb5cc_%{uid}'
|
||||||
|
insertbefore: '\[realms\]'
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Create kstart systemd service for obtaining machine ticket
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: kstart.service.j2
|
||||||
|
dest: /etc/systemd/system/kstart.service
|
||||||
|
mode: '0644'
|
||||||
|
when: not nfs4
|
||||||
|
|
||||||
|
- name: Enable kstart service
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: kstart.service
|
||||||
|
enabled: true
|
||||||
|
when: not nfs4
|
||||||
|
|
|
||||||
11
roles/lmn_sssd/templates/kstart.service.j2
Normal file
11
roles/lmn_sssd/templates/kstart.service.j2
Normal file
|
|
@ -0,0 +1,11 @@
|
||||||
|
[Unit]
|
||||||
|
Description=K5Start Kerberos Ticket Renewal
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
ExecStart=/usr/bin/k5start -f /etc/krb5.keytab -K 1 -u {{ ansible_hostname | upper }}$
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
||||||
Loading…
Add table
Reference in a new issue