301 lines
7.4 KiB
YAML
301 lines
7.4 KiB
YAML
---
|
|
|
|
# ---
|
|
# Install nis
|
|
# ---
|
|
|
|
- name: (nis-install-server.yml) Install nis common packages
|
|
package:
|
|
name: "{{ item }}"
|
|
state: present
|
|
with_items: "{{ nis_common_packages }}"
|
|
register: nis_installed
|
|
tags:
|
|
- nis-install
|
|
- nis-install-server
|
|
|
|
- name: (nis-install-server.yml) Set (nis) default domain (/etc/defaultdomain)
|
|
template:
|
|
dest: /etc/defaultdomain
|
|
src: etc/defaultdomain.j2
|
|
owner: root
|
|
group: root
|
|
mode: 644
|
|
tags:
|
|
- nis-install
|
|
- nis-install-server
|
|
|
|
- name: (nis-install-server.yml) Create preconfigured /etc/yp.conf on nis clients
|
|
template:
|
|
dest: /etc/yp.conf
|
|
src: etc/yp.conf.j2
|
|
owner: root
|
|
group: root
|
|
mode: 644
|
|
tags:
|
|
- nis-install
|
|
- nis-install-client
|
|
|
|
- name: (nis-install-server.yml) Set local host's domain name
|
|
command: domainname "{{ nis_domain }}"
|
|
tags:
|
|
- nis-install
|
|
- nis-install-server
|
|
|
|
# ---
|
|
# Since Debian 11 (bullseye) password hashing uses 'yescrypt' by default.
|
|
#
|
|
# Note:
|
|
# 'yescrypt' is not supported by Debian 10 (buster) nor by Ubuntu 18.04 and smaller
|
|
#
|
|
# ---
|
|
|
|
- name: (nis-install-server.yml) Check if file '/etc/pam.d/common-password' exists
|
|
stat:
|
|
path: /etc/pam.d/common-password
|
|
register: file_etc_pam_d_common_password
|
|
tags:
|
|
- nis-install
|
|
- nis-install-server
|
|
when:
|
|
- ansible_facts['distribution'] == "Debian"
|
|
- ansible_facts['distribution_major_version']|int >= 11
|
|
|
|
- name: (nis-install-server.yml) Check if default hash for password is 'yescrypt'
|
|
shell: "grep -i -q -E '^password.+yescrypt' /etc/pam.d/common-password"
|
|
register: presence_of_passwprd_hashing_yescrypt
|
|
changed_when:
|
|
- presence_of_passwprd_hashing_yescrypt.rc < 1
|
|
failed_when:
|
|
- presence_of_passwprd_hashing_yescrypt.rc >= 2
|
|
when:
|
|
- ansible_facts['distribution'] == "Debian"
|
|
- ansible_facts['distribution_major_version']|int >= 11
|
|
- file_etc_pam_d_common_password.stat.exists == True
|
|
#- ansible_distribution_major_version|int <= 12
|
|
|
|
- name: (nis-install-server.yml) Change default password hash for local system
|
|
accounts from SHA-512 to yescrypt
|
|
shell: perl -i -n -p -e "s/^(password.+)yescrypt/\1sha512/"
|
|
/etc/pam.d/common-password
|
|
when:
|
|
- ansible_facts['distribution'] == "Debian"
|
|
- ansible_facts['distribution_major_version']|int >= 11
|
|
- file_etc_pam_d_common_password.stat.exists == True
|
|
- presence_of_passwprd_hashing_yescrypt is changed
|
|
#- ansible_facts['distribution_major_version']|int <= 12
|
|
|
|
|
|
# ---
|
|
# /etc/default/nis
|
|
# ---
|
|
|
|
- name: (nis-install-server.yml) Check if file '/etc/default/nis.ORIG' exists
|
|
stat:
|
|
path: /etc/default/nis.ORIG
|
|
register: default_nis_exists
|
|
tags:
|
|
- nis-install
|
|
- nis-install-server
|
|
|
|
- name: (nis-install-server.yml) Backup existing file /etc/default/nis
|
|
command: cp -a /etc/default/nis /etc/default/nis.ORIG
|
|
when:
|
|
- default_nis_exists.stat.exists == False
|
|
tags:
|
|
- nis-install
|
|
- nis-install-server
|
|
|
|
- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISSERVER'
|
|
(server)
|
|
replace:
|
|
path: /etc/default/nis
|
|
regexp: "^NISSERVER=.*"
|
|
replace: "NISSERVER=master"
|
|
tags:
|
|
- nis-install
|
|
- nis-install-server
|
|
|
|
- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISCLIENT'
|
|
(server)
|
|
replace:
|
|
path: /etc/default/nis
|
|
regexp: "^NISCLIENT=.*"
|
|
replace: "NISCLIENT=false"
|
|
tags:
|
|
- nis-install
|
|
- nis-install-server
|
|
|
|
# ---
|
|
# /etc/ypserv.securenets
|
|
# ---
|
|
|
|
- name: (nis-install-server.yml) Check if file '/etc/ypserv.securenets.ORIG' exists
|
|
stat:
|
|
path: /etc/ypserv.securenets.ORIG
|
|
register: ypserv_securenets_orig_exists
|
|
tags:
|
|
- nis-install
|
|
- nis-install-server
|
|
|
|
- name: (nis-install-server.yml) Backup existing file /etc/ypserv.securenets
|
|
command: cp -a /etc/ypserv.securenets /etc/ypserv.securenets.ORIG
|
|
when:
|
|
- ypserv_securenets_orig_exists.stat.exists == False
|
|
tags:
|
|
- nis-install
|
|
- nis-install-server
|
|
|
|
- name: (nis-install-server.yml) Comment line like '0.0.0.0 ..' to file
|
|
/etc/ypserv.securenets
|
|
replace:
|
|
path: /etc/ypserv.securenets
|
|
regexp: "^(0.0.0.0\\s+.*)"
|
|
replace: "#\\1"
|
|
tags:
|
|
- nis-install
|
|
- nis-install-server
|
|
|
|
- name: (nis-install-server.yml) Add '255.255.0.0 192.168.0.0' to file
|
|
/etc/ypserv.securenets
|
|
lineinfile:
|
|
path: /etc/ypserv.securenets
|
|
line: "255.255.0.0 192.168.0.0"
|
|
insertafter: EOF
|
|
state: present
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
tags:
|
|
- nis-install
|
|
- nis-install-server
|
|
|
|
- name: (nis-install-server.yml) Add '255.0.0.0 10.0.0.0' to file
|
|
/etc/ypserv.securenets
|
|
lineinfile:
|
|
path: /etc/ypserv.securenets
|
|
line: "255.0.0.0 10.0.0.0"
|
|
insertafter: EOF
|
|
state: present
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
tags:
|
|
- nis-install
|
|
- nis-install-server
|
|
|
|
- name: (nis-install-server.yml) Trigger '/usr/lib/yp/ypinit -m'
|
|
shell: printf '\n' | /usr/lib/yp/ypinit -m
|
|
when: nis_installed.changed
|
|
tags:
|
|
- nis-install
|
|
- nis-install-server
|
|
|
|
# ---
|
|
# Base directory containing users' home directory
|
|
# ---
|
|
|
|
- name: (nis-install-server.yml) Ensure directoriy 'nis_base_home' (usually
|
|
/data/home) exists
|
|
file:
|
|
path: "{{ nis_base_home }}"
|
|
owner: root
|
|
group: root
|
|
mode: "0755"
|
|
state: directory
|
|
when:
|
|
- "groups['nis_server']|string is search(inventory_hostname)"
|
|
tags:
|
|
- nis-install
|
|
- nis-install-server
|
|
|
|
# ---
|
|
# /etc/default/useradd
|
|
# ---
|
|
|
|
- name: (nis-install-server.yml) HOME in /etc/default/useradd setzen oder hinter
|
|
Kommentar einfügen
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/default/useradd
|
|
regexp: "^HOME="
|
|
insertafter: "^#\\s*HOME="
|
|
line: "HOME={{ nis_base_home }}"
|
|
backup: true
|
|
when:
|
|
- nis_base_home is defined
|
|
- nis_base_home != '/home'
|
|
|
|
# ---
|
|
# /etc/adduser.conf
|
|
# ---
|
|
|
|
- name: (nis-install-server.yml) Check if file '/etc/adduser.conf.ORIG exists'
|
|
stat:
|
|
path: /etc/adduser.conf.ORIG
|
|
register: adduser_conf_exists
|
|
when:
|
|
- nis_base_home is defined
|
|
- nis_base_home != '/home'
|
|
tags:
|
|
- nis-install
|
|
- nis-install-server
|
|
|
|
- name: (nis-install-server.yml) Backup existing file /etc/adduser.conf
|
|
command: cp -a /etc/adduser.conf /etc/adduser.conf.ORIG
|
|
when:
|
|
- nis_base_home is defined
|
|
- nis_base_home != '/home'
|
|
- adduser_conf_exists.stat.exists == False
|
|
tags:
|
|
- nis-install
|
|
- nis-install-server
|
|
|
|
- name: (nis-install-server.yml) DHOME in /etc/adduser.conf setzen oder hinter
|
|
Kommentar einfügen
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/adduser.conf
|
|
regexp: "^DHOME="
|
|
insertafter: "^#\\s*DHOME="
|
|
line: "DHOME={{ nis_base_home }}"
|
|
backup: true
|
|
when:
|
|
- nis_base_home is defined
|
|
- nis_base_home != '/home'
|
|
|
|
# ---
|
|
# /var/yp/Makefile
|
|
# ---
|
|
|
|
- name: (nis-install-server.yml) Check if file '/var/yp/Makefile.ORIG exists'
|
|
stat:
|
|
path: /var/yp/Makefile.ORIG
|
|
register: adduser_conf_exists
|
|
tags:
|
|
- nis-install
|
|
- nis-install-server
|
|
|
|
- name: (nis-install-server.yml) Backup existing file /var/yp/Makefile
|
|
command: cp -a /var/yp/Makefile /var/yp/Makefile.ORIG
|
|
when:
|
|
- adduser_conf_exists.stat.exists == False
|
|
tags:
|
|
- nis-install
|
|
- nis-install-server
|
|
|
|
- name: (nis-install-server.yml) Adjust file '/var/yp/Makefile'
|
|
replace:
|
|
path: /var/yp/Makefile
|
|
regexp: "^#?{{ item }}=.*"
|
|
replace: "{{ item }}=true"
|
|
with_items:
|
|
- MERGE_PASSWD
|
|
- MERGE_GROUP
|
|
notify:
|
|
- Renew nis databases
|
|
tags:
|
|
- nis-install
|
|
- nis-install-server
|
|
|
|
# TODO:
|
|
# /var/yp/Makefile
|