Merge branch 'addDistributionfix' into 'master'

add main file which will check os and play playbook depending the os See merge request !7

Merge branch 'addDistributionfix' into 'master'
4d973a89 · Fabio Santaniello · b14cdb74 · 806c23c4 · 4d973a89 · 4d973a89
Commit 4d973a89 authored 3 years ago by Fabio Santaniello
--- a/tasks/centos.yml
+++ b/tasks/centos.yml
+---
+# tasks file for sti_it.ldap_authentication
+- name: install required packages
+  yum:
+    name: "{{ item }}"
+    update_cache: yes
+    state: present
+  loop:
+    - authconfig
+    - sssd
+    - realmd
+    - oddjob
+    - oddjob-mkhomedir
+    - adcli
+    - samba-common
+    - samba-common-tools
+    - openldap-clients
+    - policycoreutils-python
+    - nfs4-acl-tools
+    - nfs-utils
+    - libnfsidmap
+    - libsss_idmap
+    - sssd-winbind-idmap
+    - sudo
+    - openldap
+    - openldap-clients
+    - pam_ldap
+    - nss-pam-ldapd
+- name: make sure that the CA certs path exists
+  file:
+    path: /etc/openldap/cacerts
+    state: directory
+- name: download Digicert intermediate certificate
+  get_url:
+    dest: /etc/openldap/cacerts/digicert.pem
+    url: https://rauth.epfl.ch/Digicert_TLS_RSA_SHA256_2020_CA1.pem
+- name: generate sssd.conf
+  template:
+    src: sssd.conf
+    dest: /etc/sssd/sssd.conf
+    owner: root
+    group: root
+    mode: 0600
+  notify:
+    - restart sssd
+# - name: generate autofs.conf
+#   template:
+#     src: autofs.conf
+#     dest: /etc/autofs.conf
+#     owner: root
+#     group: root
+#   notify:
+#     - restart sssd
+- name: replace nis by ldap in /etc/nsswitch.conf
+  replace:
+    path: /etc/nsswitch.conf
+    regexp: 'nis'
+    replace: 'ldap'
+  notify:
+    - restart sssd
+# - name: ensure that ldap automount is added to nsswitch.conf
+#   lineinfile:
+#     line: 'automount:      ldap'
+#     path: /etc/nsswitch.conf
+#     insertafter: EOF
+#   notify:
+#     - restart sssd
+- name: generate ldap.conf for Centos
+  template:
+    src: ldap.conf
+    dest: /etc/openldap/ldap.conf
+    owner: root
+    group: root
+  notify:
+    - restart sssd
+# As per documentation at https://docs.google.com/document/d/1sfBkcqaGm4M3U6_uqVWSZ1MxKvnH5FK1U4OXr_HDU-w/edit#heading=h.tdhi5uogtedq
+# and at https://help.ubuntu.com/community/LDAPClientAuthentication#Automatically_create_home_folders
+- name: automate the homedir creation process for CentOS
+  shell: authconfig --enablemkhomedir --update
+- name: join Ldap Centos
+  shell: authconfig --kickstart --enableshadow --enablemd5 --passalgo=sha512 --enableldap --ldapserver=ldap.epfl.ch --ldapbasedn=o=epfl,c=ch --enableldapauth --enableforcelegacy --enableldaptls --disablefingerprint --updateall
--- a/tasks/main.yml
+++ b/tasks/main.yml
 ---
-# tasks file for sti_it.ldap_authentication
- name: install required packages
-  apt:
-    name: "{{ item }}"
-    update_cache: yes
-    state: present
-  loop:
-    - sssd
-    - libpam-sss
-    - libnss-sss
-    - sssd-tools
-    - autofs-ldap
-    - ldap-utils
-  when: ansible_os_family == 'Debian'
- name: install required packages
+- include: ubuntu.yml tags=debian
-  yum:
+  when: ansible_distribution == "Ubuntu" and ansible_distribution_major_version == "18"
-    name: "{{ item }}"
-    update_cache: yes
-    state: present
-  loop:
-    - authconfig
-    - sssd
-    - realmd
-    - oddjob
-    - oddjob-mkhomedir
-    - adcli
-    - samba-common
-    - samba-common-tools
-    - openldap-clients
-    - policycoreutils-python
-    - nfs4-acl-tools
-    - nfs-utils
-    - libnfsidmap
-    - libsss_idmap
-    - sssd-winbind-idmap
-    - sudo
-    - openldap
-    - openldap-clients
-    - pam_ldap
-    - nss-pam-ldapd
-  when: ansible_distribution == "CentOS"
- name: make sure that the CA certs path exists
+- include: ubuntu.yml tags=debian
-  file:
+  when: ansible_distribution == "Ubuntu" and ansible_distribution_major_version == "20"
-    path: /etc/openldap/cacerts
-    state: directory
- name: download Digicert intermediate certificate
+- include: centos.yml tags=centos
-  get_url:
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
-    dest: /etc/openldap/cacerts/digicert.pem
-    url: https://rauth.epfl.ch/Digicert_TLS_RSA_SHA256_2020_CA1.pem
- name: generate sssd.conf
-  template:
-    src: sssd.conf
-    dest: /etc/sssd/sssd.conf
-    owner: root
-    group: root
-    mode: 0600
-  notify:
-    - restart sssd
-# - name: generate autofs.conf
-#   template:
-#     src: autofs.conf
-#     dest: /etc/autofs.conf
-#     owner: root
-#     group: root
-#   notify:
-#     - restart sssd
- name: replace nis by ldap in /etc/nsswitch.conf
-  replace:
-    path: /etc/nsswitch.conf
-    regexp: 'nis'
-    replace: 'ldap'
-  notify:
-    - restart sssd
-# - name: ensure that ldap automount is added to nsswitch.conf
-#   lineinfile:
-#     line: 'automount:      ldap'
-#     path: /etc/nsswitch.conf
-#     insertafter: EOF
-#   notify:
-#     - restart sssd
- name: generate ldap.conf for Debian
-  template:
-    src: ldap.conf
-    dest: /etc/ldap/ldap.conf
-    owner: root
-    group: root
-  notify:
-    - restart sssd
-  when: ansible_os_family == 'Debian'
- name: generate ldap.conf for Centos
-  template:
-    src: ldap.conf
-    dest: /etc/openldap/ldap.conf
-    owner: root
-    group: root
-  notify:
-    - restart sssd
-  when: ansible_distribution == "CentOS"
-# As per documentation at https://docs.google.com/document/d/1sfBkcqaGm4M3U6_uqVWSZ1MxKvnH5FK1U4OXr_HDU-w/edit#heading=h.tdhi5uogtedq
-# and at https://help.ubuntu.com/community/LDAPClientAuthentication#Automatically_create_home_folders
- name: automate the homedir creation process for Debian
-  template:
-    src: my_mkhomedir
-    dest: /usr/share/pam-configs/my_mkhomedir
-  when: ansible_os_family == 'Debian'
- name: automate the homedir creation process for CentOS
-  shell: authconfig --enablemkhomedir --update
-  when: ansible_distribution == "CentOS"
- name: activate the creation of the homedir
-  lineinfile:
-    line: 'session required        pam_mkhomedir.so umask=0022 skel=/etc/skel'
-    path: /etc/pam.d/common-session
-    insertafter: EOF
-  notify:
-    - restart sssd
-  when: ansible_os_family == 'Debian'
- name: join Ldap Centos
-  shell: authconfig --kickstart --enableshadow --enablemd5 --passalgo=sha512 --enableldap --ldapserver=ldap.epfl.ch --ldapbasedn=o=epfl,c=ch --enableldapauth --enableforcelegacy --enableldaptls --disablefingerprint --updateall
-  when: ansible_distribution == "CentOS"
--- a/tasks/ubuntu.yml
+++ b/tasks/ubuntu.yml
+---
+# tasks file for sti_it.ldap_authentication
+- name: install required packages
+  apt:
+    name: "{{ item }}"
+    update_cache: yes
+    state: present
+  loop:
+    - sssd
+    - libpam-sss
+    - libnss-sss
+    - sssd-tools
+    - autofs-ldap
+    - ldap-utils
+- name: make sure that the CA certs path exists
+  file:
+    path: /etc/openldap/cacerts
+    state: directory
+- name: download Digicert intermediate certificate
+  get_url:
+    dest: /etc/openldap/cacerts/digicert.pem
+    url: https://rauth.epfl.ch/Digicert_TLS_RSA_SHA256_2020_CA1.pem
+- name: generate sssd.conf
+  template:
+    src: sssd.conf
+    dest: /etc/sssd/sssd.conf
+    owner: root
+    group: root
+    mode: 0600
+  notify:
+    - restart sssd
+# - name: generate autofs.conf
+#   template:
+#     src: autofs.conf
+#     dest: /etc/autofs.conf
+#     owner: root
+#     group: root
+#   notify:
+#     - restart sssd
+- name: replace nis by ldap in /etc/nsswitch.conf
+  replace:
+    path: /etc/nsswitch.conf
+    regexp: 'nis'
+    replace: 'ldap'
+  notify:
+    - restart sssd
+# - name: ensure that ldap automount is added to nsswitch.conf
+#   lineinfile:
+#     line: 'automount:      ldap'
+#     path: /etc/nsswitch.conf
+#     insertafter: EOF
+#   notify:
+#     - restart sssd
+- name: generate ldap.conf for Debian
+  template:
+    src: ldap.conf
+    dest: /etc/ldap/ldap.conf
+    owner: root
+    group: root
+  notify:
+    - restart sssd
+# As per documentation at https://docs.google.com/document/d/1sfBkcqaGm4M3U6_uqVWSZ1MxKvnH5FK1U4OXr_HDU-w/edit#heading=h.tdhi5uogtedq
+# and at https://help.ubuntu.com/community/LDAPClientAuthentication#Automatically_create_home_folders
+- name: automate the homedir creation process for Debian
+  template:
+    src: my_mkhomedir
+    dest: /usr/share/pam-configs/my_mkhomedir
+- name: activate the creation of the homedir
+  lineinfile:
+    line: 'session required        pam_mkhomedir.so umask=0022 skel=/etc/skel'
+    path: /etc/pam.d/common-session
+    insertafter: EOF
+  notify:
+    - restart sssd