85 lines
2.5 KiB
YAML
85 lines
2.5 KiB
YAML
---
|
|
- fail: msg="The machine's domain must not be empty."
|
|
when: ansible_domain | length == 0
|
|
|
|
- name: preseed krb5-config realm
|
|
debconf:
|
|
name: krb5-config
|
|
question: krb5-config/default_realm
|
|
value: "{{ ansible_domain | upper }}"
|
|
vtype: string
|
|
|
|
- name: preseed krb5-config kerberos servers
|
|
debconf:
|
|
name: krb5-config
|
|
question: krb5-config/kerberos_servers
|
|
value: "{{ krb_server }}"
|
|
vtype: string
|
|
|
|
- name: preseed krb5-config admin server
|
|
debconf:
|
|
name: krb5-config
|
|
question: krb5-config/admin_server
|
|
value: "{{ krb_server }}"
|
|
vtype: string
|
|
|
|
- name: install needed packages
|
|
apt:
|
|
name:
|
|
- krb5-config
|
|
- krb5-user
|
|
- sssd-krb5
|
|
- sssd-ldap
|
|
- nfs-common
|
|
state: latest
|
|
|
|
## oddjob-mkhomedir works only with sec=sys for the NFSv4 share
|
|
|
|
- name: install extra packages from stable
|
|
apt: name={{ extra_pkgs }} state=latest
|
|
|
|
- name: add {{ ansible_distribution_release }}-backports
|
|
apt_repository:
|
|
repo: deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-backports main
|
|
state: present
|
|
update_cache: yes
|
|
when: extra_pkgs_bpo|length
|
|
|
|
- name: install extra packages from backports
|
|
apt: name={{ extra_pkgs_bpo }} state=latest default_release={{ ansible_distribution_release }}-backports
|
|
when: extra_pkgs_bpo|length
|
|
|
|
- name: provide identities from directory
|
|
template:
|
|
src: sssd.conf.j2
|
|
dest: /etc/sssd/sssd.conf
|
|
mode: 0600
|
|
notify: restart sssd
|
|
|
|
|
|
## Activate machine after installation:
|
|
- name: create machine principal
|
|
command: kadmin -p root/admin -w {{ kadmin_pwd }} -q "addprinc -randkey nfs/{{ ansible_hostname }}.{{ ansible_domain }}"
|
|
register: kerberize_result
|
|
changed_when: kerberize_result.stderr is not search('already exists while creating')
|
|
no_log: true
|
|
when: not run_in_installer|default(false)|bool and kadmin_pwd | length > 0
|
|
|
|
- name: add principal to keytab
|
|
command: kadmin -p root/admin -w {{ kadmin_pwd }} -q "ktadd nfs/{{ ansible_hostname }}.{{ ansible_domain }}"
|
|
args:
|
|
creates: /etc/krb5.keytab
|
|
no_log: true
|
|
notify: "restart rpc-gssd"
|
|
when: not run_in_installer|default(false)|bool and kadmin_pwd | length > 0
|
|
|
|
|
|
- name: make sure the home mount directory exists
|
|
file: path={{ lan_homes }} state=directory recurse=yes
|
|
|
|
- name: automount
|
|
lineinfile:
|
|
dest: /etc/fstab
|
|
line: "{{ nfs_server}}:/home {{ lan_homes }} nfs4 sec=krb5p,_netdev,noauto,x-systemd.automount,x-systemd.idle-timeout=60 0 0"
|
|
notify: reload systemd
|
|
when: not run_in_installer|default(false)|bool
|