rol and playbook centralized auth

linux-config-centralized-auth.yaml

@@ -0,0 +1,12 @@
+---
+
+- hosts: '{{ ip_addr }}'
+  become: yes
+  become_method: sudo
+  gather_facts: yes
+
+  tasks:
+
+    - name: "[CONFIG CENTRALIZED AUTH] Config centralized auth"
+      import_role:
+        name: config-centralized-auth

roles/config-centralized-auth/handlers/main.yaml

@@ -0,0 +1,6 @@
+---
+# restart nslcd service to apply changes
+- name: restart nslcd
+  service:
+    name: "{{ nslcd_daemon }}"
+    state: restarted

roles/config-centralized-auth/tasks/main.yaml

@@ -0,0 +1,47 @@
+#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+# configure centralized authentication [nslcd]
+# paso1 - Copy
+- name: copy file nslcd.conf
+  copy:
+    src: nslcd.conf
+    dest: /etc/nslcd.conf
+    owner: root
+    group: nslcd
+    mode: '0640'
+    backup: yes
+#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   
+# paso2 - lineinfile password with vault
+- name: add password with ansible vault to file nslcd.conf
+  lineinfile:
+    dest: /etc/nslcd.conf
+    regexp: "{{item.regexp}}"
+    line: "{{item.line}}"
+    state: present
+  with_items: 
+    - regexp: "^bindpw"
+      line: "bindpw {{ bindpw_password }}"
+#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+# paso3 - editar lineas fichero /etc/nsswitch.conf
+- name: edit file /etc/nsswitch.conf
+  lineinfile:
+    dest: /etc/nsswitch.conf
+    regexp: "{{item.regexp}}"
+    line: "{{item.line}}"
+    state: present
+  with_items:
+    - regexp: "^passwd:"
+      line: "passwd:         files systemd ldap"
+    - regexp: "^group:"
+      line: "group:          files systemd ldap"
+#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+# paso4 - reconfigure PAM to use LDAP
+- name: reconfigure PAM to use LDAP
+  shell: pam-auth-update --enable ldap
+  notify: restart nslcd
+#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+# service should start on boot.
+- name: service should start on boot
+  service:
+    name: "{{ nslcd_daemon }}"
+    enabled: yes
+#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

roles/config-centralized-auth/vars/main.yaml

@@ -0,0 +1,8 @@
+bindpw_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          30343461633538323832316231383362626636653864353535346461353937313131336135396162
+          3866623238353638323961363239373236393339333134380a313561363030306165393965396234
+          65316535626434333331633438613639633163643765633064363833303461363834653864646464
+          3133313233353730620a343536316266393637623563313563613332646630643632366439343764
+          30383935303161646339393361393130613266663337373364626635646430326465
+nslcd_daemon: nslcd