Skip to content

Commit

Permalink
rename the role to sssd_ad
Browse files Browse the repository at this point in the history
  • Loading branch information
kayiwa committed Nov 12, 2024
1 parent 76a4f18 commit ec57557
Show file tree
Hide file tree
Showing 14 changed files with 30 additions and 20 deletions.
1 change: 1 addition & 0 deletions .github/workflows/molecule_tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ jobs:
# - ruby
- ruby_s
- samba
- sssd_ad
# - saxon
- shared_data
# - shibboleth
Expand Down
File renamed without changes.
File renamed without changes.
11 changes: 11 additions & 0 deletions roles/sssd_ad/handlers/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
# handlers file sssd_ad
- name: restart sshd
ansible.builtin.service:
name: sshd
state: restarted

- name: restart sssd
service:
name: sssd
state: restarted
File renamed without changes.
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,6 @@
update_cache: true
cache_valid_time: 600
tasks:
- name: "Include system_ldap"
- name: "Include sssd_ad"
ansible.builtin.include_role:
name: system_ldap
name: sssd_ad
File renamed without changes.
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
hosts: all
gather_facts: false
tasks:
- name: System_ldap | Verify packages are installed
- name: Sssd_ad | Verify packages are installed
ansible.builtin.apt:
name:
- adcli
Expand All @@ -13,4 +13,3 @@
- sssd
- sssd-tools
state: present
changed_when: false
29 changes: 15 additions & 14 deletions roles/system_ldap/tasks/main.yml → roles/sssd_ad/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,26 +1,27 @@
---
- name: System_ldap | change hostname to match AD
- name: Sssd_ad | change hostname to match AD
ansible.builtin.command: hostnamectl set-hostname {{ host_ad_name | default(omit) }}
changed_when: false
when:
- running_on_server

- name: System_ldap | allow password authentication
- name: Sssd_ad | allow password authentication
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
state: present
regexp: '^PasswordAuthentication no'
line: 'PasswordAuthentication yes'

- name: System_ldap | allow users authentication
- name: Sssd_ad | allow users authentication
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
state: present
regexp: '^AllowUsers pulsys'
line: '# AllowUsers pulsys'
when: running_on_server
notify: restart sshd

- name: System_ldap | install necessary packages
- name: Sssd_ad | install necessary packages
ansible.builtin.apt:
name: "{{ item }}"
state: present
Expand All @@ -33,7 +34,7 @@
- sssd
- sssd-tools

- name: System_ldap | configure Kerberos
- name: Sssd_ad | configure Kerberos
ansible.builtin.blockinfile:
path: /etc/krb5.conf
mode: "0644"
Expand Down Expand Up @@ -64,42 +65,42 @@
.{{ ad_domain | lower }} = {{ ad_domain | upper }}
{{ ad_domain | lower }} = {{ ad_domain | upper }}
- name: System_ldap | create sssd.conf
- name: Sssd_ad | create sssd.conf
ansible.builtin.template:
src: sssd.conf.j2
dest: /etc/sssd/sssd.conf
mode: "0644"

- name: System_ldap | enable and start sssd service
- name: Sssd_ad | enable and start sssd service
ansible.builtin.service:
name: sssd
state: started
enabled: true

- name: System_ldap | join the domain
- name: Sssd_ad | join the domain
ansible.builtin.command: realm join {{ ad_domain }} -U {{ ad_admin_user }} --install=/
environment:
KRB5_CONFIG: /etc/krb5.conf
changed_when: false
when: running_on_server

- name: System_ldap | verify domain join
- name: Sssd_ad | verify domain join
ansible.builtin.command: realm list
register: realm_list
changed_when: false
when: running_on_server

- name: System_ldap | debug realm list output
- name: Sssd_ad | debug realm list output
ansible.builtin.debug:
var: realm_list.stdout
when: running_on_server

- name: System_ldap | configure PAM
- name: Sssd_ad | configure PAM
ansible.builtin.lineinfile:
path: /etc/pam.d/common-session
line: 'session required pam_mkhomedir.so skel=/etc/skel umask=0022'

- name: System_ldap | create home directory for AD users
- name: Sssd_ad | create home directory for AD users
ansible.builtin.file:
path: /home/{{ ad_test_user }}
state: directory
Expand All @@ -108,14 +109,14 @@
group: "{{ ad_test_user }}"
when: running_on_server

- name: System_ldap | test login with AD user
- name: Sssd_ad | test login with AD user
ansible.builtin.command: su - {{ ad_test_user }} -c 'exit 0'
changed_when: false
ignore_errors: true # Ignore errors if the user cannot log in yet
register: ad_login_result
when: running_on_server

- name: System_ldap | debug AD login result
- name: Sssd_ad | debug AD login result
ansible.builtin.debug:
var: ad_login_result
when: running_on_server
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
2 changes: 0 additions & 2 deletions roles/system_ldap/handlers/main.yml

This file was deleted.

0 comments on commit ec57557

Please sign in to comment.