Current File : //etc/ansible/roles/web/tasks/create_ntlm.yml
---
######## restart nginx and apache services
# ntlm_name: netbios domain name (ex. BX) DN
# ntlm_fqdn: full domain name (ex. BX.OFFICE) DNF
# ntlm_host: netbios hostname, user can set it or will be use server hostname
# ntlm_dps: domain password server (ex. DC1.BX.OFFICE) DPS
# ntlm_user: domain admin user DU
# ntlm_pass_file: password for domain user
# manage_kernel: define all sites with the same kernel. NTLM auth will be working for all of them.
# ntlm_web_configure - switch to enable after succefull install NTLM
######### Gathering facts
####
# bx_sites_info - usage when created apache configuration
- name: gathering facts about installed sites with the same DB
bx_facts: name=list password=0 install='(kernel|link)'
status=finished dbname={{ manage_kernel | default('sitemanager0') }}
- name: create variable bx_sites_info - all sites with the same DB
set_fact:
bx_sites_info: "{{ hostvars[inventory_hostname]['bx_sites'] }}"
- name: gathering facts about installed kernel site with defined DB
bx_facts: name=list password=0 install='(kernel|ext_kernel)'
status=finished dbname={{ manage_kernel | default('sitemanager0') }}
- name: create variable bx_kernel_site - installed kernel site with defined DB
set_fact:
bx_kernel_site: "{{ hostvars[inventory_hostname]['bx_sites'] }}"
############ Configure Winbind (samba, kerberos and etc.)
####
- include: samba_configs.yml
when: ntlm_dps != 'NOT_DEFINED'
####
############ /Configure Winbind (samba, kerberos and etc.)
############ Test domain
####
- name: test that the domain has successfully been joined by
bx_ntlm: idmap_id={{ idmap_range_start }}
- name: exit if check returned that the host is not added to domain
fail:
msg: "AD status={{ domain_status }} winbind status={{ nss_status }}"
when: domain_status == 'not_configured'
or nss_status == 'not_configured'
####
############ /Test domain
############ Apache and sites configs
#### in case web cluster, apache settings will created on master server only
####
- name: create apache config with main settings (listen and ntlm module enable)
template:
src: httpd/mod_ntlm.conf.j2
dest: "/etc/httpd/bx/conf/mod_ntlm.conf"
owner: bitrix
group: bitrix
mode: 0644
notify: restart httpd
- name: create apache config for sites
template:
src: httpd/ntlm_site.conf.j2
dest: "/etc/httpd/bx/conf/ntlm_{{ item.ServerName }}.conf"
owner: bitrix
group: bitrix
mode: 0644
with_items: "{{ bx_sites_info }}"
notify: restart httpd
- name: create temporary directory for php scripts
file:
path: "/opt/webdir/.ansible"
state: directory
mode: 0750
owner: root
group: bitrix
- name: create temporary directories for sites
with_items: "{{ bx_sites_info }}"
file:
path: "/opt/webdir/.ansible/{{ item.SiteName }}"
state: directory
mode: 0750
owner: root
group: bitrix
- name: save ntlm script to temporary directory
template:
src: "ntlm_settings.php.j2"
dest: "/opt/webdir/.ansible/{{ item.SiteName }}/ntlm_settings.php"
mode: 0640
owner: root
group: bitrix
with_items: "{{ bx_sites_info }}"
- name: enable NTLM in site settings - execute ntlm script
shell: php -f ntlm_settings.php
args:
chdir: "/opt/webdir/.ansible/{{ item.SiteName }}"
with_items: "{{ bx_sites_info }}"
become: yes
become_user: "{{ bx_ansible_executer }}"
- name: delete temporary files
file:
path: "/opt/webdir/.ansible"
state: absent
when: "ansible_playbook_debug != 'DEBUG'"
####
############ /Apache and sites configs
############ update ansible group settings
####
- name: update info in bitrix group
delegate_to: 127.0.0.1
bx_conf: group=web state=update ntlm_web_configure=enable
tags: ansible_hosts
####
############ /update ansible group settings
Mini Shell