ansible/akb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph 2022-02-15 16:45:59 +01:00
parent fdb6f9cb47
commit b76326dae1
4 changed files with 60 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
group_vars/all/main.yml
View File

@ -1095,10 +1095,11 @@ nis_groups:
group_id: 1012 group_id: 1012
#nis_deleted_user: #nis_deleted_user:
remove_nis_users: remove_nis_users: []
- name: anna #remove_nis_users:
- name: birgit # - name: anna
- name: jonas # - name: birgit
# - name: jonas
nis_user: nis_user:
- name: chris - name: chris

5
hosts
View File

@ -9,7 +9,7 @@ ab8.akb.netz
ab9.akb.netz ab9.akb.netz
ab11.akb.netz ab11.akb.netz
ab12.akb.netz ab12.akb.netz
192.168.63.168 192.168.63.175 ansible_user=root
file-akb.akb.netz ansible_user=root file-akb.akb.netz ansible_user=root
192.168.82.20 ansible_user=root 192.168.82.20 ansible_user=root
gw-akb.oopen.de ansible_become=true ansible_become_method=sudo ansible_user=chris gw-akb.oopen.de ansible_become=true ansible_become_method=sudo ansible_user=chris
@ -24,6 +24,7 @@ ab8.akb.netz
ab9.akb.netz ab9.akb.netz
ab11.akb.netz ab11.akb.netz
ab12.akb.netz ab12.akb.netz
192.168.63.175 ansible_user=root
[nfs_client] [nfs_client]
ab1.akb.netz ab1.akb.netz
@ -35,6 +36,7 @@ ab8.akb.netz
ab9.akb.netz ab9.akb.netz
ab11.akb.netz ab11.akb.netz
ab12.akb.netz ab12.akb.netz
192.168.63.175 ansible_user=root
[nis_client] [nis_client]
ab1.akb.netz ab1.akb.netz
@ -46,6 +48,7 @@ ab8.akb.netz
ab9.akb.netz ab9.akb.netz
ab11.akb.netz ab11.akb.netz
ab12.akb.netz ab12.akb.netz
192.168.63.175 ansible_user=root
[file_server] [file_server]
file-akb.akb.netz ansible_user=root file-akb.akb.netz ansible_user=root

9
roles/common/tasks/nis-install-client.yml
View File

@ -74,6 +74,15 @@
- nis-install - nis-install
- nis-install-client - nis-install-client
- name: (nis-install-client.yml) Adjust file /etc/default/nis - set 'YPBINDARGS' (client)
replace:
path: /etc/default/nis
regexp: '^YPBINDARGS=.*'
replace: 'YPBINDARGS='
tags:
- nis-install
- nis-install-client
# --- # ---
# /etc/{passwd,group,shadow} # /etc/{passwd,group,shadow}

42
roles/common/tasks/nis-install-server.yml
View File

@ -37,6 +37,48 @@
- nis-install-client - nis-install-client
# ---
# Since Debian 11 (bullseye) password hashing uses 'yescrypt' by default.
#
# Note:
# 'yescrypt' is not supported by Debian 10 (buster) nor by Ubuntu 18.04 and smaller
#
# ---
- name: (nis-install-server.yml) Check if file '/etc/pam.d/common-password' exists
stat:
path: /etc/pam.d/common-password
register: file_etc_pam_d_common_password
tags:
- nis-install
- nis-install-server
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version']|int >= 11
- name: (nis-install-server.yml) Check if default hash for password is 'yescrypt'
shell: "grep -i -q -E '^password.+yescrypt' /etc/pam.d/common-password"
register: presence_of_passwprd_hashing_yescrypt
changed_when:
- presence_of_passwprd_hashing_yescrypt.rc < 1
failed_when:
- presence_of_passwprd_hashing_yescrypt.rc >= 2
when:
- ansible_facts['distribution'] == "Debian"
- ansible_distribution_major_version|int >= 11
- ansible_distribution_major_version|int <= 12
- file_etc_pam_d_common_password.stat.exists == True
- name: (nis-install-server.yml) Change default password hash for local system accounts from SHA-512 to yescrypt
shell: perl -i -n -p -e "s/^(password.+)yescrypt/\1sha512/" /etc/pam.d/common-password
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version']|int >= 11
- ansible_facts['distribution_major_version']|int <= 12
- file_etc_pam_d_common_password.stat.exists == True
- presence_of_passwprd_hashing_yescrypt is changed
# --- # ---
# /etc/default/nis # /etc/default/nis
# --- # ---