%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /etc/ansible/roles/web/tasks/
Upload File :
Create Path :
Current File : //etc/ansible/roles/web/tasks/samba_configs.yml

--- 
- name: ntlm_pass variable
  set_fact:
    ntlm_pass: "{{ lookup('file', ntlm_pass_file) }}"
 
############ Configure Winbind (samba, kerberos and etc.)
####
- name: install samba packages Centos7
  yum: 
    name: "{{ item }}"
    state: latest
  with_items:
    - samba
    - samba-winbind
    - samba-common
    - samba-client
    - samba-winbind-clients
    - mod_auth_ntlm_winbind
  when: ansible_distribution == 'CentOS' 
    and ansible_distribution_major_version == '7'

- name: remove samba packages on Centos6
  yum:
    name: "{{ item }}"
    state: absent
  with_items:
    - samba
    - samba-winbind
    - samba-common
    - samba-client
    - samba-winbind-clients
  when: ansible_distribution == 'CentOS'
    and ansible_distribution_major_version == '6'

- name: install samba4 packages on Centos6
  yum:
    name: "{{ item }}"
    state: latest
  with_items:
    - samba4
    - samba4-winbind
    - samba4-common
    - samba4-client
    - samba4-winbind-clients
    - mod_auth_ntlm_winbind
  when: ansible_distribution == 'CentOS'
    and ansible_distribution_major_version == '6'

#  "domain_status": "configured", 
#  "kdc": "192.168.0.230", 
#  "ldap_server": "192.168.0.230", 
#  "ldap_server_name": "TEST-DC-SP.TEST.local", 
#  "nss_status": "configured", 
#  "offset": "-26", 
#  "realm": "TEST.LOCAL"
- name: get current winbind status
  bx_ntlm: 

- name: shutdown smb and winbind service 
  when: domain_status == 'configured'
  with_items:
    - winbind
    - smb
  service: 
    name: "{{ item }}"
    state: stopped

- name: delete cache files from samba
  when: domain_status == 'configured'
  with_items:
    - serverid.tdb
    - winbindd_cache.tdb
    - winbindd_idmap.tdb
    - winbindd_privileged/pipe
  file: 
    path: "/var/lib/samba/{{ item }}"
    state: "absent"

- name: create samba config
  template: 
    src: smb.conf.j2
    dest: /etc/samba/smb.conf

- name: create kerberos config
  template:
    src: krb5.conf.j2
    dest: /etc/krb5.conf

- name: update login sources in /etc/nsswitch.conf
  lineinfile:
    dest: /etc/nsswitch.conf
    regexp: '^passwd:'
    line: 'passwd: compat winbind'

- name: update group sources in /etc/nsswitch.conf
  lineinfile:
    dest: /etc/nsswitch.conf
    regexp: '^group:'
    line: 'group: compat winbind'

- name: update password sources in /etc/nsswitch.conf
  lineinfile:
    dest: /etc/nsswitch.conf
    regexp: '^shadow:'
    line: 'shadow: compat'

- name: update domain in /etc/resolv.conf - search
  lineinfile:
    dest: /etc/resolv.conf
    regexp: '^search\s+'
    line: "search {{ ntlm_fqdn }}"
    state: present

- name: update domain in /etc/resolv.conf - domain
  lineinfile: 
    dest: /etc/resolv.conf
    regexp: '^domain\s+'
    line: "domain {{ ntlm_fqdn }}"
    state: present

- name: add bitrix to wbpriv group
  user:
    append: yes
    groups: wbpriv
    name: bitrix

- name: generate file name for temporary save admin settings
  set_fact:
    join_file: "/opt/webdir/generator/{{ lookup('password', '/tmp/generator_file chars=ascii_letters,digits length=20') }}"

- name: temp directory
  file: 
    path: /opt/webdir/generator
    state: directory
    mode: 0700

- name: save password info to the the file
  template:
    src: options/ntlm_join.j2
    dest: "{{ join_file }}"
    mode: 0400

- name: join the ADS domain
  bx_ntlm: state=join safe_file={{ join_file }}

- name: enable services smb and winbind in the system
  service:
    name: "{{ item }}"
    state: started
    enabled: yes
  with_items:
    - smb
    - winbind

- name: restart all working services
  service:
    name: "{{ item }}"
    state: restarted
  with_items:
    - smb
    - winbind
    - nginx
    - httpd

- name: delete generator file
  file:
    path: /tmp/generator_file
    state: absent
####
############ /Configure Winbind (samba, kerberos and etc.)

Zerion Mini Shell 1.0