diff --git a/roles/common/tasks/nis-install-server.yml b/roles/common/tasks/nis-install-server.yml index d941fc7..c7dd195 100644 --- a/roles/common/tasks/nis-install-server.yml +++ b/roles/common/tasks/nis-install-server.yml @@ -16,11 +16,11 @@ - name: (nis-install-server.yml) Set (nis) default domain (/etc/defaultdomain) template: - dest: /etc/defaultdomain + dest: /etc/defaultdomain src: etc/defaultdomain.j2 owner: root group: root - mode: 0644 + mode: 644 tags: - nis-install - nis-install-server @@ -31,7 +31,7 @@ src: etc/yp.conf.j2 owner: root group: root - mode: 0644 + mode: 644 tags: - nis-install - nis-install-client @@ -42,16 +42,15 @@ - nis-install - nis-install-server - # --- -# Since Debian 11 (bullseye) password hashing uses 'yescrypt' by default. +# Since Debian 11 (bullseye) password hashing uses 'yescrypt' by default. # # Note: # 'yescrypt' is not supported by Debian 10 (buster) nor by Ubuntu 18.04 and smaller # # --- -- name: (nis-install-server.yml) Check if file '/etc/pam.d/common-password' exists +- name: (nis-install-server.yml) Check if file '/etc/pam.d/common-password' exists stat: path: /etc/pam.d/common-password register: file_etc_pam_d_common_password @@ -65,7 +64,7 @@ - name: (nis-install-server.yml) Check if default hash for password is 'yescrypt' shell: "grep -i -q -E '^password.+yescrypt' /etc/pam.d/common-password" register: presence_of_passwprd_hashing_yescrypt - changed_when: + changed_when: - presence_of_passwprd_hashing_yescrypt.rc < 1 failed_when: - presence_of_passwprd_hashing_yescrypt.rc >= 2 @@ -73,23 +72,23 @@ - ansible_facts['distribution'] == "Debian" - ansible_facts['distribution_major_version']|int >= 11 - file_etc_pam_d_common_password.stat.exists == True - #- ansible_distribution_major_version|int <= 12 -- name: (nis-install-server.yml) Change default password hash for local system accounts from SHA-512 to yescrypt - shell: perl -i -n -p -e "s/^(password.+)yescrypt/\1sha512/" /etc/pam.d/common-password +- name: (nis-install-server.yml) Change default password hash for local system + accounts from SHA-512 to yescrypt + shell: perl -i -n -p -e "s/^(password.+)yescrypt/\1sha512/" + /etc/pam.d/common-password when: - ansible_facts['distribution'] == "Debian" - ansible_facts['distribution_major_version']|int >= 11 - file_etc_pam_d_common_password.stat.exists == True - presence_of_passwprd_hashing_yescrypt is changed - #- ansible_facts['distribution_major_version']|int <= 12 -# --- -# /etc/default/nis -# --- + # --- + # /etc/default/nis + # --- - name: (nis-install-server.yml) Check if file '/etc/default/nis.ORIG' exists stat: @@ -107,25 +106,26 @@ - nis-install - nis-install-server -- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISSERVER' (server) +- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISSERVER' + (server) replace: path: /etc/default/nis - regexp: '^NISSERVER=.*' - replace: 'NISSERVER=master' + regexp: "^NISSERVER=.*" + replace: "NISSERVER=master" tags: - nis-install - nis-install-server -- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISCLIENT' (server) +- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISCLIENT' + (server) replace: path: /etc/default/nis - regexp: '^NISCLIENT=.*' - replace: 'NISCLIENT=false' + regexp: "^NISCLIENT=.*" + replace: "NISCLIENT=false" tags: - nis-install - nis-install-server - # --- # /etc/ypserv.securenets # --- @@ -146,37 +146,40 @@ - nis-install - nis-install-server -- name: (nis-install-server.yml) Comment line like '0.0.0.0 ..' to file /etc/ypserv.securenets +- name: (nis-install-server.yml) Comment line like '0.0.0.0 ..' to file + /etc/ypserv.securenets replace: path: /etc/ypserv.securenets - regexp: '^(0.0.0.0\s+.*)' - replace: '#\1' + regexp: "^(0.0.0.0\\s+.*)" + replace: "#\\1" tags: - nis-install - nis-install-server -- name: (nis-install-server.yml) Add '255.255.0.0 192.168.0.0' to file /etc/ypserv.securenets +- name: (nis-install-server.yml) Add '255.255.0.0 192.168.0.0' to file + /etc/ypserv.securenets lineinfile: path: /etc/ypserv.securenets - line: '255.255.0.0 192.168.0.0' + line: "255.255.0.0 192.168.0.0" insertafter: EOF state: present owner: root group: root - mode: '0644' + mode: "0644" tags: - nis-install - nis-install-server -- name: (nis-install-server.yml) Add '255.0.0.0 10.0.0.0' to file /etc/ypserv.securenets +- name: (nis-install-server.yml) Add '255.0.0.0 10.0.0.0' to file + /etc/ypserv.securenets lineinfile: path: /etc/ypserv.securenets - line: '255.0.0.0 10.0.0.0' + line: "255.0.0.0 10.0.0.0" insertafter: EOF state: present owner: root group: root - mode: '0644' + mode: "0644" tags: - nis-install - nis-install-server @@ -188,17 +191,17 @@ - nis-install - nis-install-server - # --- # Base directory containing users' home directory # --- -- name: (nis-install-server.yml) Ensure directoriy 'nis_base_home' (usually /data/home) exists +- name: (nis-install-server.yml) Ensure directoriy 'nis_base_home' (usually + /data/home) exists file: - path: '{{ nis_base_home }}' + path: "{{ nis_base_home }}" owner: root group: root - mode: '0755' + mode: "0755" state: directory when: - "groups['nis_server']|string is search(inventory_hostname)" @@ -206,23 +209,22 @@ - nis-install - nis-install-server - # --- # /etc/default/useradd # --- -- name: (nis-install-server.yml) HOME in /etc/default/useradd setzen oder hinter Kommentar einfügen +- name: (nis-install-server.yml) HOME in /etc/default/useradd setzen oder hinter + Kommentar einfügen ansible.builtin.lineinfile: path: /etc/default/useradd - regexp: '^HOME=' - insertafter: '^#\s*HOME=' + regexp: "^HOME=" + insertafter: "^#\\s*HOME=" line: "HOME={{ nis_base_home }}" backup: true when: - nis_base_home is defined - nis_base_home != '/home' - # --- # /etc/adduser.conf # --- @@ -240,7 +242,6 @@ - name: (nis-install-server.yml) Backup existing file /etc/adduser.conf command: cp -a /etc/adduser.conf /etc/adduser.conf.ORIG - when: when: - nis_base_home is defined - nis_base_home != '/home' @@ -249,19 +250,18 @@ - nis-install - nis-install-server - -- name: (nis-install-server.yml) DHOME in /etc/adduser.conf setzen oder hinter Kommentar einfügen +- name: (nis-install-server.yml) DHOME in /etc/adduser.conf setzen oder hinter + Kommentar einfügen ansible.builtin.lineinfile: path: /etc/adduser.conf - regexp: '^DHOME=' - insertafter: '^#\s*DHOME=' + regexp: "^DHOME=" + insertafter: "^#\\s*DHOME=" line: "DHOME={{ nis_base_home }}" backup: true when: - nis_base_home is defined - nis_base_home != '/home' - # --- # /var/yp/Makefile # --- @@ -285,17 +285,16 @@ - name: (nis-install-server.yml) Adjust file '/var/yp/Makefile' replace: path: /var/yp/Makefile - regexp: '^#?{{ item }}=.*' - replace: '{{ item }}=true' + regexp: "^#?{{ item }}=.*" + replace: "{{ item }}=true" with_items: - MERGE_PASSWD - MERGE_GROUP - notify: + notify: - Renew nis databases tags: - nis-install - nis-install-server - # TODO: # /var/yp/Makefile