summaryrefslogtreecommitdiffstats
path: root/roles/ands_idm
diff options
context:
space:
mode:
authorSuren A. Chilingaryan <csa@suren.me>2019-10-11 06:25:21 +0200
committerSuren A. Chilingaryan <csa@suren.me>2019-10-11 06:25:21 +0200
commitb23e9400c36acf9856606165489e8828c2cf8dd5 (patch)
tree581468996aa8202b9121c8031ee50bf60984a816 /roles/ands_idm
parentb17d3d74eb5a9e7640d94f98f6b27ce4891b3c26 (diff)
downloaditm-b23e9400c36acf9856606165489e8828c2cf8dd5.tar.gz
itm-b23e9400c36acf9856606165489e8828c2cf8dd5.tar.bz2
itm-b23e9400c36acf9856606165489e8828c2cf8dd5.tar.xz
itm-b23e9400c36acf9856606165489e8828c2cf8dd5.zip
ipa-client and fine tunning
Diffstat (limited to 'roles/ands_idm')
-rw-r--r--roles/ands_idm/defaults/main.yml1
-rw-r--r--roles/ands_idm/tasks/find_ands_connection.yml18
-rw-r--r--roles/ands_idm/tasks/find_connection_by_if.yml9
-rw-r--r--roles/ands_idm/tasks/find_interface_by_net.yml17
-rw-r--r--roles/ands_idm/tasks/main.yml9
-rw-r--r--roles/ands_idm/tasks/setup_dns.yml38
-rw-r--r--roles/ands_idm/tasks/setup_ipa.yml20
l---------roles/ands_idm/vars/config1
8 files changed, 113 insertions, 0 deletions
diff --git a/roles/ands_idm/defaults/main.yml b/roles/ands_idm/defaults/main.yml
new file mode 100644
index 0000000..07e67af
--- /dev/null
+++ b/roles/ands_idm/defaults/main.yml
@@ -0,0 +1 @@
+ands_none: "{{ None }}"
diff --git a/roles/ands_idm/tasks/find_ands_connection.yml b/roles/ands_idm/tasks/find_ands_connection.yml
new file mode 100644
index 0000000..f4cf9b6
--- /dev/null
+++ b/roles/ands_idm/tasks/find_ands_connection.yml
@@ -0,0 +1,18 @@
+- name: "Detect ands network interface"
+ include_tasks: "find_interface_by_net.yml"
+ vars:
+ var: "ands_network_interface"
+ net: "{{ ands_network }}"
+ when:
+ - ands_network_interface is not defined
+ - ands_network is defined
+
+
+- name: "Detect ands network connection"
+ include_tasks: "find_connection_by_if.yml"
+ vars:
+ var: "ands_network_connection"
+ iface: "{{ ands_network_interface }}"
+ when:
+ - ands_network_connection is not defined
+ - ands_network_interface is defined
diff --git a/roles/ands_idm/tasks/find_connection_by_if.yml b/roles/ands_idm/tasks/find_connection_by_if.yml
new file mode 100644
index 0000000..3fd883e
--- /dev/null
+++ b/roles/ands_idm/tasks/find_connection_by_if.yml
@@ -0,0 +1,9 @@
+- name: "Detect nm connection corresponding to interface '{{ bridge | default(iface) }}'"
+ shell: "nmcli d show {{ iface | quote }} | grep CONNECTION | cut -d ':' -f 2- | sed -E -e 's/^[[:space:]]+//' | grep '^[[:alpha:]]'"
+ register: conres
+ failed_when: false
+ changed_when: false
+
+- name: "Set {{ var }} to {{ conres.stdout | quote }}"
+ set_fact:
+ "{{ var }}": "{{ conres.stdout }}"
diff --git a/roles/ands_idm/tasks/find_interface_by_net.yml b/roles/ands_idm/tasks/find_interface_by_net.yml
new file mode 100644
index 0000000..ad44578
--- /dev/null
+++ b/roles/ands_idm/tasks/find_interface_by_net.yml
@@ -0,0 +1,17 @@
+- name: "Looking for interface holding {{ net }}"
+ set_fact:
+ "{{ var }}": "{{ eth['device'] }}"
+ vars:
+ eth: "{{ hostvars[inventory_hostname]['ansible_' + item] | default({}) }}"
+ ipv4: "{{ eth['ipv4'] | default({}) }}"
+ q: "{{ eth | json_query('ipv4_secondaries[*].network') }}"
+ sec: "{{ ((q == ands_none) or (q == '')) | ternary([], q) }}"
+ nets: "{{ sec | union([ipv4.network]) }}"
+ when:
+ - eth['type'] is defined
+ - eth['ipv4'] is defined
+ - eth['device'] is defined
+ - eth['type'] == 'ether'
+ - net | ipaddr('network') in nets
+ with_items:
+ - "{{ hostvars[inventory_hostname]['ansible_interfaces'] }}"
diff --git a/roles/ands_idm/tasks/main.yml b/roles/ands_idm/tasks/main.yml
new file mode 100644
index 0000000..667f14e
--- /dev/null
+++ b/roles/ands_idm/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+- include_vars: dir="config" name="config"
+
+- name: Setup DNS
+ include_tasks: "setup_dns.yml"
+
+- name: Setup ipa-client
+ include_tasks: "setup_ipa.yml"
+
diff --git a/roles/ands_idm/tasks/setup_dns.yml b/roles/ands_idm/tasks/setup_dns.yml
new file mode 100644
index 0000000..a463c77
--- /dev/null
+++ b/roles/ands_idm/tasks/setup_dns.yml
@@ -0,0 +1,38 @@
+- name: "Find NM connection"
+ include_tasks: "find_ands_connection.yml"
+
+- name: "Change FQDN"
+ replace: path="/etc/hostname" regexp="{{ public_domain }}" replace="{{ ands_domain }}"
+
+- name: "Read FQDN"
+ command: "cat /etc/hostname"
+ register: hostname
+ changed_when: false
+
+- name: "Adjust runtime FQDN"
+ hostname: name="{{ hostname.stdout }}"
+
+- name: "Find configured DNS servers"
+ shell: "nmcli d show {{ ands_network_interface }} | grep DNS | grep {{ ands_idm_server_ip | quote }}"
+ register: dns_check
+ changed_when: dns_check is failed
+ failed_when: false
+
+- name: "Change DNS server on {{ ands_network_connection }}"
+# nmcli: conn_name="{{ ands_network_connection }}" dns4="[{{ ands_idm_server_ip }}]" state="present"
+ command: "nmcli connection modify {{ ands_network_connection | quote }} ipv4.dns {{ ands_idm_server_ip }} ipv4.ignore-auto-dns yes ipv6.ignore-auto-dns yes ipv4.dns-search '{{ ands_domain,public_search_domains }}'"
+ register: result
+ when:
+ - ands_network_connection is defined
+ - dns_check.rc != 0
+
+- name: "Update associated interface {{ ands_network_interface }}"
+ command: "nmcli connection up {{ ands_network_connection | quote }}"
+ when:
+ - ands_network_interface is defined
+ - result is changed
+
+
+
+#- name: Register idM in /etc/hosts
+# lineinfile: dest="/etc/hosts" line="192.168.26.212 ipeidm.ands.kit.edu ipeidm" regexp="ipeidm$" state="present"
diff --git a/roles/ands_idm/tasks/setup_ipa.yml b/roles/ands_idm/tasks/setup_ipa.yml
new file mode 100644
index 0000000..06fe6da
--- /dev/null
+++ b/roles/ands_idm/tasks/setup_ipa.yml
@@ -0,0 +1,20 @@
+- name: Install ipa-client
+ package: name=ipa-client state=present
+
+- name: "Check if ipa is already configured"
+ shell: "grep {{ ands_domain }} /etc/krb5.conf"
+ register: ipa_check
+ changed_when: ipa_check is failed
+ failed_when: false
+
+- name: "Read FQDN"
+ command: "cat /etc/hostname"
+ register: hostname
+ changed_when: false
+
+- name: "Configure ipa"
+ command: "/usr/sbin/ipa-client-install -p admin -w {{ config.ands_idm_admin_password | quote }} --hostname={{ hostname.stdout }} --domain={{ ands_domain }} --server={{ ands_idm_server }} --enable-dns-updates --mkhomedir --request-cert --unattended"
+ when:
+ - ipa_check.rc != 0
+
+
diff --git a/roles/ands_idm/vars/config b/roles/ands_idm/vars/config
new file mode 120000
index 0000000..a2a1973
--- /dev/null
+++ b/roles/ands_idm/vars/config
@@ -0,0 +1 @@
+../../../setup/config/ \ No newline at end of file