Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
infra
ansible-shared
samba
Commits
4a283d3e
Commit
4a283d3e
authored
Sep 11, 2019
by
Lars Beckers
Browse files
ad-auth: update usage of shell module and passwordstore
parent
89ee8ec8
Changes
3
Hide whitespace changes
Inline
Side-by-side
ad-auth/defaults/main.yml
View file @
4a283d3e
...
...
@@ -2,3 +2,4 @@
ad_admin_group
:
admin
ad_admin_password
:
samba-admin
ad_admin_password_content
:
"
{{
lookup('passwordstore',
ad_admin_password)
}}"
ad-auth/handlers/main.yml
View file @
4a283d3e
---
# file: roles/ad-auth/handlers/main.yml
-
name
:
regenerate pam config
shell
:
DEBIAN_FRONTEND=noninteractive pam-auth-update --force
command
:
pam-auth-update --force
environment
:
DEBIAN_FRONTEND
:
noninteractive
-
name
:
clear sssd cache
command
:
sss_cache -E
...
...
@@ -11,7 +12,9 @@
failed_when
:
"
result.rc
!=
0
and
result.rc
!=
2"
-
name
:
restart sssd
service
:
name=sssd state=restarted
service
:
name
:
sssd
state
:
restarted
-
name
:
check sudo config
command
:
visudo -q -c -f /etc/sudoers
ad-auth/tasks/sssd.yml
View file @
4a283d3e
...
...
@@ -23,7 +23,11 @@
-
sssd
-
name
:
check if our realm is configured
shell
:
realm list | grep "{{ domain }}"
shell
:
|
set -o pipefail
realm list | grep "{{ domain }}"
args
:
executable
:
/bin/bash
register
:
current_realms
changed_when
:
"
current_realms.rc
!=
0"
failed_when
:
"
current_realms.rc
!=
0
and
current_realms.rc
!=
1"
...
...
@@ -38,7 +42,7 @@
-
name
:
get a kerberos ticket
# yamllint disable-line rule:line-length
shell
:
echo "{{
lookup('passwordstore',
ad_admin_password
)
}}" | kinit Administrator
shell
:
echo "{{ ad_admin_password
_content
}}" | kinit Administrator
when
:
debian_version == "jessie"
no_log
:
true
tags
:
...
...
@@ -57,7 +61,7 @@
command
:
kinit Administrator
responses
:
# yamllint disable-line rule:line-length
"
Passwor(d|t)
for
Administrator.*"
:
"
{{
lookup('passwordstore',
ad_admin_password
)
}}"
"
Passwor(d|t)
for
Administrator.*"
:
"
{{
ad_admin_password
_content
}}"
when
:
debian_version != "jessie"
no_log
:
true
tags
:
...
...
@@ -101,7 +105,8 @@
-
sssd
# taken out of Debian's post install hooks
-
name
:
ensure sssd is configured in nsswitch.conf
-
name
:
ensure sssd is configured in nsswitch.conf
# noqa 301 306
# yamllint disable-line rule:line-length
shell
:
"
sed
-i
--regexp-extended
'/^(passwd|group|shadow|netgroup|services):/
{
/
\\
bsss
\\
b/!
s/$/
sss/
}
'
/etc/nsswitch.conf"
args
:
...
...
@@ -117,7 +122,7 @@
tags
:
-
sssd
-
name
:
ensure we have a cronjob which renews krb creden
i
tials once a day
-
name
:
ensure we have a cronjob which renews krb credentials once a day
template
:
src
:
templates/renew_krb5.j2
dest
:
/etc/cron.daily/renew_krb5
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment