rol and playbook centralized auth
This commit is contained in:
parent
47eef61bda
commit
f71e5104da
|
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- hosts: '{{ ip_addr }}'
|
||||||
|
become: yes
|
||||||
|
become_method: sudo
|
||||||
|
gather_facts: yes
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
|
||||||
|
- name: "[CONFIG CENTRALIZED AUTH] Config centralized auth"
|
||||||
|
import_role:
|
||||||
|
name: config-centralized-auth
|
||||||
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
# restart nslcd service to apply changes
|
||||||
|
- name: restart nslcd
|
||||||
|
service:
|
||||||
|
name: "{{ nslcd_daemon }}"
|
||||||
|
state: restarted
|
||||||
|
|
@ -0,0 +1,47 @@
|
||||||
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
# configure centralized authentication [nslcd]
|
||||||
|
# paso1 - Copy
|
||||||
|
- name: copy file nslcd.conf
|
||||||
|
copy:
|
||||||
|
src: nslcd.conf
|
||||||
|
dest: /etc/nslcd.conf
|
||||||
|
owner: root
|
||||||
|
group: nslcd
|
||||||
|
mode: '0640'
|
||||||
|
backup: yes
|
||||||
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
# paso2 - lineinfile password with vault
|
||||||
|
- name: add password with ansible vault to file nslcd.conf
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/nslcd.conf
|
||||||
|
regexp: "{{item.regexp}}"
|
||||||
|
line: "{{item.line}}"
|
||||||
|
state: present
|
||||||
|
with_items:
|
||||||
|
- regexp: "^bindpw"
|
||||||
|
line: "bindpw {{ bindpw_password }}"
|
||||||
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
# paso3 - editar lineas fichero /etc/nsswitch.conf
|
||||||
|
- name: edit file /etc/nsswitch.conf
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/nsswitch.conf
|
||||||
|
regexp: "{{item.regexp}}"
|
||||||
|
line: "{{item.line}}"
|
||||||
|
state: present
|
||||||
|
with_items:
|
||||||
|
- regexp: "^passwd:"
|
||||||
|
line: "passwd: files systemd ldap"
|
||||||
|
- regexp: "^group:"
|
||||||
|
line: "group: files systemd ldap"
|
||||||
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
# paso4 - reconfigure PAM to use LDAP
|
||||||
|
- name: reconfigure PAM to use LDAP
|
||||||
|
shell: pam-auth-update --enable ldap
|
||||||
|
notify: restart nslcd
|
||||||
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
# service should start on boot.
|
||||||
|
- name: service should start on boot
|
||||||
|
service:
|
||||||
|
name: "{{ nslcd_daemon }}"
|
||||||
|
enabled: yes
|
||||||
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
|
@ -0,0 +1,8 @@
|
||||||
|
bindpw_password: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
30343461633538323832316231383362626636653864353535346461353937313131336135396162
|
||||||
|
3866623238353638323961363239373236393339333134380a313561363030306165393965396234
|
||||||
|
65316535626434333331633438613639633163643765633064363833303461363834653864646464
|
||||||
|
3133313233353730620a343536316266393637623563313563613332646630643632366439343764
|
||||||
|
30383935303161646339393361393130613266663337373364626635646430326465
|
||||||
|
nslcd_daemon: nslcd
|
||||||
Loading…
Reference in New Issue