Refactor nis-install-server.yml: standardize file permissions and improve formatting
This commit is contained in:
@@ -20,7 +20,7 @@
|
||||
src: etc/defaultdomain.j2
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
mode: 644
|
||||
tags:
|
||||
- nis-install
|
||||
- nis-install-server
|
||||
@@ -31,7 +31,7 @@
|
||||
src: etc/yp.conf.j2
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
mode: 644
|
||||
tags:
|
||||
- nis-install
|
||||
- nis-install-client
|
||||
@@ -42,7 +42,6 @@
|
||||
- nis-install
|
||||
- nis-install-server
|
||||
|
||||
|
||||
# ---
|
||||
# Since Debian 11 (bullseye) password hashing uses 'yescrypt' by default.
|
||||
#
|
||||
@@ -73,23 +72,23 @@
|
||||
- ansible_facts['distribution'] == "Debian"
|
||||
- ansible_facts['distribution_major_version']|int >= 11
|
||||
- file_etc_pam_d_common_password.stat.exists == True
|
||||
|
||||
#- ansible_distribution_major_version|int <= 12
|
||||
|
||||
- name: (nis-install-server.yml) Change default password hash for local system accounts from SHA-512 to yescrypt
|
||||
shell: perl -i -n -p -e "s/^(password.+)yescrypt/\1sha512/" /etc/pam.d/common-password
|
||||
- name: (nis-install-server.yml) Change default password hash for local system
|
||||
accounts from SHA-512 to yescrypt
|
||||
shell: perl -i -n -p -e "s/^(password.+)yescrypt/\1sha512/"
|
||||
/etc/pam.d/common-password
|
||||
when:
|
||||
- ansible_facts['distribution'] == "Debian"
|
||||
- ansible_facts['distribution_major_version']|int >= 11
|
||||
- file_etc_pam_d_common_password.stat.exists == True
|
||||
- presence_of_passwprd_hashing_yescrypt is changed
|
||||
|
||||
#- ansible_facts['distribution_major_version']|int <= 12
|
||||
|
||||
|
||||
# ---
|
||||
# /etc/default/nis
|
||||
# ---
|
||||
# ---
|
||||
# /etc/default/nis
|
||||
# ---
|
||||
|
||||
- name: (nis-install-server.yml) Check if file '/etc/default/nis.ORIG' exists
|
||||
stat:
|
||||
@@ -107,25 +106,26 @@
|
||||
- nis-install
|
||||
- nis-install-server
|
||||
|
||||
- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISSERVER' (server)
|
||||
- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISSERVER'
|
||||
(server)
|
||||
replace:
|
||||
path: /etc/default/nis
|
||||
regexp: '^NISSERVER=.*'
|
||||
replace: 'NISSERVER=master'
|
||||
regexp: "^NISSERVER=.*"
|
||||
replace: "NISSERVER=master"
|
||||
tags:
|
||||
- nis-install
|
||||
- nis-install-server
|
||||
|
||||
- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISCLIENT' (server)
|
||||
- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISCLIENT'
|
||||
(server)
|
||||
replace:
|
||||
path: /etc/default/nis
|
||||
regexp: '^NISCLIENT=.*'
|
||||
replace: 'NISCLIENT=false'
|
||||
regexp: "^NISCLIENT=.*"
|
||||
replace: "NISCLIENT=false"
|
||||
tags:
|
||||
- nis-install
|
||||
- nis-install-server
|
||||
|
||||
|
||||
# ---
|
||||
# /etc/ypserv.securenets
|
||||
# ---
|
||||
@@ -146,37 +146,40 @@
|
||||
- nis-install
|
||||
- nis-install-server
|
||||
|
||||
- name: (nis-install-server.yml) Comment line like '0.0.0.0 ..' to file /etc/ypserv.securenets
|
||||
- name: (nis-install-server.yml) Comment line like '0.0.0.0 ..' to file
|
||||
/etc/ypserv.securenets
|
||||
replace:
|
||||
path: /etc/ypserv.securenets
|
||||
regexp: '^(0.0.0.0\s+.*)'
|
||||
replace: '#\1'
|
||||
regexp: "^(0.0.0.0\\s+.*)"
|
||||
replace: "#\\1"
|
||||
tags:
|
||||
- nis-install
|
||||
- nis-install-server
|
||||
|
||||
- name: (nis-install-server.yml) Add '255.255.0.0 192.168.0.0' to file /etc/ypserv.securenets
|
||||
- name: (nis-install-server.yml) Add '255.255.0.0 192.168.0.0' to file
|
||||
/etc/ypserv.securenets
|
||||
lineinfile:
|
||||
path: /etc/ypserv.securenets
|
||||
line: '255.255.0.0 192.168.0.0'
|
||||
line: "255.255.0.0 192.168.0.0"
|
||||
insertafter: EOF
|
||||
state: present
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
tags:
|
||||
- nis-install
|
||||
- nis-install-server
|
||||
|
||||
- name: (nis-install-server.yml) Add '255.0.0.0 10.0.0.0' to file /etc/ypserv.securenets
|
||||
- name: (nis-install-server.yml) Add '255.0.0.0 10.0.0.0' to file
|
||||
/etc/ypserv.securenets
|
||||
lineinfile:
|
||||
path: /etc/ypserv.securenets
|
||||
line: '255.0.0.0 10.0.0.0'
|
||||
line: "255.0.0.0 10.0.0.0"
|
||||
insertafter: EOF
|
||||
state: present
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
tags:
|
||||
- nis-install
|
||||
- nis-install-server
|
||||
@@ -188,17 +191,17 @@
|
||||
- nis-install
|
||||
- nis-install-server
|
||||
|
||||
|
||||
# ---
|
||||
# Base directory containing users' home directory
|
||||
# ---
|
||||
|
||||
- name: (nis-install-server.yml) Ensure directoriy 'nis_base_home' (usually /data/home) exists
|
||||
- name: (nis-install-server.yml) Ensure directoriy 'nis_base_home' (usually
|
||||
/data/home) exists
|
||||
file:
|
||||
path: '{{ nis_base_home }}'
|
||||
path: "{{ nis_base_home }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
mode: "0755"
|
||||
state: directory
|
||||
when:
|
||||
- "groups['nis_server']|string is search(inventory_hostname)"
|
||||
@@ -206,23 +209,22 @@
|
||||
- nis-install
|
||||
- nis-install-server
|
||||
|
||||
|
||||
# ---
|
||||
# /etc/default/useradd
|
||||
# ---
|
||||
|
||||
- name: (nis-install-server.yml) HOME in /etc/default/useradd setzen oder hinter Kommentar einfügen
|
||||
- name: (nis-install-server.yml) HOME in /etc/default/useradd setzen oder hinter
|
||||
Kommentar einfügen
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/default/useradd
|
||||
regexp: '^HOME='
|
||||
insertafter: '^#\s*HOME='
|
||||
regexp: "^HOME="
|
||||
insertafter: "^#\\s*HOME="
|
||||
line: "HOME={{ nis_base_home }}"
|
||||
backup: true
|
||||
when:
|
||||
- nis_base_home is defined
|
||||
- nis_base_home != '/home'
|
||||
|
||||
|
||||
# ---
|
||||
# /etc/adduser.conf
|
||||
# ---
|
||||
@@ -240,7 +242,6 @@
|
||||
|
||||
- name: (nis-install-server.yml) Backup existing file /etc/adduser.conf
|
||||
command: cp -a /etc/adduser.conf /etc/adduser.conf.ORIG
|
||||
when:
|
||||
when:
|
||||
- nis_base_home is defined
|
||||
- nis_base_home != '/home'
|
||||
@@ -249,19 +250,18 @@
|
||||
- nis-install
|
||||
- nis-install-server
|
||||
|
||||
|
||||
- name: (nis-install-server.yml) DHOME in /etc/adduser.conf setzen oder hinter Kommentar einfügen
|
||||
- name: (nis-install-server.yml) DHOME in /etc/adduser.conf setzen oder hinter
|
||||
Kommentar einfügen
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/adduser.conf
|
||||
regexp: '^DHOME='
|
||||
insertafter: '^#\s*DHOME='
|
||||
regexp: "^DHOME="
|
||||
insertafter: "^#\\s*DHOME="
|
||||
line: "DHOME={{ nis_base_home }}"
|
||||
backup: true
|
||||
when:
|
||||
- nis_base_home is defined
|
||||
- nis_base_home != '/home'
|
||||
|
||||
|
||||
# ---
|
||||
# /var/yp/Makefile
|
||||
# ---
|
||||
@@ -285,8 +285,8 @@
|
||||
- name: (nis-install-server.yml) Adjust file '/var/yp/Makefile'
|
||||
replace:
|
||||
path: /var/yp/Makefile
|
||||
regexp: '^#?{{ item }}=.*'
|
||||
replace: '{{ item }}=true'
|
||||
regexp: "^#?{{ item }}=.*"
|
||||
replace: "{{ item }}=true"
|
||||
with_items:
|
||||
- MERGE_PASSWD
|
||||
- MERGE_GROUP
|
||||
@@ -296,6 +296,5 @@
|
||||
- nis-install
|
||||
- nis-install-server
|
||||
|
||||
|
||||
# TODO:
|
||||
# /var/yp/Makefile
|
||||
|
||||
Reference in New Issue
Block a user