ansible/flr-brb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Seperate 'nis' and 'samba'.

Browse Source
This commit is contained in:
Christoph 2019-12-24 17:27:48 +01:00
parent e799dfd227
commit 9f8472ab98
5 changed files with 192 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
group_vars/all/main.yml
View File

@ -37,7 +37,7 @@ samba_shares:
- ivana - ivana
- sabrina - sabrina
- kamue - kamue
- frank - marina
- kirstin - kirstin
- pierre - pierre
- juergen - juergen
@ -50,7 +50,7 @@ samba_shares:
- ivana - ivana
- sabrina - sabrina
- kamue - kamue
- frank - marina
- kirstin - kirstin
- pierre - pierre
- juergen - juergen
@ -68,7 +68,7 @@ samba_shares:
- ivana - ivana
- sabrina - sabrina
- kamue - kamue
- frank - marina
- kirstin - kirstin
- pierre - pierre
- juergen - juergen
@ -81,7 +81,7 @@ samba_shares:
- ivana - ivana
- sabrina - sabrina
- kamue - kamue
- frank - marina
- kirstin - kirstin
- pierre - pierre
- juergen - juergen
@ -94,7 +94,7 @@ samba_shares:
- ivana - ivana
- sabrina - sabrina
- kamue - kamue
- frank - marina
- kirstin - kirstin
- pierre - pierre
- juergen - juergen
@ -107,7 +107,7 @@ samba_shares:
- ivana - ivana
- sabrina - sabrina
- kamue - kamue
- frank - marina
- kirstin - kirstin
- pierre - pierre
- juergen - juergen
@ -132,7 +132,7 @@ samba_shares:
- ivana - ivana
- sabrina - sabrina
- kamue - kamue
- frank - marina
- kirstin - kirstin
- pierre - pierre
- juergen - juergen
@ -145,7 +145,7 @@ samba_shares:
- ivana - ivana
- sabrina - sabrina
- kamue - kamue
- frank - marina
- kirstin - kirstin
- pierre - pierre
- juergen - juergen
@ -166,7 +166,7 @@ samba_shares:
- ivana - ivana
- sabrina - sabrina
- kamue - kamue
- frank - marina
- kirstin - kirstin
- pierre - pierre
- juergen - juergen
@ -182,7 +182,7 @@ samba_shares:
- ivana - ivana
- sabrina - sabrina
- kamue - kamue
- frank - marina
- kirstin - kirstin
- pierre - pierre
- juergen - juergen
@ -195,7 +195,7 @@ samba_shares:
- ivana - ivana
- sabrina - sabrina
- kamue - kamue
- frank - marina
- kirstin - kirstin
- pierre - pierre
- juergen - juergen
@ -211,7 +211,7 @@ nis_common_packages:
- nscd - nscd
nis_deleted_user: nis_deleted_user:
- name: test-user - name: frank
nis_base_home: /data/home nis_base_home: /data/home
@ -278,13 +278,6 @@ nis_user:
is_samba_user: true is_samba_user: true
password: '20sabrina13' password: '20sabrina13'
- name: lotta
groups:
- buero
- verwaltung
is_samba_user: true
password: '20_lotta_15!'
- name: kamue - name: kamue
groups: groups:
- buero - buero
@ -292,12 +285,19 @@ nis_user:
is_samba_user: true is_samba_user: true
password: '20_katha-mue%19' password: '20_katha-mue%19'
- name: frank - name: lotta
groups: groups:
- buero - buero
- verwaltung - verwaltung
is_samba_user: true is_samba_user: true
password: '20%th-iele_19' password: '20_lotta_15!'
- name: marina
groups:
- buero
- verwaltung
is_samba_user: true
password: '20-ma-ri.na_%20'
- name: kirstin - name: kirstin
groups: groups:

3
hosts
View File

@ -28,3 +28,6 @@ file-flr.flr.netz
[nis_server] [nis_server]
file-flr.flr.netz file-flr.flr.netz
[samba_server]
file-flr.flr.netz

16
roles/common/tasks/main.yml
View File

@ -25,16 +25,26 @@
tags: tags:
- nis-install - nis-install
# tags supported inside nis_samba_user.yml: # tags supported inside nis_user.yml:
# #
# samba-user
# nis-user # nis-user
# system-user # system-user
- import_tasks: nis_samba_user.yml - import_tasks: nis_user.yml
when: "groups['nis_server']|string is search(inventory_hostname)" when: "groups['nis_server']|string is search(inventory_hostname)"
tags:
- nis-user
# tags supported inside samba_user.yml:
#
# samba-user
- import_tasks: samba_user.yml
when: "groups['samba_server']|string is search(inventory_hostname)"
tags: tags:
- nis-samba-user - nis-samba-user
# tags supported user-systemfiles.yml:
# profile
- import_tasks: user-systemfiles.yml - import_tasks: user-systemfiles.yml
when: "groups['nis_server']|string is search(inventory_hostname)" when: "groups['nis_server']|string is search(inventory_hostname)"
tags: tags:

95
roles/common/tasks/nis_user.yml Normal file
View File

@ -0,0 +1,95 @@
---
# ---
# - Remove unwanted users
# ---
- name: (nis_user.yml) Remove (old) users from system
user:
name: '{{ item.name }}'
state: absent
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user
- name: (nis_user.yml) Remove home directory from deleted users
file:
path: '{{ nis_base_home }}/{{ item.name }}'
state: absent
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user
# ---
# - default user/groups
# ---
- name: (nis_user.yml) Ensure nis groups exists
group:
name: '{{ item.name }}'
state: present
gid: '{{ item.group_id | default(omit) }}'
loop: "{{ nis_groups }}"
loop_control:
label: '{{ item.name }}'
when: item.group_id is defined
notify: Renew nis databases
tags:
- nis-user
- system-user
#- meta: end_host
- name: (nis_user.yml) Check if nis (system) user exists
shell: "getent passwd {{ item.name }}"
register: nis_user_exists
changed_when: "nis_user_exists.rc == 2"
failed_when: "nis_user_exists.rc > 2"
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
ignore_errors: true
tags:
- nis-user
- system-user
- name: (nis_user.yml) Add nis (system) users
shell: "/root/bin/admin-stuff/add_new_user.sh {{ item.name }} '{{ item.password }}'"
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
when: nis_user_exists is changed
notify: Renew nis databases
tags:
- nis-user
- system-user
- name: (nis_user.yml) Ensure nis users exists
user:
name: '{{ item.name }}'
state: present
uid: '{{ item.user_id | default(omit) }}'
#group: '{{ item.0.name | default(omit) }}'
groups: "{{ item.groups|join(', ') }}"
home: '{{ nis_base_home }}/{{ item.name }}'
shell: '{{ item.shell|d("/bin/bash") }}'
password: "{{ item.password | password_hash('sha512') }}"
update_password: on_create
append: yes
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
notify: Renew nis databases
tags:
- nis-user
- system-user

60
roles/common/tasks/samba_user.yml Normal file
View File

@ -0,0 +1,60 @@
---
# ---
# - Remove unwanted users
# ---
- name: (samba_user.yml) Check if samba user exists for removable nis user
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
register: samba_deleted_user_present
changed_when: "samba_deleted_user_present.rc == 0"
failed_when: "samba_deleted_user_present.rc > 1"
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- samba-user
- name: (samba_user.yml) Remove (old) users from samba
shell: "smbpasswd -s -x {{ item.name }}"
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
when: samba_deleted_user_present is changed
tags:
- samba-user
# ---
# - default user/groups
# ---
- name: (samba_user.yml) Check if samba user exists for nis user
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
register: samba_nis_user_present
changed_when: "samba_nis_user_present.rc > 0"
failed_when: "samba_nis_user_present.rc > 1"
with_items:
- "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
when:
- item.is_samba_user is defined and item.is_samba_user|bool
tags:
- samba-user
- name: (samba_user.yml) Add nis user to samba (with nis users password)
shell: "echo -e '{{ item.password }}\n{{ item.password }}\n' | smbpasswd -s -a {{ item.name }}"
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
when:
- item.is_samba_user is defined and item.is_samba_user|bool
- samba_nis_user_present is changed
notify: Renew nis databases
tags:
- samba-user