Splitt 'nis.yaml' into 'nis-install-client.yml' and 'nis-install-server.yml'. Some more changes..

group_vars/all/main.yml

@@ -39,6 +39,7 @@ samba_shares:
       - eva
       - hannah
       - isadora
+      - katrine
       - konstantin
       - kristin
       - lara
@@ -68,6 +69,7 @@ samba_shares:
       - eva
       - hannah
       - isadora
+      - katrine
       - konstantin
       - kristin
       - lara
@@ -87,8 +89,13 @@ samba_shares:
       - musa
 
 nis_domain: sprachenatelier.netz
+#nis_domain: local.netz
 
 nis_server_address: 192.168.92.10
+#nis_server_address: 192.168.63.20
+
+nis_server_name: file-spr.sprachenatelier.netz
+#nis_server_name: luna.local.netz
 
 nis_common_packages:
   - nis
@@ -113,8 +120,8 @@ nis_groups:
 nis_user:
   - name: chris
     groups:
-      - buero
       - intern
+      - buero
       - no-backup
     is_samba_user: true
     password: !vault |
@@ -168,6 +175,13 @@ nis_user:
     is_samba_user: true
     password: 'luis11'
 
+  - name: eva
+    groups:
+      - intern
+      - buero
+    is_samba_user: true
+    password: '250791'
+
   - name: hannah
     groups:
       - intern
@@ -182,6 +196,13 @@ nis_user:
     is_samba_user: true
     password: '270988'
 
+  - name: katrine
+    groups:
+      - intern
+      - buero
+    is_samba_user: true
+    password: '200290'
+
   - name: konstantin
     groups:
       - intern

hosts

@@ -43,13 +43,13 @@ cl106.sprachenatelier.netz
 cl107.sprachenatelier.netz
 cl108.sprachenatelier.netz
 cl109.sprachenatelier.netz
-thunderbolt.local.netz
 
 [file_server]
 file-spr.sprachenatelier.netz
 
 [nfs_server]
 file-spr.sprachenatelier.netz
+luna.local.netz
 
 [nis_server]
 file-spr.sprachenatelier.netz

roles/common/files/etc/systemd/system/rpcbind.socket.d/override.conf

@@ -0,0 +1,4 @@
+[Unit]
+DefaultDependencies=no
+Wants=rpcbind.target
+Before=rpcbind.target

roles/common/files/etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf

@@ -0,0 +1,3 @@
+[Service]
+IPAddressAllow=192.168.0.0/16
+

roles/common/handlers/main.yml

@@ -12,3 +12,15 @@
     enabled: yes
   when: 
     - "groups['nfs_server']|string is search(inventory_hostname)"
+
+- name: Restart systemd-logind.service
+  service:
+    name: systemd-logind
+    daemon_reload: yes
+    state: restarted
+
+- name: Restart rpcbind
+  service:
+    name: rpcbind
+    daemon_reload: yes
+    state: restarted

roles/common/tasks/main.yml

@@ -11,10 +11,19 @@
 
 # tags supported inside nfs.yml:
 #
-#    nis-install
+#    nis-install-server
-- import_tasks: nis.yml
+- import_tasks: nis-install-server.yml
+  when: "groups['nis_server']|string is search(inventory_hostname)"
   tags:
-    - nis
+    - nis-install
+
+# tags supported inside nfs.yml:
+#
+#    nis-install-client
+- import_tasks: nis-install-client.yml
+  when: "groups['nis_client']|string is search(inventory_hostname)"
+  tags:
+    - nis-install
 
 # tags supported inside nis_samba_user.yml:
 #

roles/common/tasks/nfs.yml

@@ -24,6 +24,8 @@
     mode: '0755'
     state: directory
   with_items: "{{ nfs_exports }}"
+  loop_control:
+    label: '{{ item.path }}'
   when:
     - "groups['nfs_server']|string is search(inventory_hostname)"
   tags:
@@ -66,6 +68,8 @@
     passno: "{{ item.passno | default(omit) }}"
     state: mounted
   loop: "{{ nfs_exports }}"
+  loop_control:
+    label: '{{ item.src }}'
   when:
     - "groups['nfs_client']|string is search(inventory_hostname)"
   tags:

roles/common/tasks/nis-install-client.yml

@@ -0,0 +1,303 @@
+---
+
+# ---
+# Install nis
+# ---
+
+- name: (nis-install-client.yml) Set (nis) default domain (/etc/defaultdomain)
+  template:
+    dest: /etc/defaultdomain  
+    src: etc/defaultdomain.j2
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Create preconfigured /etc/yp.conf on nis clients
+  template:
+    dest: /etc/yp.conf
+    src: etc/yp.conf.j2
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Install nis common packages
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ nis_common_packages }}"
+  tags:
+    - nis-install
+    - nis-install-client
+
+
+# ---
+# /etc/default/nis
+# ---
+
+- name: (nis-install-client.yml) Check if file '/etc/default/nis.ORIG' exists
+  stat:
+    path: /etc/default/nis.ORIG
+  register: default_nis_exists
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Backup existing file /etc/default/nis
+  command: cp -a /etc/default/nis /etc/default/nis.ORIG
+  when:
+    - default_nis_exists.stat.exists == False
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Adjust file /etc/default/nis - set 'NISSERVER' (client)
+  replace:
+    path: /etc/default/nis
+    regexp: '^NISSERVER=.*'
+    replace: 'NISSERVER=false'
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Adjust file /etc/default/nis - set 'NISCLIENT' (client)
+  replace:
+    path: /etc/default/nis
+    regexp: '^NISCLIENT=.*'
+    replace: 'NISCLIENT=true'
+  tags:
+    - nis-install
+    - nis-install-client
+
+
+# ---
+# /etc/{passwd,group,shadow}
+# ---
+
+- name: (nis-install-client.yml) Add '+::::::' to file /etc/passwd
+  lineinfile:
+    path: /etc/passwd
+    line: '+::::::'
+    insertafter: EOF
+    state: present
+    owner: root
+    group: root
+    mode: '0644'
+  when: "ansible_distribution_major_version|int  < 18"
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Add '+:::' to file /etc/group
+  lineinfile:
+    path: /etc/group
+    line: '+:::'
+    insertafter: EOF
+    state: present
+    owner: root
+    group: root
+    mode: '0644'
+  when: "ansible_distribution_major_version|int  < 18"
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Add '+::::::::' to file /etc/shadow
+  lineinfile:
+    path: /etc/shadow
+    line: '+::::::::'
+    insertafter: EOF
+    state: present
+    owner: root
+    group: shadow
+    mode: '0640'
+  when: "ansible_distribution_major_version|int  < 18"
+  tags:
+    - nis-install
+    - nis-install-client
+
+
+# ---
+# /etc/hosts
+# ---
+
+- name: (nis-install-client.yml) Check if file '/etc/hosts.ORIG' exists
+  stat:
+    path: /etc/hosts.ORIG
+  register: etc_hosts_orig_exists
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Backup existing file /etc/hosts
+  command: cp -a /etc/hosts /etc/hosts.ORIG
+  when:
+    - etc_hosts_orig_exists.stat.exists == False
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Add nis-server to file /etc/hosts
+  lineinfile:
+    path: /etc/hosts
+    line: '{{ nis_server_address }} {{ nis_server_name }} {{ nis_server_name.split(".")[1] }}'
+    insertafter: EOF
+    state: present
+    owner: root
+    group: root
+    mode: '0644'
+  tags:
+    - nis-install
+    - nis-install-client
+
+
+# ---
+# /etc/nsswitch.conf
+# ---
+
+- name: (nis.yml) Check if file '/etc/nsswitch.conf.ORIG' exists
+  stat:
+    path: /etc/nsswitch.conf.ORIG
+  register: nsswitch_conf_orig_exists
+  tags:
+    - nis-install 
+    - nis-install-client
+
+- name: (nis.yml) Backup existing file /etc/nsswitch.conf
+  command: cp -a /etc/nsswitch.conf /etc/nsswitch.conf.ORIG
+  when:
+    - nsswitch_conf_orig_exists.stat.exists == False
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Adjust file /etc/nsswitch.conf (set hosts)
+  replace:
+    path: /etc/nsswitch.conf
+    regexp: '(hosts:\s+files)\s+([^nis].*)'
+    replace: '\1 nis \2'
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Adjust file /etc/nsswitch.conf (set passwd/group/shadow)
+  replace:
+    path: /etc/nsswitch.conf
+    regexp: '^({{ item }}:\s+.*)'
+    replace: '\1 nis'
+  with_items:
+     - passwd
+     - group
+     - shadow
+  tags:
+    - nis-install
+    - nis-install-client
+
+
+# ---
+# /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf
+# ---
+
+# - !! Using NIS client in Ubuntu 18.04 crashes both Gnome and Unity !!
+# - ===================================================================
+#
+# - Unter NIS in Ubuntu 18.04 stütrzt Gnome und Unity ab
+# -
+# - Abhilfe schafft:
+# -
+#
+# - Create a new directory in /etc/systemd/system/ named exactly after the
+# - service you want to extend including a '.d', here this would be:
+# -    systemd-logind.service.d
+# -
+# -    mkdir /etc/systemd/system/systemd-logind.service.d
+#
+# - Create a new file choose_an_appropriate_name.conf (e.g. nis_allow_network.conf)
+# - inside the newly created directory with the following content, which specifies
+# - the IP or IP range you want to be allowed:
+# -
+# -    cat <<EOF > /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf
+# -    [Service]
+# -    IPAddressAllow=192.168.0.0/16
+# -    EOF
+# -
+# -    systemctl daemon-reload
+# -    systemctl restart systemd-logind.service
+
+- name: (nis-install-client.yml) Ensure directory /etc/systemd/system/systemd-logind.service.d exists
+  file:
+    path: /etc/systemd/system/systemd-logind.service.d
+    owner: root
+    group: root
+    mode: '0755'
+    state: directory
+  when: "ansible_distribution_major_version|int  >= 18"
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Ensure file /files/etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf exists
+  copy:
+    src: "{{ role_path + '/files/etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf' }}"
+    dest: /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf
+    owner: root
+    group: root
+    mode: '0755'
+  when: "ansible_distribution_major_version|int  >= 18"
+  notify:
+    - Restart systemd-logind.service
+  tags:
+    - nis-install
+    - nis-install-client
+
+
+# - Seit Ubuntu 16.04 startet nis vor dem portmapper (rpcbind). Das Starten
+# - schlägt deshalb fehl und nis steht nicht zur Verfügung.
+# -
+# - Abhilfe:
+# -
+# - Run "systemctl edit rpcbind.socket" and add the following:
+# -
+# -    [Unit]
+# -    DefaultDependencies=no
+# -    Wants=rpcbind.target
+# -    Before=rpcbind.target
+# -
+# - You can see your changes:
+# -    cat /etc/systemd/system/rpcbind.socket.d/override.conf
+
+- name: (nis-install-client.yml) Ensure directory /etc/systemd/system/rpcbind.socket.d exists
+  file:
+    path: /etc/systemd/system/rpcbind.socket.d
+    owner: root
+    group: root
+    mode: '0755'
+    state: directory
+  when: "ansible_distribution_major_version|int  >= 16"
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Ensure file /files/etc/systemd/system/rpcbind.socket.d/override.conf exists
+  copy:
+    src: "{{ role_path + '/files/etc/systemd/system/rpcbind.socket.d/override.conf' }}"
+    dest: /etc/systemd/system/rpcbind.socket.d/override.conf
+    owner: root
+    group: root
+    mode: '0755'
+  when: "ansible_distribution_major_version|int  >= 16"
+  notify:
+    - Restart rpcbind
+  tags:
+    - nis-install
+    - nis-install-client
+
+
+# TODO:
+# /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf
+# /etc/systemd/system/rpcbind.socket.d/override.conf

roles/common/tasks/nis-install-server.yml

@@ -0,0 +1,215 @@
+---
+
+# ---
+# Install nis
+# ---
+
+- name: (nis-install-server.yml) Set (nis) default domain (/etc/defaultdomain)
+  template:
+    dest: /etc/defaultdomain  
+    src: etc/defaultdomain.j2
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Install nis common packages
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ nis_common_packages }}"
+  register: nis_installed
+  tags:
+    - nis-install
+    - nis-install-server
+
+
+# ---
+# /etc/default/nis
+# ---
+
+- name: (nis-install-server.yml) Check if file '/etc/default/nis.ORIG' exists
+  stat:
+    path: /etc/default/nis.ORIG
+  register: default_nis_exists
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Backup existing file /etc/default/nis
+  command: cp -a /etc/default/nis /etc/default/nis.ORIG
+  when:
+    - default_nis_exists.stat.exists == False
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISSERVER' (server)
+  replace:
+    path: /etc/default/nis
+    regexp: '^NISSERVER=.*'
+    replace: 'NISSERVER=master'
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISCLIENT' (server)
+  replace:
+    path: /etc/default/nis
+    regexp: '^NISCLIENT=.*'
+    replace: 'NISCLIENT=false'
+  tags:
+    - nis-install
+    - nis-install-server
+
+
+# ---
+# /etc/ypserv.securenets
+# ---
+
+- name: (nis-install-server.yml) Check if file '/etc/ypserv.securenets.ORIG' exists
+  stat:
+    path: /etc/ypserv.securenets.ORIG
+  register: ypserv_securenets_orig_exists
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Backup existing file /etc/ypserv.securenets
+  command: cp -a /etc/ypserv.securenets /etc/ypserv.securenets.ORIG
+  when:
+    - ypserv_securenets_orig_exists.stat.exists == False
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-client.yml) Comment line like '0.0.0.0 ..' to file /etc/ypserv.securenets
+  replace:
+    path: /etc/ypserv.securenets
+    regexp: '^(0.0.0.0\s+.*)'
+    replace: '#\1'
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-server.yml) Add '255.255.0.0 192.168.0.0' to file /etc/ypserv.securenets
+  lineinfile:
+    path: /etc/ypserv.securenets
+    line: '255.255.0.0 192.168.0.0'
+    insertafter: EOF
+    state: present
+    owner: root
+    group: root
+    mode: '0644'
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-server.yml) Add '255.0.0.0 10.0.0.0' to file /etc/ypserv.securenets
+  lineinfile:
+    path: /etc/ypserv.securenets
+    line: '255.0.0.0 10.0.0.0'
+    insertafter: EOF
+    state: present
+    owner: root
+    group: root
+    mode: '0644'
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Trigger '/usr/lib/yp/ypinit -m'
+  shell: printf '\n' | /usr/lib/yp/ypinit -m
+  when: nis_installed.changed
+  tags:
+    - nis-install
+    - nis-install-server
+
+
+# ---
+# Base directory containing users' home directory
+# ---
+
+- name: (nis-install-server.yml) Ensure directoriy 'nis_base_home' (usually /data/home) exists
+  file:
+    path: '{{  nis_base_home}}'
+    owner: root
+    group: root
+    mode: '0755'
+    state: directory
+  when:
+    - "groups['nfs_server']|string is search(inventory_hostname)"
+  tags:
+    - nis-install
+    - nis-install-server
+
+
+# ---
+# /etc/adduser.conf
+# ---
+
+- name: (nis-install-server.yml) Check if file '/etc/adduser.conf.ORIG exists'
+  stat:
+    path: /etc/adduser.conf.ORIG
+  register: adduser_conf_exists
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Backup existing file /etc/adduser.conf
+  command: cp -a /etc/adduser.conf /etc/adduser.conf.ORIG
+  when:
+    - adduser_conf_exists.stat.exists == False
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Adjust file  '/etc/adduser.conf' - set 'DHOME'
+  replace:
+    path: /etc/adduser.conf
+    regexp: '^#?DHOME=.*'
+    replace: 'DHOME={{ nis_base_home }}'
+  tags:
+    - nis-install
+    - nis-install-server
+
+
+# ---
+# /var/yp/Makefile
+# ---
+
+- name: (nis-install-server.yml) Check if file '/var/yp/Makefile.ORIG exists'
+  stat:
+    path: /var/yp/Makefile.ORIG
+  register: adduser_conf_exists
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Backup existing file /var/yp/Makefile
+  command: cp -a /var/yp/Makefile /var/yp/Makefile.ORIG
+  when:
+    - adduser_conf_exists.stat.exists == False
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Adjust file  '/var/yp/Makefile'
+  replace:
+    path: /var/yp/Makefile
+    regexp: '^#?{{ item }}=.*'
+    replace: '{{ item }}=true'
+  with_items:
+    - MERGE_PASSWD
+    - MERGE_GROUP
+  notify: 
+    - Renew nis databases
+  tags:
+    - nis-install
+    - nis-install-server
+
+
+# TODO:
+# /var/yp/Makefile

roles/common/tasks/nis.yml

@@ -1,100 +0,0 @@
----
-
-- name: (nis.yml) Set (nis) default domain (/etc/defaultdomain)
-  template:
-    dest: /etc/defaultdomain  
-    src: etc/defaultdomain.j2
-    owner: root
-    group: root
-    mode: 0644
-  tags:
-    nis-install
-
-- name: (nis.yml) Create preconfigured /etc/yp.conf on nis clients
-  template:
-    dest: /etc/yp.conf
-    src: etc/yp.conf.j2
-    owner: root
-    group: root
-    mode: 0644
-  when: "groups['nis_client']|string is search(inventory_hostname)"
-  tags:
-    nis-install
-
-- name: (nis.yml) Install nis common packages
-  package:
-    name: "{{ item }}"
-    state: present
-  with_items: "{{ nis_common_packages }}"
-  tags:
-    - nis-install
-
-- name: (nis.yml) Add '+::::::' to file /etc/passwd
-  lineinfile:
-    path: /etc/passwd
-    line: '+::::::'
-    insertafter: EOF
-    state: present
-    owner: root
-    group: root
-    mode: '0644'
-  when: "groups['nis_client']|string is search(inventory_hostname)"
-  tags:
-    - nis-install
-
-- name: (nis.yml) Add '+:::' to file /etc/group
-  lineinfile:
-    path: /etc/group
-    line: '+:::'
-    insertafter: EOF
-    state: present
-    owner: root
-    group: root
-    mode: '0644'
-  when: "groups['nis_client']|string is search(inventory_hostname)"
-  tags:
-    - nis-install
-
-- name: (nis.yml) Add '+::::::::' to file /etc/shadow
-  lineinfile:
-    path: /etc/shadow
-    line: '+::::::::'
-    insertafter: EOF
-    state: present
-    owner: root
-    group: shadow
-    mode: '0640'
-  when: "groups['nis_client']|string is search(inventory_hostname)"
-  tags:
-    - nis-install
-
-- name: (nis.yml) Check if file '/etc/nsswitch.conf.ORIG' exists
-  stat:
-    path: /etc/nsswitch.conf.ORIG
-  register: nsswitch_conf_orig_exists
-  when:
-    - "groups['nis_client']|string is search(inventory_hostname)"
-  tags:
-    - nis-install
-
-- name: (nis.yml) Backup existing file /etc/nsswitch.conf
-  command: cp -a /etc/nsswitch.conf /etc/nsswitch.conf.ORIG
-  when:
-    - "groups['nis_client']|string is search(inventory_hostname)"
-    - nsswitch_conf_orig_exists.stat.exists == False
-  tags:
-    - nis-install
-
-- name: (nis.yml) Adjust file /etc/nsswitch.conf
-  replace:
-    path: /etc/nsswitch.conf
-    regexp: '(hosts:\s+files)\s+([^nis].*)'
-    replace: '\1 nis \2'
-  when: "groups['nis_client']|string is search(inventory_hostname)"
-  tags:
-    - nis-install
-
-# TODO:
-# /etc/defaul/nis
-# /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf
-# /etc/systemd/system/rpcbind.socket.d/override.conf

roles/common/tasks/nis_samba_user.yml

@@ -52,7 +52,6 @@
     - nis-user
     - system-user
 
-
 # ---
 # - default user/groups
 # ---