ansible/akb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph
2020-09-25 18:44:17 +02:00
parent 0d2b61b611
commit f78a7f3565
44 changed files with 18354 additions and 236 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
roles/common/tasks/git.yml Normal file
View File

@ -0,0 +1,66 @@
---
# ---
# Default reposotories
# ---
- name: (git.yml) Install/Update default repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_default_repositories }}'
loop_control:
label: "{{ item.name }}"
tags:
- git-default-repositories
# ---
# Group [file_server] reposotories
# ---
- name: (git.yml) Install/Update file_server repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_oopen_server_repositories }}'
loop_control:
label: "{{ item.name }}"
when: "groups['file_server']|string is search(inventory_hostname)"
tags:
- git-file-server-repositories
# ---
# Group [samba_server] reposotories
# ---
- name: (git.yml) Install/Update samba server repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_samba_repositories }}'
loop_control:
label: "{{ item.name }}"
when: "groups['samba_server']|string is search(inventory_hostname)"
ignore_errors: True
tags:
- git-samba-server-repositories
# ---
# Group [gateway_server] reposotories
# ---
- name: (git.yml) Install/Update gateway repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_gateway_repositories }}'
loop_control:
label: "{{ item.name }}"
when: "groups['gateway_server']|string is search(inventory_hostname)"
tags:
- git-gateway-server-repositories

95
roles/common/tasks/main.yml
View File

@ -24,6 +24,15 @@
tags: apt
# tags supportetd inside git.yml
#
# git-default-repositories
# git-file-server-repositories
# git-gateway-server-repositories
- import_tasks: git.yml
tags: git
# tags supported inside cups-install.yml:
#
# cups-server
@ -32,14 +41,6 @@
tags:
- cups
# tags supported inside samba-install.yml:
#
# samba-server
# samba-client
- import_tasks: samba-install.yml
tags:
- samba
# tags supported inside nfs.yml:
#
# nfs-server
@ -48,47 +49,92 @@
tags:
- nfs
# tags supported inside nfs.yml:
# tags supported inside samba-install.yml:
#
# samba-server
# samba-client
- import_tasks: samba-install.yml
tags:
- samba
# tags supported inside user.yml:
#
# system-user
- import_tasks: user.yml
when: "groups['file_server']|string is search(inventory_hostname)"
tags:
- system-user
# tags supported inside :nis-install-server.yml
#
# nis-install-server
- import_tasks: nis-install-server.yml
when: "groups['nis_server']|string is search(inventory_hostname)"
tags:
- nis-install
- nis-install-server
# tags supported inside nfs.yml:
# tags supported inside nis-user.yml:
#
# system-user
- import_tasks: nis-user.yml
when: "groups['nis_server']|string is search(inventory_hostname)"
tags:
- nis-user
# tags supported inside nis-install-client.yml:
#
# nis-install-client
- import_tasks: nis-install-client.yml
when: "groups['nis_client']|string is search(inventory_hostname)"
tags:
- nis-install
- nis-install-client
# tags supported inside nis_user.yml:
#
# nis-user
# system-user
- import_tasks: nis_user.yml
when: "groups['nis_server']|string is search(inventory_hostname)"
tags:
- nis-user
# tags supported inside samba_user.yml:
# tags supported inside samba-user.yml:
#
# samba-user
- import_tasks: samba_user.yml
- import_tasks: samba-user.yml
when: "groups['samba_server']|string is search(inventory_hostname)"
tags:
- nis-samba-user
# tags supported user-systemfiles.yml:
# tags supported inside mount_samba_shares.yml:
#
- import_tasks: mount_samba_shares.yml
when: "groups['client_pc']|string is search(inventory_hostname)"
tags:
- samba-shares
# tags supported system-user-systemfiles.yml:
# profile
- import_tasks: user-systemfiles.yml
# bashrc
# vimrc
- import_tasks: system-user-systemfiles.yml
when: "groups['file_server']|string is search(inventory_hostname)"
tags:
- user-systemfiles
# tags supported nis-user-systemfiles.yml:
# profile
# bashrc
# vimrc
- import_tasks: nis-user-systemfiles.yml
when: "groups['nis_server']|string is search(inventory_hostname)"
tags:
- user-systemfiles
# tags supported inside sudoers.yml:
#
# sudoers-remove
@ -99,8 +145,3 @@
tags:
- sudoers
- import_tasks: mount_samba_shares.yml
when: "groups['client_pc']|string is search(inventory_hostname)"
tags:
- samba-shares

4
roles/common/tasks/nis-install-client.yml
View File

@ -160,7 +160,7 @@
# /etc/nsswitch.conf
# ---
- name: (nis.yml) Check if file '/etc/nsswitch.conf.ORIG' exists
- name: (nis-install-client.yml) Check if file '/etc/nsswitch.conf.ORIG' exists
stat:
path: /etc/nsswitch.conf.ORIG
register: nsswitch_conf_orig_exists
@ -168,7 +168,7 @@
- nis-install
- nis-install-client
- name: (nis.yml) Backup existing file /etc/nsswitch.conf
- name: (nis-install-client.yml) Backup existing file /etc/nsswitch.conf
command: cp -a /etc/nsswitch.conf /etc/nsswitch.conf.ORIG
when:
- nsswitch_conf_orig_exists.stat.exists == False

6
roles/common/tasks/nis-install-server.yml
View File

@ -85,14 +85,14 @@
- nis-install
- nis-install-server
- name: (nis-install-client.yml) Comment line like '0.0.0.0 ..' to file /etc/ypserv.securenets
- name: (nis-install-server.yml) Comment line like '0.0.0.0 ..' to file /etc/ypserv.securenets
replace:
path: /etc/ypserv.securenets
regexp: '^(0.0.0.0\s+.*)'
replace: '#\1'
tags:
- nis-install
- nis-install-client
- nis-install-server
- name: (nis-install-server.yml) Add '255.255.0.0 192.168.0.0' to file /etc/ypserv.securenets
lineinfile:
@ -105,7 +105,7 @@
mode: '0644'
tags:
- nis-install
- nis-install-client
- nis-install-server
- name: (nis-install-server.yml) Add '255.0.0.0 10.0.0.0' to file /etc/ypserv.securenets
lineinfile:

277
roles/common/tasks/nis-user-systemfiles.yml Normal file
View File

@ -0,0 +1,277 @@
---
# ---
# Check if local template directories exists
# ---
# nis_users
- name: (nis-user-systemfiles.yml) Check if local template directory exists for default users
local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }}
with_items: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
register: local_template_dir_nis_user
# root
- name: (nis-user-systemfiles.yml) Check if local template directory exists for root
local_action: stat path={{ inventory_dir }}/files/homedirs/root
register: local_template_dir_root
# --
# Copy .profile
# ---
- name: (nis-user-systemfiles.yml) Check if users file '.profile.ORIG' exists
stat:
path: "~{{ item.name }}/.profile.ORIG"
register: profile_user_orig_exists
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- profile
- name: (nis-user-systemfiles.yml) Backup existing users .profile file
command: cp -a ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG
loop: "{{ profile_user_orig_exists.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists == False
tags:
- profile
- name: (nis-user-systemfiles.yml) copy .profile if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile') }}"
dest: "~{{ item.item.name }}/.profile"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_nis_user.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile')
tags:
- profile
- name: (nis-user-systemfiles.yml) copy default .profile if it exists
template:
src: files/homedirs/DEFAULT/_profile.j2
dest: "~{{ item.item.name }}/.profile"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_nis_user.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists == false
tags:
- profile
# -- root user
- name: (nis-user-systemfiles.yml) Check if file '/root/.profile.ORIG' exists
stat:
path: /root/.profile.ORIG
register: profile_root_orig_exists
tags:
- profile
- name: (nis-user-systemfiles.yml) Backup existing users .profile file
command: cp -a /root/.profile /root/.profile.ORIG
when: profile_root_orig_exists.stat.exists == False
tags:
- profile
- name: (nis-user-systemfiles.yml) copy .profile for user root
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile') }}"
dest: "/root/.profile"
owner: root
group: root
mode: 0644
when:
- local_template_dir_root.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile')
tags:
- profile
# --
# Copy .bashrc
# ---
- name: (nis-user-systemfiles.yml) Check if users file '.bashrc.ORIG' exists
stat:
path: "~{{ item.name }}/.bashrc.ORIG"
register: bashrc_user_orig_exists
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- bashrc
- name: (nis-user-systemfiles.yml) Backup existing users .bashrc file
command: cp -a ~{{ item.item.name }}/.bashrc ~{{ item.item.name }}/.bashrc.ORIG
loop: "{{ bashrc_user_orig_exists.results }}"
loop_control:
label: '{{ item.item.name }}'
when: item.stat.exists == False
tags:
- bashrc
- name: (nis-user-systemfiles.yml) copy .bashrc if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc') }}"
dest: "~{{ item.item.name }}/.bashrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_nis_user.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc')
tags:
- bashrc
- name: (nis-user-systemfiles.yml) copy default .bashrc if it exists
copy:
src: files/homedirs/DEFAULT/_bashrc
dest: "~{{ item.item.name }}/.bashrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_nis_user.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists == false
tags:
- bashrc
# -- root user
- name: (nis-user-systemfiles.yml) Check if file '/root/.bashrc.ORIG' exists
stat:
path: /root/.bashrc.ORIG
register: bashrc_root_orig_exists
tags:
- bash
- name: (nis-user-systemfiles.yml) Backup /root/.bashrc file
command: cp /root/.bashrc /root/.bashrc.ORIG
when: bashrc_root_orig_exists.stat.exists == False
tags:
- bash
- name: (nis-user-systemfiles.yml) copy .bashrc for user root
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc') }}"
dest: "/root/.bashrc"
owner: root
group: root
mode: 0644
when:
- local_template_dir_root.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc')
tags:
- bash
# --
# Copy .vimrc
# ---
- name: (nis-user-systemfiles.yml) copy .vimrc if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc') }}"
dest: "~{{ item.item.name }}/.vimrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_nis_user.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc')
tags:
- vimrc
- name: (nis-user-systemfiles.yml) Check if .vim directory exists for default users
local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }}/.vim
with_items: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
register: local_template_dir_dotvim_default_user
- name: (nis-user-systemfiles.yml) copy .vim directory if it exists
copy:
src: "{{ inventory_dir + '/files/homedirs/' + item.item.name + '/.vim' }}"
dest: "~{{ item.item.name }}"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
with_items: "{{ local_template_dir_dotvim_default_user.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
tags:
- vimrc
- name: (nis-user-systemfiles.yml) copy default .vimrc if it exists
copy:
src: files/homedirs/DEFAULT/_vimrc
dest: "~{{ item.item.name }}/.vimrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_nis_user.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists == false
tags:
- vimrc
- name: (nis-user-systemfiles.yml) copy .vimrc for user root
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc') }}"
dest: "/root/.vimrc"
owner: root
group: root
mode: 0644
when:
- local_template_dir_root.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc')
tags:
- vimrc
- name: (nis-user-systemfiles.yml) Check if local template directory .vim exists for user root
local_action: stat path={{ inventory_dir }}/files/homedirs/root/.vim
register: local_template_dir_vim_root
with_items: 'root'
loop_control:
label: 'root'
- name: (nis-user-systemfiles.yml) copy .vim directory for user root if it exists
copy:
src: "{{ inventory_dir + '/files/homedirs/root/.vim' }}"
dest: "/root"
owner: "root"
group: "root"
mode: 0644
with_items: "{{ local_template_dir_vim_root.results }}"
loop_control:
label: 'root'
when:
- item.stat.exists
tags:
- vim

4
roles/common/tasks/nis_user.yml → roles/common/tasks/nis-user.yml
View File

@ -9,7 +9,7 @@
name: '{{ item.name }}'
state: absent
with_items:
- "{{ nis_deleted_user }}"
- "{{ remove_nis_users }}"
loop_control:
label: '{{ item.name }}'
tags:
@ -21,7 +21,7 @@
path: '{{ nis_base_home }}/{{ item.name }}'
state: absent
with_items:
- "{{ nis_deleted_user }}"
- "{{ remove_nis_users }}"
loop_control:
label: '{{ item.name }}'
tags:

1
roles/common/tasks/samba-install.yml
View File

@ -35,7 +35,6 @@
- samba-server
- name: (samba-install.yml) /etc/samba/smb.conf
template:
dest: /etc/samba/smb.conf

41
roles/common/tasks/samba_user.yml → roles/common/tasks/samba-user.yml
View File

@ -4,26 +4,51 @@
# - Remove unwanted users
# ---
- name: (samba_user.yml) Check if samba user exists for removable nis user
- name: (samba_user.yml) Check if samba user exists for removable system user
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
register: samba_deleted_user_present
changed_when: "samba_deleted_user_present.rc == 0"
failed_when: "samba_deleted_user_present.rc > 1"
register: samba_remove_system_users_present
changed_when: "samba_remove_system_users_present.rc == 0"
failed_when: "samba_remove_system_users_present.rc > 1"
with_items:
- "{{ nis_deleted_user }}"
- "{{ remove_system_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- samba-user
- name: (samba_user.yml) Remove (old) users from samba
- name: (samba_user.yml) Remove (old) system users from samba
shell: "smbpasswd -s -x {{ item.name }}"
with_items:
- "{{ nis_deleted_user }}"
- "{{ remove_system_users }}"
loop_control:
label: '{{ item.name }}'
when: samba_deleted_user_present is changed
when: samba_remove_system_users_present is changed
tags:
- samba-user
- name: (samba_user.yml) Check if samba user exists for removable nis user
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
register: samba_remove_inis_users_present
changed_when: "samba_remove_inis_users_present.rc == 0"
failed_when: "samba_remove_inis_users_present.rc > 1"
with_items:
- "{{ remove_nis_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- samba-user
- name: (samba_user.yml) Remove (old) nis users from samba
shell: "smbpasswd -s -x {{ item.name }}"
with_items:
- "{{ remove_nis_users }}"
loop_control:
label: '{{ item.name }}'
when: samba_remove_inis_users_present is changed
tags:
- samba-user

278
roles/common/tasks/system-user-systemfiles.yml Normal file
View File

@ -0,0 +1,278 @@
---
# ---
# Check if local template directories exists
# ---
# system_user
- name: (system-user-systemfiles.yml) Check if local template directory exists for default users
local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }}
with_items: "{{ system_users }}"
loop_control:
label: '{{ item.name }}'
register: local_template_dir_system_users
# root
- name: (system-user-systemfiles.yml) Check if local template directory exists for root
local_action: stat path={{ inventory_dir }}/files/homedirs/root
register: local_template_dir_root
# --
# Copy .profile
# ---
- name: (user-systemfiles.yml) Check if users file '.profile.ORIG' exists
stat:
path: "~{{ item.name }}/.profile.ORIG"
register: profile_user_orig_exists
loop: "{{ system_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- profile
- name: (user-systemfiles.yml) Backup existing users .profile file
command: cp -a ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG
loop: "{{ profile_user_orig_exists.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists == False
tags:
- profile
- name: (system-user-systemfiles.yml) copy .profile if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile') }}"
dest: "~{{ item.item.name }}/.profile"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_system_users.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile')
tags:
- profile
- name: (system-user-systemfiles.yml) copy default .profile if it exists
template:
src: files/homedirs/DEFAULT/_profile
dest: "~{{ item.item.name }}/.profile"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_system_users.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists == false
- lookup('fileglob', inventory_dir + '/files/homedirs/DEFAULT/_profile')
tags:
- profile
# -- root user
- name: (system-user-systemfiles.yml) Check if file '/root/.profile.ORIG' exists
stat:
path: /root/.profile.ORIG
register: profile_root_orig_exists
tags:
- profile
- name: (system-user-systemfiles.yml) Backup existing users .profile file
command: cp -a /root/.profile /root/.profile.ORIG
when: profile_root_orig_exists.stat.exists == False
tags:
- profile
- name: (system-user-systemfiles.yml) copy .profile for user root
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile') }}"
dest: "/root/.profile"
owner: root
group: root
mode: 0644
when:
- local_template_dir_root.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile')
tags:
- profile
# --
# Copy .bashrc
# ---
- name: (system-user-systemfiles.yml) Check if users file '.bashrc.ORIG' exists
stat:
path: "~{{ item.name }}/.bashrc.ORIG"
register: bashrc_user_orig_exists
loop: "{{ system_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- bashrc
- name: (system-user-systemfiles.yml) Backup existing users .bashrc file
command: cp -a ~{{ item.item.name }}/.bashrc ~{{ item.item.name }}/.bashrc.ORIG
loop: "{{ bashrc_user_orig_exists.results }}"
loop_control:
label: '{{ item.item.name }}'
when: item.stat.exists == False
tags:
- bashrc
- name: (system-user-systemfiles.yml) copy .bashrc if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc') }}"
dest: "~{{ item.item.name }}/.bashrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_system_users.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc')
tags:
- bashrc
- name: (system-user-systemfiles.yml) copy default .bashrc if it exists
copy:
src: files/homedirs/DEFAULT/_bashrc
dest: "~{{ item.item.name }}/.bashrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_system_users.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists == false
tags:
- bashrc
# -- root user
- name: (system-user-systemfiles.yml) Check if file '/root/.bashrc.ORIG' exists
stat:
path: /root/.bashrc.ORIG
register: bashrc_root_orig_exists
tags:
- bash
- name: (system-user-systemfiles.yml) Backup /root/.bashrc file
command: cp /root/.bashrc /root/.bashrc.ORIG
when: bashrc_root_orig_exists.stat.exists == False
tags:
- bash
- name: (system-user-systemfiles.yml) copy .bashrc for user root
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc') }}"
dest: "/root/.bashrc"
owner: root
group: root
mode: 0644
when:
- local_template_dir_root.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc')
tags:
- bash
# --
# Copy .vimrc
# ---
- name: (system-user-systemfiles.yml) copy .vimrc if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc') }}"
dest: "~{{ item.item.name }}/.vimrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_system_users.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc')
tags:
- vimrc
- name: (system-user-systemfiles.yml) Check if .vim directory exists for default users
local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }}/.vim
with_items: "{{ system_users }}"
loop_control:
label: '{{ item.name }}'
register: local_template_dir_dotvim_default_user
- name: (system-user-systemfiles.yml) copy .vim directory if it exists
copy:
src: "{{ inventory_dir + '/files/homedirs/' + item.item.name + '/.vim' }}"
dest: "~{{ item.item.name }}"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
with_items: "{{ local_template_dir_dotvim_default_user.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
tags:
- vimrc
- name: (system-user-systemfiles.yml) copy default .vimrc if it exists
copy:
src: files/homedirs/DEFAULT/_vimrc
dest: "~{{ item.item.name }}/.vimrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_system_users.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists == false
tags:
- vimrc
- name: (system-user-systemfiles.yml) copy .vimrc for user root
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc') }}"
dest: "/root/.vimrc"
owner: root
group: root
mode: 0644
when:
- local_template_dir_root.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc')
tags:
- vimrc
- name: (system-user-systemfiles.yml) Check if local template directory .vim exists for user root
local_action: stat path={{ inventory_dir }}/files/homedirs/root/.vim
register: local_template_dir_vim_root
with_items: 'root'
loop_control:
label: 'root'
- name: (system-user-systemfiles.yml) copy .vim directory for user root if it exists
copy:
src: "{{ inventory_dir + '/files/homedirs/root/.vim' }}"
dest: "/root"
owner: "root"
group: "root"
mode: 0644
with_items: "{{ local_template_dir_vim_root.results }}"
loop_control:
label: 'root'
when:
- item.stat.exists
tags:
- vim

39
roles/common/tasks/user-systemfiles.yml
View File

@ -1,39 +0,0 @@
---
- name: (user-systemfiles.yml) Check if users file '.profile.ORIG' exists
stat:
path: "~{{ item.name }}/.profile.ORIG"
register: profile_user_orig_exists
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
when:
- item.is_samba_user is defined and item.is_samba_user|bool
tags:
- profile
- name: (user-systemfiles.yml) Backup existing users .profile file
command: cp -a ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG
loop: "{{ profile_user_orig_exists.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.is_samba_user is defined and item.is_samba_user|bool
- item.stat.exists == False
tags:
- profile
- name: (user-systemfiles.yml) Create new users .profile file
template:
src: user_homedirs/dot.profile.j2
dest: "~{{ item.name }}/.profile"
owner: "{{ item.name }}"
group: "{{ item.name }}"
mode: 0644
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
when:
- item.is_samba_user is defined and item.is_samba_user|bool
tags:
- profile

70
roles/common/tasks/user.yml Normal file
View File

@ -0,0 +1,70 @@
---
# ---
# - Remove unwanted users
# ---
- name: (user.yml) Remove (old) users from system
user:
name: '{{ item.name }}'
state: absent
with_items:
- "{{ remove_system_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- system-user
- name: (user.yml) Remove home directory from deleted users
file:
path: '{{ nis_base_home }}/{{ item.name }}'
state: absent
with_items:
- "{{ remove_system_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- system-user
# ---
# - default user/groups
# ---
- name: (user.yml) Ensure system groups exists
group:
name: '{{ item.name }}'
state: present
gid: '{{ item.group_id | default(omit) }}'
loop: "{{ system_groups }}"
loop_control:
label: '{{ item.name }}'
when: item.group_id is defined
notify: Renew nis databases
tags:
- system-user
#- meta: end_host
- name: (user.yml) Check if system users exists
shell: "getent passwd {{ item.name }}"
register: system_users_exists
changed_when: "system_users_exists.rc == 2"
failed_when: "system_users_exists.rc > 2"
loop: "{{ system_users }}"
loop_control:
label: '{{ item.name }}'
ignore_errors: true
tags:
- system-user
- name: (user.yml) Add system users
shell: "/root/bin/admin-stuff/add_new_user.sh {{ item.name }} '{{ item.password }}'"
loop: "{{ system_users }}"
loop_control:
label: '{{ item.name }}'
when: system_users_exists is changed
notify: Renew nis databases
tags:
- system-user

128
roles/common/templates/user_homedirs/dot.profile.j2
View File

@ -1,128 +0,0 @@
# {{ ansible_managed }}
# ~/.profile: executed by the command interpreter for login shells.
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.
# the default umask is set in /etc/profile; for setting the umask
# for ssh logins, install and configure the libpam-umask package.
#umask 022
# if running bash
if [ -n "$BASH_VERSION" ]; then
# include .bashrc if it exists
if [ -f "$HOME/.bashrc" ]; then
. "$HOME/.bashrc"
fi
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then
PATH="$HOME/bin:$PATH"
fi
# this is for the midnight-commander
# to become the last directory the midnight commander was in
# as the current directory when leaving the midnight commander
#
#. /usr/lib/mc/bin/mc.sh
#
if [ -f "/usr/share/mc/bin/mc.sh" ] ; then
source /usr/share/mc/bin/mc.sh
fi
export LANG="de_DE.utf8"
# ---
# Mmount samba shares
# ---
# Don't try to mount samba shares if login at samba server
#
[[ "$(hostname --long)" = "{{ samba_server }}" ]] && return
SERVER="{{ samba_server }}"
USER="{{ item.name }}"
PASSWORD='{{ item.password }}'
VERSION="1.0"
# Use NTLMv2 password hashing and force packet signing
#
# SEC="ntlmv2i"
#
# Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message, and force packet signing
#
# SEC="ntlmsspi"
#
SEC="ntlmsspi"
# - uid/guid of the user at fielserver
# -
_UID="$(id -u)"
_GID="$(id -g)"
# Logfile to see what happened..
#
_logfile=/tmp/profile_${USER}.log
echo "" > $_logfile
echo "$(date +"%Y-%m-%d-%H%M")" >> $_logfile
# Network present
#
_network=false
if [ "X$_addr" = "X" ] ; then
echo "no inet address assigned yet.." >> $_logfile
declare -i count=1
while ! $_network && [[ $count -lt 5 ]] ; do
echo "sleeping 2 seconds.." >> $_logfile
sleep 2
_addr="$(hostname --ip-address)"
if [ "X$_addr" != "X" ] ; then
_network=true
echo "inet address present: $_addr" >> $_logfile
fi
((count++))
done
fi
for dir in $(ls /mnt/$USER) ; do
MOUNT_POINT=/mnt/$USER/$dir
SHARE=$dir
[ ! -d $MOUNT_POINT ] && continue
if ! mount | grep $MOUNT_POINT > /dev/null ; then
echo "Going to mount share '${SHARE}' .." >> $_logfile
if [ -x /usr/bin/smb4k_mount ]; then
## - Ubuntu <= 12.04
if [[ "$VERSION" = "1.0" ]]; then
sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,vers=1.0 \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
else
#sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID,vers=$VERSION \
sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
fi
else
## - Ubuntu Version >= 14.04
if [[ "$VERSION" = "1.0" ]]; then
sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,vers=1.0 \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
else
#sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,uid=$USER,sec=${SEC},vers=$VERSION \
sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$USER,gid=$_GID \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
fi
fi
else
echo "mount point $MOUNT_POINT already exists. nothing left to do.." >> $_logfile
fi
done