blob: cc1ba17fbe332ee7c90ee5bd8064215d9adf2081 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
- name: Install packages
apt: pkg={{item}} state=installed
with_items:
- libnss-db
- libnss-ldap
- libpam-ccreds
- nss-updatedb
- python-ldap
- name: Copy linaro_ldap script
copy: src=linaro_ldap.py dest=/usr/lib/python2.7/dist-packages mode=555 owner=root
- name: Copy ssh_keys.py script
copy: src=ssh_keys.py dest=/etc/ssh/ssh_keys.py mode=555 owner=root
register: ssh_keys
- name: Configure ldap.conf
template: src=ldap.conf dest=/etc/
- name: See if offline LDAP cache exists
stat: path=/var/lib/misc/group.db
register: cache
- name: Generate offline LDAP cache
when: cache.stat.exists == False or ssh_keys.changed
command: /etc/ssh/ssh_keys.py --sync {{ldap_cache_url}}
- name: Configure nsswitch.conf
copy: src=nsswitch.conf dest=/etc/
- name: Configure sudoers
template: src=ansible_sudoers dest=/etc/sudoers.d/
mode=0400 owner=root
- name: Enable home directory creation
copy: src=mkhomedir dest=/usr/share/pam-configs/
register: mkhomedir
- name: Update pam-auth-update
when: mkhomedir is defined and mkhomedir.changed
command: pam-auth-update --force --package
- name: Configure sshd (authorized keys and allowgroups)
template: src=sshd_config dest=/etc/ssh/
notify:
- restart-sshd
- name: Add cron job for syncing with LDAP
template: src=cron.d dest=/etc/cron.d/ldap-sync
|
