From 9f8472ab983365d49add4b30d4eb3ed8e12297aa Mon Sep 17 00:00:00 2001 From: Christoph Date: Tue, 24 Dec 2019 17:27:48 +0100 Subject: [PATCH] Seperate 'nis' and 'samba'. --- group_vars/all/main.yml | 42 +++++++------- hosts | 3 + roles/common/tasks/main.yml | 16 +++++- roles/common/tasks/nis_user.yml | 95 +++++++++++++++++++++++++++++++ roles/common/tasks/samba_user.yml | 60 +++++++++++++++++++ 5 files changed, 192 insertions(+), 24 deletions(-) create mode 100644 roles/common/tasks/nis_user.yml create mode 100644 roles/common/tasks/samba_user.yml diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index 0ce256b..1c6a5ab 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -37,7 +37,7 @@ samba_shares: - ivana - sabrina - kamue - - frank + - marina - kirstin - pierre - juergen @@ -50,7 +50,7 @@ samba_shares: - ivana - sabrina - kamue - - frank + - marina - kirstin - pierre - juergen @@ -68,7 +68,7 @@ samba_shares: - ivana - sabrina - kamue - - frank + - marina - kirstin - pierre - juergen @@ -81,7 +81,7 @@ samba_shares: - ivana - sabrina - kamue - - frank + - marina - kirstin - pierre - juergen @@ -94,7 +94,7 @@ samba_shares: - ivana - sabrina - kamue - - frank + - marina - kirstin - pierre - juergen @@ -107,7 +107,7 @@ samba_shares: - ivana - sabrina - kamue - - frank + - marina - kirstin - pierre - juergen @@ -132,7 +132,7 @@ samba_shares: - ivana - sabrina - kamue - - frank + - marina - kirstin - pierre - juergen @@ -145,7 +145,7 @@ samba_shares: - ivana - sabrina - kamue - - frank + - marina - kirstin - pierre - juergen @@ -166,7 +166,7 @@ samba_shares: - ivana - sabrina - kamue - - frank + - marina - kirstin - pierre - juergen @@ -182,7 +182,7 @@ samba_shares: - ivana - sabrina - kamue - - frank + - marina - kirstin - pierre - juergen @@ -195,7 +195,7 @@ samba_shares: - ivana - sabrina - kamue - - frank + - marina - kirstin - pierre - juergen @@ -211,7 +211,7 @@ nis_common_packages: - nscd nis_deleted_user: - - name: test-user + - name: frank nis_base_home: /data/home @@ -278,13 +278,6 @@ nis_user: is_samba_user: true password: '20sabrina13' - - name: lotta - groups: - - buero - - verwaltung - is_samba_user: true - password: '20_lotta_15!' - - name: kamue groups: - buero @@ -292,12 +285,19 @@ nis_user: is_samba_user: true password: '20_katha-mue%19' - - name: frank + - name: lotta groups: - buero - verwaltung is_samba_user: true - password: '20%th-iele_19' + password: '20_lotta_15!' + + - name: marina + groups: + - buero + - verwaltung + is_samba_user: true + password: '20-ma-ri.na_%20' - name: kirstin groups: diff --git a/hosts b/hosts index 96b88e9..87b11f5 100644 --- a/hosts +++ b/hosts @@ -28,3 +28,6 @@ file-flr.flr.netz [nis_server] file-flr.flr.netz + +[samba_server] +file-flr.flr.netz diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 2567059..bfc9d71 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -25,16 +25,26 @@ tags: - nis-install -# tags supported inside nis_samba_user.yml: +# tags supported inside nis_user.yml: # -# samba-user # nis-user # system-user -- import_tasks: nis_samba_user.yml +- import_tasks: nis_user.yml when: "groups['nis_server']|string is search(inventory_hostname)" + tags: + - nis-user + +# tags supported inside samba_user.yml: +# +# samba-user +- import_tasks: samba_user.yml + when: "groups['samba_server']|string is search(inventory_hostname)" tags: - nis-samba-user +# tags supported user-systemfiles.yml: + +# profile - import_tasks: user-systemfiles.yml when: "groups['nis_server']|string is search(inventory_hostname)" tags: diff --git a/roles/common/tasks/nis_user.yml b/roles/common/tasks/nis_user.yml new file mode 100644 index 0000000..11a5d67 --- /dev/null +++ b/roles/common/tasks/nis_user.yml @@ -0,0 +1,95 @@ +--- + +# --- +# - Remove unwanted users +# --- + +- name: (nis_user.yml) Remove (old) users from system + user: + name: '{{ item.name }}' + state: absent + with_items: + - "{{ nis_deleted_user }}" + loop_control: + label: '{{ item.name }}' + tags: + - nis-user + - system-user + +- name: (nis_user.yml) Remove home directory from deleted users + file: + path: '{{ nis_base_home }}/{{ item.name }}' + state: absent + with_items: + - "{{ nis_deleted_user }}" + loop_control: + label: '{{ item.name }}' + tags: + - nis-user + - system-user + +# --- +# - default user/groups +# --- + +- name: (nis_user.yml) Ensure nis groups exists + group: + name: '{{ item.name }}' + state: present + gid: '{{ item.group_id | default(omit) }}' + loop: "{{ nis_groups }}" + loop_control: + label: '{{ item.name }}' + when: item.group_id is defined + notify: Renew nis databases + tags: + - nis-user + - system-user + +#- meta: end_host + +- name: (nis_user.yml) Check if nis (system) user exists + shell: "getent passwd {{ item.name }}" + register: nis_user_exists + changed_when: "nis_user_exists.rc == 2" + failed_when: "nis_user_exists.rc > 2" + loop: "{{ nis_user }}" + loop_control: + label: '{{ item.name }}' + ignore_errors: true + tags: + - nis-user + - system-user + +- name: (nis_user.yml) Add nis (system) users + shell: "/root/bin/admin-stuff/add_new_user.sh {{ item.name }} '{{ item.password }}'" + loop: "{{ nis_user }}" + loop_control: + label: '{{ item.name }}' + when: nis_user_exists is changed + notify: Renew nis databases + tags: + - nis-user + - system-user + +- name: (nis_user.yml) Ensure nis users exists + user: + name: '{{ item.name }}' + state: present + uid: '{{ item.user_id | default(omit) }}' + #group: '{{ item.0.name | default(omit) }}' + groups: "{{ item.groups|join(', ') }}" + home: '{{ nis_base_home }}/{{ item.name }}' + shell: '{{ item.shell|d("/bin/bash") }}' + password: "{{ item.password | password_hash('sha512') }}" + update_password: on_create + append: yes + loop: "{{ nis_user }}" + loop_control: + label: '{{ item.name }}' + notify: Renew nis databases + tags: + - nis-user + - system-user + + diff --git a/roles/common/tasks/samba_user.yml b/roles/common/tasks/samba_user.yml new file mode 100644 index 0000000..22eaf28 --- /dev/null +++ b/roles/common/tasks/samba_user.yml @@ -0,0 +1,60 @@ +--- + +# --- +# - Remove unwanted users +# --- + +- name: (samba_user.yml) Check if samba user exists for removable nis user + shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}' + register: samba_deleted_user_present + changed_when: "samba_deleted_user_present.rc == 0" + failed_when: "samba_deleted_user_present.rc > 1" + with_items: + - "{{ nis_deleted_user }}" + loop_control: + label: '{{ item.name }}' + tags: + - samba-user + + +- name: (samba_user.yml) Remove (old) users from samba + shell: "smbpasswd -s -x {{ item.name }}" + with_items: + - "{{ nis_deleted_user }}" + loop_control: + label: '{{ item.name }}' + when: samba_deleted_user_present is changed + tags: + - samba-user + + +# --- +# - default user/groups +# --- + +- name: (samba_user.yml) Check if samba user exists for nis user + shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}' + register: samba_nis_user_present + changed_when: "samba_nis_user_present.rc > 0" + failed_when: "samba_nis_user_present.rc > 1" + with_items: + - "{{ nis_user }}" + loop_control: + label: '{{ item.name }}' + when: + - item.is_samba_user is defined and item.is_samba_user|bool + tags: + - samba-user + +- name: (samba_user.yml) Add nis user to samba (with nis users password) + shell: "echo -e '{{ item.password }}\n{{ item.password }}\n' | smbpasswd -s -a {{ item.name }}" + loop: "{{ nis_user }}" + loop_control: + label: '{{ item.name }}' + when: + - item.is_samba_user is defined and item.is_samba_user|bool + - samba_nis_user_present is changed + notify: Renew nis databases + tags: + - samba-user +