105 lines
2.9 KiB
YAML
105 lines
2.9 KiB
YAML
---
|
|
# tasks file for linux_onboard-adagility
|
|
- name: Install packages
|
|
apt:
|
|
name: "{{ packages }}"
|
|
state: present
|
|
update_cache: yes
|
|
when: ansible_distribution_file_variety != "SUSE"
|
|
- name: install packages (SUSE)
|
|
package:
|
|
name: realmd
|
|
state: present
|
|
when: ansible_distribution_file_variety == "SUSE"
|
|
|
|
- name: install dnspython
|
|
ansible.builtin.pip:
|
|
name: dnspython
|
|
- name: test reachability of kerberos realm
|
|
command: 'nslookup adagility.net'
|
|
register: pingresult
|
|
- name: ping result
|
|
debug:
|
|
msg: "{{pingresult}}"
|
|
- name: Install pexpect
|
|
pip:
|
|
name: pexpect
|
|
state: present
|
|
- name: replace or add krb5.conf
|
|
ansible.builtin.copy:
|
|
src: krb5.conf
|
|
dest: /etc/krb5.conf
|
|
follow: yes
|
|
- name: Discover realm
|
|
command: /bin/bash -c "/usr/sbin/realm discover adagility.net"
|
|
register: realm_discover_results
|
|
tags: ad
|
|
|
|
- name: Discover realm debug
|
|
debug:
|
|
msg: "{{ realm_discover_results.stdout }}"
|
|
|
|
- name: Create kerberos ticket
|
|
expect:
|
|
command: /bin/bash -c "/usr/bin/kinit -V {{admin_account}}"
|
|
responses:
|
|
(?i)Password: "{{admin_password}}"
|
|
tags: ad
|
|
- name: Checking to see if system is already joined to AD
|
|
command: /bin/bash -c "/usr/sbin/realm list"
|
|
register: realm_list_results
|
|
tags: ad
|
|
|
|
- name: Debug realm_list_results
|
|
debug: var=realm_list_results.stdout
|
|
- name: join ad
|
|
ansible.builtin.expect:
|
|
command: /bin/bash -c "/usr/sbin/realm join adagility.net --computer-ou='OU={{ tstaccprd }},OU=GLB_{{department}},OU=Servers,OU=Aperam,DC=ADAGILITY,DC=NET' -U {{admin_account}}"
|
|
# command: /bin/bash -c "/usr/sbin/realm join adagility.net --computer-ou='OU=TST,OU=GLB_Infrastructure,OU=Servers,OU=Aperam,DC=ADAGILITY,DC=NET' -U {{admin_account}}"
|
|
responses:
|
|
(?i): "{{admin_password}}"
|
|
ignore_errors: yes
|
|
when: realm_list_results.stdout == ""
|
|
become: true
|
|
timeout: 10
|
|
- name: remove history
|
|
command: /bin/bash -c "history -c"
|
|
|
|
- name: set hostname
|
|
ansible.builtin.command:
|
|
cmd: hostnamectl set-hostname "{{ hostname }}.adagility.net"
|
|
register: hostname_command
|
|
|
|
- name: edit /etc/sssd/sssd.conf
|
|
lineinfile:
|
|
path: /etc/sssd/sssd.conf
|
|
line: "{{ item }}"
|
|
with_items:
|
|
- "use_fully_qualified_names = True"
|
|
- "dyndns_update = true"
|
|
- "dyndns_refresh_interval = 43200"
|
|
- "dyndns_ttl = 3600"
|
|
- name: specify which ad group can login
|
|
ansible.builtin.command:
|
|
cmd: realm permit -g "G-MGMT-LA-DEVADM-{{ hostname|upper }}@adagility.net"
|
|
- name: change sudoers file
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
line: "%G-MGMT-LA-DEVADM-{{ hostname }}@adagility.net ALL=(ALL) ALL"
|
|
- name: change common-sessions
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/pam.d/common-session
|
|
line: session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
|
|
|
|
|
|
|
|
# - name: add users to the domain group
|
|
# community.windows.win_domain_user:
|
|
# name: G-MGMT-LA-DEVADM-{{ hostname}}
|
|
# members: "{{ item }}"
|
|
# loop: "{{users.split('\n')}}"
|
|
|
|
|
|
|
|
|
|
|