101 lines
2.4 KiB
YAML
101 lines
2.4 KiB
YAML
- name: Install required packages
|
|
apt:
|
|
name:
|
|
- realmd
|
|
- sssd
|
|
- libpam-mount
|
|
- kstart
|
|
- heimdal-clients
|
|
|
|
- name: Remove krb5-user
|
|
apt:
|
|
name:
|
|
krb5-user
|
|
state: absent
|
|
|
|
- name: Set OU
|
|
set_fact:
|
|
ou_path: "OU={{locations[0]}},OU=Ucilnice"
|
|
|
|
- name: Show state
|
|
debug:
|
|
msg: "Host: {{inventory_hostname}}, OU: {{ou_path}}"
|
|
# - import_tasks: ne_sysprep.yaml
|
|
|
|
- name: "Rename"
|
|
# Racunalnik najprej preimenujmo, da ne bosta v domeni obenem 2 z istim imenom
|
|
hostname:
|
|
name: "{{inventory_hostname}}-linux"
|
|
register: hostname_res
|
|
|
|
- name: Check whether we already joined
|
|
command: /bin/bash -c "/usr/sbin/realm list"
|
|
register: realm_list_results
|
|
|
|
- name: Join using realmd
|
|
expect:
|
|
command: realm join --user={{ad_join_user}} --computer-ou={{ou_path}} {{domain_name}}
|
|
responses:
|
|
(?i)Password: "{{ad_join_password}}"
|
|
ignore_errors: yes
|
|
when: realm_list_results.stdout == ""
|
|
|
|
- name: Copy sssd config
|
|
template:
|
|
src: sssd.conf
|
|
dest: "/etc/sssd/sssd.conf"
|
|
owner: root
|
|
mode: 0600
|
|
|
|
- name: Fix apparmor HOMEDIRS
|
|
template:
|
|
src: apparmor_cifs_homes
|
|
dest: "/etc/apparmor.d/tunables/home.d/cifs_homes"
|
|
|
|
#- name: Configure libpam-mount
|
|
# copy:
|
|
# src: pam_mount.conf.xml
|
|
# dest: /etc/security/pam_mount.conf.xml
|
|
|
|
#- name: Enable libpam-mount
|
|
# command: pam-auth-update --enable libpam-mount
|
|
# become: true
|
|
|
|
- name: Disable libpam-mkhomedir
|
|
command: pam-auth-update --disable mkhomedir
|
|
become: true
|
|
|
|
- name: Use sssd for cifs idmap
|
|
file:
|
|
state: link
|
|
src: /usr/lib/x86_64-linux-gnu/cifs-utils/cifs_idmap_sss.so
|
|
path: /etc/alternatives/idmap-plugin
|
|
|
|
- name: Create service to get and renew machine kerberos tickets
|
|
copy:
|
|
src: kstart.service
|
|
dest: /etc/systemd/system/kstart.service
|
|
|
|
- name: Start kstart service to enable cifs mount
|
|
copy:
|
|
src: kstart.service
|
|
dest: /etc/systemd/system/kstart.service
|
|
|
|
- name: Create profiles directory
|
|
file:
|
|
path: /home/profiles
|
|
state: directory
|
|
|
|
- name: Add mount - cifs_home
|
|
mount:
|
|
boot: true
|
|
fstype: cifs
|
|
src: "//ucilnicesmb.fri1.uni-lj.si/ucilnice_d"
|
|
path: /remote_home
|
|
state: mounted
|
|
opts: "cruid=0,username={{ inventory_hostname }}-linux@FRI1.UNI-LJ.SI,sec=krb5i,nobrl,sfu,cifsacl,setuids,fsc,multiuser,actimeo=65536,nostrictsync,cache=loose,resilienthandles,noatime,x-systemd.requires=kstart.service"
|
|
|
|
- name: Restart sssd
|
|
service:
|
|
name: sssd
|
|
state: restarted
|