%PDF- %PDF-
Direktori : /etc/ansible/roles/web/tasks/ |
Current File : //etc/ansible/roles/web/tasks/create_ntlm.yml |
--- ######## restart nginx and apache services # ntlm_name: netbios domain name (ex. BX) DN # ntlm_fqdn: full domain name (ex. BX.OFFICE) DNF # ntlm_host: netbios hostname, user can set it or will be use server hostname # ntlm_dps: domain password server (ex. DC1.BX.OFFICE) DPS # ntlm_user: domain admin user DU # ntlm_pass_file: password for domain user # manage_kernel: define all sites with the same kernel. NTLM auth will be working for all of them. # ntlm_web_configure - switch to enable after succefull install NTLM ######### Gathering facts #### # bx_sites_info - usage when created apache configuration - name: gathering facts about installed sites with the same DB bx_facts: name=list password=0 install='(kernel|link)' status=finished dbname={{ manage_kernel | default('sitemanager0') }} - name: create variable bx_sites_info - all sites with the same DB set_fact: bx_sites_info: "{{ hostvars[inventory_hostname]['bx_sites'] }}" - name: gathering facts about installed kernel site with defined DB bx_facts: name=list password=0 install='(kernel|ext_kernel)' status=finished dbname={{ manage_kernel | default('sitemanager0') }} - name: create variable bx_kernel_site - installed kernel site with defined DB set_fact: bx_kernel_site: "{{ hostvars[inventory_hostname]['bx_sites'] }}" ############ Configure Winbind (samba, kerberos and etc.) #### - include: samba_configs.yml when: ntlm_dps != 'NOT_DEFINED' #### ############ /Configure Winbind (samba, kerberos and etc.) ############ Test domain #### - name: test that the domain has successfully been joined by bx_ntlm: idmap_id={{ idmap_range_start }} - name: exit if check returned that the host is not added to domain fail: msg: "AD status={{ domain_status }} winbind status={{ nss_status }}" when: domain_status == 'not_configured' or nss_status == 'not_configured' #### ############ /Test domain ############ Apache and sites configs #### in case web cluster, apache settings will created on master server only #### - name: create apache config with main settings (listen and ntlm module enable) template: src: httpd/mod_ntlm.conf.j2 dest: "/etc/httpd/bx/conf/mod_ntlm.conf" owner: bitrix group: bitrix mode: 0644 notify: restart httpd - name: create apache config for sites template: src: httpd/ntlm_site.conf.j2 dest: "/etc/httpd/bx/conf/ntlm_{{ item.ServerName }}.conf" owner: bitrix group: bitrix mode: 0644 with_items: "{{ bx_sites_info }}" notify: restart httpd - name: create temporary directory for php scripts file: path: "/opt/webdir/.ansible" state: directory mode: 0750 owner: root group: bitrix - name: create temporary directories for sites with_items: "{{ bx_sites_info }}" file: path: "/opt/webdir/.ansible/{{ item.SiteName }}" state: directory mode: 0750 owner: root group: bitrix - name: save ntlm script to temporary directory template: src: "ntlm_settings.php.j2" dest: "/opt/webdir/.ansible/{{ item.SiteName }}/ntlm_settings.php" mode: 0640 owner: root group: bitrix with_items: "{{ bx_sites_info }}" - name: enable NTLM in site settings - execute ntlm script shell: php -f ntlm_settings.php args: chdir: "/opt/webdir/.ansible/{{ item.SiteName }}" with_items: "{{ bx_sites_info }}" become: yes become_user: "{{ bx_ansible_executer }}" - name: delete temporary files file: path: "/opt/webdir/.ansible" state: absent when: "ansible_playbook_debug != 'DEBUG'" #### ############ /Apache and sites configs ############ update ansible group settings #### - name: update info in bitrix group delegate_to: 127.0.0.1 bx_conf: group=web state=update ntlm_web_configure=enable tags: ansible_hosts #### ############ /update ansible group settings