diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index 827db2f..b2f364d 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -39,6 +39,7 @@ samba_shares: - eva - hannah - isadora + - katrine - konstantin - kristin - lara @@ -68,6 +69,7 @@ samba_shares: - eva - hannah - isadora + - katrine - konstantin - kristin - lara @@ -87,8 +89,13 @@ samba_shares: - musa nis_domain: sprachenatelier.netz +#nis_domain: local.netz nis_server_address: 192.168.92.10 +#nis_server_address: 192.168.63.20 + +nis_server_name: file-spr.sprachenatelier.netz +#nis_server_name: luna.local.netz nis_common_packages: - nis @@ -113,8 +120,8 @@ nis_groups: nis_user: - name: chris groups: - - buero - intern + - buero - no-backup is_samba_user: true password: !vault | @@ -168,6 +175,13 @@ nis_user: is_samba_user: true password: 'luis11' + - name: eva + groups: + - intern + - buero + is_samba_user: true + password: '250791' + - name: hannah groups: - intern @@ -182,6 +196,13 @@ nis_user: is_samba_user: true password: '270988' + - name: katrine + groups: + - intern + - buero + is_samba_user: true + password: '200290' + - name: konstantin groups: - intern diff --git a/hosts b/hosts index be4a30c..016a12e 100644 --- a/hosts +++ b/hosts @@ -43,13 +43,13 @@ cl106.sprachenatelier.netz cl107.sprachenatelier.netz cl108.sprachenatelier.netz cl109.sprachenatelier.netz -thunderbolt.local.netz [file_server] file-spr.sprachenatelier.netz [nfs_server] file-spr.sprachenatelier.netz +luna.local.netz [nis_server] file-spr.sprachenatelier.netz diff --git a/roles/common/files/etc/systemd/system/rpcbind.socket.d/override.conf b/roles/common/files/etc/systemd/system/rpcbind.socket.d/override.conf new file mode 100644 index 0000000..480847b --- /dev/null +++ b/roles/common/files/etc/systemd/system/rpcbind.socket.d/override.conf @@ -0,0 +1,4 @@ +[Unit] +DefaultDependencies=no +Wants=rpcbind.target +Before=rpcbind.target diff --git a/roles/common/files/etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf b/roles/common/files/etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf new file mode 100644 index 0000000..20d1465 --- /dev/null +++ b/roles/common/files/etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf @@ -0,0 +1,3 @@ +[Service] +IPAddressAllow=192.168.0.0/16 + diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml index a2a80e7..6f0d681 100644 --- a/roles/common/handlers/main.yml +++ b/roles/common/handlers/main.yml @@ -12,3 +12,15 @@ enabled: yes when: - "groups['nfs_server']|string is search(inventory_hostname)" + +- name: Restart systemd-logind.service + service: + name: systemd-logind + daemon_reload: yes + state: restarted + +- name: Restart rpcbind + service: + name: rpcbind + daemon_reload: yes + state: restarted diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 6ec6280..2567059 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -11,10 +11,19 @@ # tags supported inside nfs.yml: # -# nis-install -- import_tasks: nis.yml +# nis-install-server +- import_tasks: nis-install-server.yml + when: "groups['nis_server']|string is search(inventory_hostname)" tags: - - nis + - nis-install + +# tags supported inside nfs.yml: +# +# nis-install-client +- import_tasks: nis-install-client.yml + when: "groups['nis_client']|string is search(inventory_hostname)" + tags: + - nis-install # tags supported inside nis_samba_user.yml: # diff --git a/roles/common/tasks/nfs.yml b/roles/common/tasks/nfs.yml index 86ac2ab..00bf1c0 100644 --- a/roles/common/tasks/nfs.yml +++ b/roles/common/tasks/nfs.yml @@ -24,6 +24,8 @@ mode: '0755' state: directory with_items: "{{ nfs_exports }}" + loop_control: + label: '{{ item.path }}' when: - "groups['nfs_server']|string is search(inventory_hostname)" tags: @@ -66,6 +68,8 @@ passno: "{{ item.passno | default(omit) }}" state: mounted loop: "{{ nfs_exports }}" + loop_control: + label: '{{ item.src }}' when: - "groups['nfs_client']|string is search(inventory_hostname)" tags: diff --git a/roles/common/tasks/nis-install-client.yml b/roles/common/tasks/nis-install-client.yml new file mode 100644 index 0000000..2234415 --- /dev/null +++ b/roles/common/tasks/nis-install-client.yml @@ -0,0 +1,303 @@ +--- + +# --- +# Install nis +# --- + +- name: (nis-install-client.yml) Set (nis) default domain (/etc/defaultdomain) + template: + dest: /etc/defaultdomain + src: etc/defaultdomain.j2 + owner: root + group: root + mode: 0644 + tags: + - nis-install + - nis-install-client + +- name: (nis-install-client.yml) Create preconfigured /etc/yp.conf on nis clients + template: + dest: /etc/yp.conf + src: etc/yp.conf.j2 + owner: root + group: root + mode: 0644 + tags: + - nis-install + - nis-install-client + +- name: (nis-install-client.yml) Install nis common packages + package: + name: "{{ item }}" + state: present + with_items: "{{ nis_common_packages }}" + tags: + - nis-install + - nis-install-client + + +# --- +# /etc/default/nis +# --- + +- name: (nis-install-client.yml) Check if file '/etc/default/nis.ORIG' exists + stat: + path: /etc/default/nis.ORIG + register: default_nis_exists + tags: + - nis-install + - nis-install-client + +- name: (nis-install-client.yml) Backup existing file /etc/default/nis + command: cp -a /etc/default/nis /etc/default/nis.ORIG + when: + - default_nis_exists.stat.exists == False + tags: + - nis-install + - nis-install-client + +- name: (nis-install-client.yml) Adjust file /etc/default/nis - set 'NISSERVER' (client) + replace: + path: /etc/default/nis + regexp: '^NISSERVER=.*' + replace: 'NISSERVER=false' + tags: + - nis-install + - nis-install-client + +- name: (nis-install-client.yml) Adjust file /etc/default/nis - set 'NISCLIENT' (client) + replace: + path: /etc/default/nis + regexp: '^NISCLIENT=.*' + replace: 'NISCLIENT=true' + tags: + - nis-install + - nis-install-client + + +# --- +# /etc/{passwd,group,shadow} +# --- + +- name: (nis-install-client.yml) Add '+::::::' to file /etc/passwd + lineinfile: + path: /etc/passwd + line: '+::::::' + insertafter: EOF + state: present + owner: root + group: root + mode: '0644' + when: "ansible_distribution_major_version|int < 18" + tags: + - nis-install + - nis-install-client + +- name: (nis-install-client.yml) Add '+:::' to file /etc/group + lineinfile: + path: /etc/group + line: '+:::' + insertafter: EOF + state: present + owner: root + group: root + mode: '0644' + when: "ansible_distribution_major_version|int < 18" + tags: + - nis-install + - nis-install-client + +- name: (nis-install-client.yml) Add '+::::::::' to file /etc/shadow + lineinfile: + path: /etc/shadow + line: '+::::::::' + insertafter: EOF + state: present + owner: root + group: shadow + mode: '0640' + when: "ansible_distribution_major_version|int < 18" + tags: + - nis-install + - nis-install-client + + +# --- +# /etc/hosts +# --- + +- name: (nis-install-client.yml) Check if file '/etc/hosts.ORIG' exists + stat: + path: /etc/hosts.ORIG + register: etc_hosts_orig_exists + tags: + - nis-install + - nis-install-client + +- name: (nis-install-client.yml) Backup existing file /etc/hosts + command: cp -a /etc/hosts /etc/hosts.ORIG + when: + - etc_hosts_orig_exists.stat.exists == False + tags: + - nis-install + - nis-install-client + +- name: (nis-install-client.yml) Add nis-server to file /etc/hosts + lineinfile: + path: /etc/hosts + line: '{{ nis_server_address }} {{ nis_server_name }} {{ nis_server_name.split(".")[1] }}' + insertafter: EOF + state: present + owner: root + group: root + mode: '0644' + tags: + - nis-install + - nis-install-client + + +# --- +# /etc/nsswitch.conf +# --- + +- name: (nis.yml) Check if file '/etc/nsswitch.conf.ORIG' exists + stat: + path: /etc/nsswitch.conf.ORIG + register: nsswitch_conf_orig_exists + tags: + - nis-install + - nis-install-client + +- name: (nis.yml) Backup existing file /etc/nsswitch.conf + command: cp -a /etc/nsswitch.conf /etc/nsswitch.conf.ORIG + when: + - nsswitch_conf_orig_exists.stat.exists == False + tags: + - nis-install + - nis-install-client + +- name: (nis-install-client.yml) Adjust file /etc/nsswitch.conf (set hosts) + replace: + path: /etc/nsswitch.conf + regexp: '(hosts:\s+files)\s+([^nis].*)' + replace: '\1 nis \2' + tags: + - nis-install + - nis-install-client + +- name: (nis-install-client.yml) Adjust file /etc/nsswitch.conf (set passwd/group/shadow) + replace: + path: /etc/nsswitch.conf + regexp: '^({{ item }}:\s+.*)' + replace: '\1 nis' + with_items: + - passwd + - group + - shadow + tags: + - nis-install + - nis-install-client + + +# --- +# /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf +# --- + +# - !! Using NIS client in Ubuntu 18.04 crashes both Gnome and Unity !! +# - =================================================================== +# +# - Unter NIS in Ubuntu 18.04 stütrzt Gnome und Unity ab +# - +# - Abhilfe schafft: +# - +# +# - Create a new directory in /etc/systemd/system/ named exactly after the +# - service you want to extend including a '.d', here this would be: +# - systemd-logind.service.d +# - +# - mkdir /etc/systemd/system/systemd-logind.service.d +# +# - Create a new file choose_an_appropriate_name.conf (e.g. nis_allow_network.conf) +# - inside the newly created directory with the following content, which specifies +# - the IP or IP range you want to be allowed: +# - +# - cat < /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf +# - [Service] +# - IPAddressAllow=192.168.0.0/16 +# - EOF +# - +# - systemctl daemon-reload +# - systemctl restart systemd-logind.service + +- name: (nis-install-client.yml) Ensure directory /etc/systemd/system/systemd-logind.service.d exists + file: + path: /etc/systemd/system/systemd-logind.service.d + owner: root + group: root + mode: '0755' + state: directory + when: "ansible_distribution_major_version|int >= 18" + tags: + - nis-install + - nis-install-client + +- name: (nis-install-client.yml) Ensure file /files/etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf exists + copy: + src: "{{ role_path + '/files/etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf' }}" + dest: /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf + owner: root + group: root + mode: '0755' + when: "ansible_distribution_major_version|int >= 18" + notify: + - Restart systemd-logind.service + tags: + - nis-install + - nis-install-client + + +# - Seit Ubuntu 16.04 startet nis vor dem portmapper (rpcbind). Das Starten +# - schlägt deshalb fehl und nis steht nicht zur Verfügung. +# - +# - Abhilfe: +# - +# - Run "systemctl edit rpcbind.socket" and add the following: +# - +# - [Unit] +# - DefaultDependencies=no +# - Wants=rpcbind.target +# - Before=rpcbind.target +# - +# - You can see your changes: +# - cat /etc/systemd/system/rpcbind.socket.d/override.conf + +- name: (nis-install-client.yml) Ensure directory /etc/systemd/system/rpcbind.socket.d exists + file: + path: /etc/systemd/system/rpcbind.socket.d + owner: root + group: root + mode: '0755' + state: directory + when: "ansible_distribution_major_version|int >= 16" + tags: + - nis-install + - nis-install-client + +- name: (nis-install-client.yml) Ensure file /files/etc/systemd/system/rpcbind.socket.d/override.conf exists + copy: + src: "{{ role_path + '/files/etc/systemd/system/rpcbind.socket.d/override.conf' }}" + dest: /etc/systemd/system/rpcbind.socket.d/override.conf + owner: root + group: root + mode: '0755' + when: "ansible_distribution_major_version|int >= 16" + notify: + - Restart rpcbind + tags: + - nis-install + - nis-install-client + + +# TODO: +# /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf +# /etc/systemd/system/rpcbind.socket.d/override.conf diff --git a/roles/common/tasks/nis-install-server.yml b/roles/common/tasks/nis-install-server.yml new file mode 100644 index 0000000..9f9ad72 --- /dev/null +++ b/roles/common/tasks/nis-install-server.yml @@ -0,0 +1,215 @@ +--- + +# --- +# Install nis +# --- + +- name: (nis-install-server.yml) Set (nis) default domain (/etc/defaultdomain) + template: + dest: /etc/defaultdomain + src: etc/defaultdomain.j2 + owner: root + group: root + mode: 0644 + tags: + - nis-install + - nis-install-server + +- name: (nis-install-server.yml) Install nis common packages + package: + name: "{{ item }}" + state: present + with_items: "{{ nis_common_packages }}" + register: nis_installed + tags: + - nis-install + - nis-install-server + + +# --- +# /etc/default/nis +# --- + +- name: (nis-install-server.yml) Check if file '/etc/default/nis.ORIG' exists + stat: + path: /etc/default/nis.ORIG + register: default_nis_exists + tags: + - nis-install + - nis-install-server + +- name: (nis-install-server.yml) Backup existing file /etc/default/nis + command: cp -a /etc/default/nis /etc/default/nis.ORIG + when: + - default_nis_exists.stat.exists == False + tags: + - nis-install + - nis-install-server + +- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISSERVER' (server) + replace: + path: /etc/default/nis + regexp: '^NISSERVER=.*' + replace: 'NISSERVER=master' + tags: + - nis-install + - nis-install-server + +- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISCLIENT' (server) + replace: + path: /etc/default/nis + regexp: '^NISCLIENT=.*' + replace: 'NISCLIENT=false' + tags: + - nis-install + - nis-install-server + + +# --- +# /etc/ypserv.securenets +# --- + +- name: (nis-install-server.yml) Check if file '/etc/ypserv.securenets.ORIG' exists + stat: + path: /etc/ypserv.securenets.ORIG + register: ypserv_securenets_orig_exists + tags: + - nis-install + - nis-install-server + +- name: (nis-install-server.yml) Backup existing file /etc/ypserv.securenets + command: cp -a /etc/ypserv.securenets /etc/ypserv.securenets.ORIG + when: + - ypserv_securenets_orig_exists.stat.exists == False + tags: + - nis-install + - nis-install-server + +- name: (nis-install-client.yml) Comment line like '0.0.0.0 ..' to file /etc/ypserv.securenets + replace: + path: /etc/ypserv.securenets + regexp: '^(0.0.0.0\s+.*)' + replace: '#\1' + tags: + - nis-install + - nis-install-client + +- name: (nis-install-server.yml) Add '255.255.0.0 192.168.0.0' to file /etc/ypserv.securenets + lineinfile: + path: /etc/ypserv.securenets + line: '255.255.0.0 192.168.0.0' + insertafter: EOF + state: present + owner: root + group: root + mode: '0644' + tags: + - nis-install + - nis-install-client + +- name: (nis-install-server.yml) Add '255.0.0.0 10.0.0.0' to file /etc/ypserv.securenets + lineinfile: + path: /etc/ypserv.securenets + line: '255.0.0.0 10.0.0.0' + insertafter: EOF + state: present + owner: root + group: root + mode: '0644' + tags: + - nis-install + - nis-install-server + +- name: (nis-install-server.yml) Trigger '/usr/lib/yp/ypinit -m' + shell: printf '\n' | /usr/lib/yp/ypinit -m + when: nis_installed.changed + tags: + - nis-install + - nis-install-server + + +# --- +# Base directory containing users' home directory +# --- + +- name: (nis-install-server.yml) Ensure directoriy 'nis_base_home' (usually /data/home) exists + file: + path: '{{ nis_base_home}}' + owner: root + group: root + mode: '0755' + state: directory + when: + - "groups['nfs_server']|string is search(inventory_hostname)" + tags: + - nis-install + - nis-install-server + + +# --- +# /etc/adduser.conf +# --- + +- name: (nis-install-server.yml) Check if file '/etc/adduser.conf.ORIG exists' + stat: + path: /etc/adduser.conf.ORIG + register: adduser_conf_exists + tags: + - nis-install + - nis-install-server + +- name: (nis-install-server.yml) Backup existing file /etc/adduser.conf + command: cp -a /etc/adduser.conf /etc/adduser.conf.ORIG + when: + - adduser_conf_exists.stat.exists == False + tags: + - nis-install + - nis-install-server + +- name: (nis-install-server.yml) Adjust file '/etc/adduser.conf' - set 'DHOME' + replace: + path: /etc/adduser.conf + regexp: '^#?DHOME=.*' + replace: 'DHOME={{ nis_base_home }}' + tags: + - nis-install + - nis-install-server + + +# --- +# /var/yp/Makefile +# --- + +- name: (nis-install-server.yml) Check if file '/var/yp/Makefile.ORIG exists' + stat: + path: /var/yp/Makefile.ORIG + register: adduser_conf_exists + tags: + - nis-install + - nis-install-server + +- name: (nis-install-server.yml) Backup existing file /var/yp/Makefile + command: cp -a /var/yp/Makefile /var/yp/Makefile.ORIG + when: + - adduser_conf_exists.stat.exists == False + tags: + - nis-install + - nis-install-server + +- name: (nis-install-server.yml) Adjust file '/var/yp/Makefile' + replace: + path: /var/yp/Makefile + regexp: '^#?{{ item }}=.*' + replace: '{{ item }}=true' + with_items: + - MERGE_PASSWD + - MERGE_GROUP + notify: + - Renew nis databases + tags: + - nis-install + - nis-install-server + + +# TODO: +# /var/yp/Makefile diff --git a/roles/common/tasks/nis.yml b/roles/common/tasks/nis.yml deleted file mode 100644 index 3a00f3d..0000000 --- a/roles/common/tasks/nis.yml +++ /dev/null @@ -1,100 +0,0 @@ ---- - -- name: (nis.yml) Set (nis) default domain (/etc/defaultdomain) - template: - dest: /etc/defaultdomain - src: etc/defaultdomain.j2 - owner: root - group: root - mode: 0644 - tags: - nis-install - -- name: (nis.yml) Create preconfigured /etc/yp.conf on nis clients - template: - dest: /etc/yp.conf - src: etc/yp.conf.j2 - owner: root - group: root - mode: 0644 - when: "groups['nis_client']|string is search(inventory_hostname)" - tags: - nis-install - -- name: (nis.yml) Install nis common packages - package: - name: "{{ item }}" - state: present - with_items: "{{ nis_common_packages }}" - tags: - - nis-install - -- name: (nis.yml) Add '+::::::' to file /etc/passwd - lineinfile: - path: /etc/passwd - line: '+::::::' - insertafter: EOF - state: present - owner: root - group: root - mode: '0644' - when: "groups['nis_client']|string is search(inventory_hostname)" - tags: - - nis-install - -- name: (nis.yml) Add '+:::' to file /etc/group - lineinfile: - path: /etc/group - line: '+:::' - insertafter: EOF - state: present - owner: root - group: root - mode: '0644' - when: "groups['nis_client']|string is search(inventory_hostname)" - tags: - - nis-install - -- name: (nis.yml) Add '+::::::::' to file /etc/shadow - lineinfile: - path: /etc/shadow - line: '+::::::::' - insertafter: EOF - state: present - owner: root - group: shadow - mode: '0640' - when: "groups['nis_client']|string is search(inventory_hostname)" - tags: - - nis-install - -- name: (nis.yml) Check if file '/etc/nsswitch.conf.ORIG' exists - stat: - path: /etc/nsswitch.conf.ORIG - register: nsswitch_conf_orig_exists - when: - - "groups['nis_client']|string is search(inventory_hostname)" - tags: - - nis-install - -- name: (nis.yml) Backup existing file /etc/nsswitch.conf - command: cp -a /etc/nsswitch.conf /etc/nsswitch.conf.ORIG - when: - - "groups['nis_client']|string is search(inventory_hostname)" - - nsswitch_conf_orig_exists.stat.exists == False - tags: - - nis-install - -- name: (nis.yml) Adjust file /etc/nsswitch.conf - replace: - path: /etc/nsswitch.conf - regexp: '(hosts:\s+files)\s+([^nis].*)' - replace: '\1 nis \2' - when: "groups['nis_client']|string is search(inventory_hostname)" - tags: - - nis-install - -# TODO: -# /etc/defaul/nis -# /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf -# /etc/systemd/system/rpcbind.socket.d/override.conf diff --git a/roles/common/tasks/nis_samba_user.yml b/roles/common/tasks/nis_samba_user.yml index 097352a..31fe77b 100644 --- a/roles/common/tasks/nis_samba_user.yml +++ b/roles/common/tasks/nis_samba_user.yml @@ -52,7 +52,6 @@ - nis-user - system-user - # --- # - default user/groups # ---