first commit

roles/linux_onboard-adagility/tasks/main.yml

@@ -0,0 +1,105 @@
+---
+# tasks file for linux_onboard-adagility
+- name: Install packages
+  apt: 
+    name: "{{ packages }}"
+    state: present
+    update_cache: yes
+  when: ansible_distribution_file_variety != "SUSE"
+- name: install packages (SUSE)
+  package:
+    name: realmd
+    state: present
+  when: ansible_distribution_file_variety == "SUSE"
+
+- name: install dnspython
+  ansible.builtin.pip:
+    name: dnspython
+- name: test reachability of kerberos realm
+  command: 'nslookup adagility.net'
+  register: pingresult
+- name: ping result
+  debug:
+    msg: "{{pingresult}}"
+- name: Install pexpect
+  pip: 
+    name: pexpect
+    state: present     
+- name: replace or add krb5.conf
+  ansible.builtin.copy:
+    src: krb5.conf
+    dest: /etc/krb5.conf
+    follow: yes
+- name: Discover realm
+  command: /bin/bash -c "/usr/sbin/realm discover adagility.net"
+  register: realm_discover_results
+  tags: ad
+
+- name: Discover realm debug
+  debug: 
+    msg: "{{ realm_discover_results.stdout }}"
+
+- name: Create kerberos ticket
+  expect:
+    command: /bin/bash -c "/usr/bin/kinit -V {{admin_account}}"
+    responses:
+      (?i)Password: "{{admin_password}}"
+  tags: ad
+- name: Checking to see if system is already joined to AD
+  command: /bin/bash -c "/usr/sbin/realm list"
+  register: realm_list_results
+  tags: ad
+
+- name: Debug realm_list_results
+  debug: var=realm_list_results.stdout
+- name: join ad
+  ansible.builtin.expect:
+    command:  /bin/bash -c "/usr/sbin/realm join adagility.net --computer-ou='OU={{ tstaccprd }},OU=GLB_{{department}},OU=Servers,OU=Aperam,DC=ADAGILITY,DC=NET' -U {{admin_account}}"
+ #   command:  /bin/bash -c "/usr/sbin/realm join adagility.net --computer-ou='OU=TST,OU=GLB_Infrastructure,OU=Servers,OU=Aperam,DC=ADAGILITY,DC=NET' -U {{admin_account}}"
+    responses:
+      (?i): "{{admin_password}}"
+  ignore_errors: yes
+  when: realm_list_results.stdout == ""
+  become: true
+  timeout: 10
+- name: remove history
+  command: /bin/bash -c  "history -c" 
+
+- name: set hostname
+  ansible.builtin.command:
+    cmd: hostnamectl set-hostname "{{ hostname }}.adagility.net"
+  register: hostname_command
+
+- name: edit /etc/sssd/sssd.conf
+  lineinfile:
+    path: /etc/sssd/sssd.conf
+    line: "{{ item }}"
+  with_items:
+    - "use_fully_qualified_names = True"
+    - "dyndns_update = true"
+    - "dyndns_refresh_interval = 43200"
+    - "dyndns_ttl = 3600"
+- name: specify which ad group can login
+  ansible.builtin.command:
+    cmd: realm permit -g "G-MGMT-LA-DEVADM-{{ hostname|upper }}@adagility.net"
+- name: change sudoers file
+  lineinfile:
+    path: /etc/sudoers
+    line: "%G-MGMT-LA-DEVADM-{{ hostname }}@adagility.net     ALL=(ALL)       ALL"
+- name: change common-sessions
+  ansible.builtin.lineinfile:
+    path: /etc/pam.d/common-session
+    line: session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
+
+
+
+# - name: add users to the domain group
+#   community.windows.win_domain_user:
+#     name: G-MGMT-LA-DEVADM-{{ hostname}}
+#     members: "{{ item }}"
+#   loop: "{{users.split('\n')}}"
+
+
+
+  
+