From b23e9400c36acf9856606165489e8828c2cf8dd5 Mon Sep 17 00:00:00 2001 From: "Suren A. Chilingaryan" Date: Fri, 11 Oct 2019 06:25:21 +0200 Subject: ipa-client and fine tunning --- roles/ands_idm/tasks/find_ands_connection.yml | 18 ++++++++++++ roles/ands_idm/tasks/find_connection_by_if.yml | 9 ++++++ roles/ands_idm/tasks/find_interface_by_net.yml | 17 ++++++++++++ roles/ands_idm/tasks/main.yml | 9 ++++++ roles/ands_idm/tasks/setup_dns.yml | 38 ++++++++++++++++++++++++++ roles/ands_idm/tasks/setup_ipa.yml | 20 ++++++++++++++ 6 files changed, 111 insertions(+) create mode 100644 roles/ands_idm/tasks/find_ands_connection.yml create mode 100644 roles/ands_idm/tasks/find_connection_by_if.yml create mode 100644 roles/ands_idm/tasks/find_interface_by_net.yml create mode 100644 roles/ands_idm/tasks/main.yml create mode 100644 roles/ands_idm/tasks/setup_dns.yml create mode 100644 roles/ands_idm/tasks/setup_ipa.yml (limited to 'roles/ands_idm/tasks') diff --git a/roles/ands_idm/tasks/find_ands_connection.yml b/roles/ands_idm/tasks/find_ands_connection.yml new file mode 100644 index 0000000..f4cf9b6 --- /dev/null +++ b/roles/ands_idm/tasks/find_ands_connection.yml @@ -0,0 +1,18 @@ +- name: "Detect ands network interface" + include_tasks: "find_interface_by_net.yml" + vars: + var: "ands_network_interface" + net: "{{ ands_network }}" + when: + - ands_network_interface is not defined + - ands_network is defined + + +- name: "Detect ands network connection" + include_tasks: "find_connection_by_if.yml" + vars: + var: "ands_network_connection" + iface: "{{ ands_network_interface }}" + when: + - ands_network_connection is not defined + - ands_network_interface is defined diff --git a/roles/ands_idm/tasks/find_connection_by_if.yml b/roles/ands_idm/tasks/find_connection_by_if.yml new file mode 100644 index 0000000..3fd883e --- /dev/null +++ b/roles/ands_idm/tasks/find_connection_by_if.yml @@ -0,0 +1,9 @@ +- name: "Detect nm connection corresponding to interface '{{ bridge | default(iface) }}'" + shell: "nmcli d show {{ iface | quote }} | grep CONNECTION | cut -d ':' -f 2- | sed -E -e 's/^[[:space:]]+//' | grep '^[[:alpha:]]'" + register: conres + failed_when: false + changed_when: false + +- name: "Set {{ var }} to {{ conres.stdout | quote }}" + set_fact: + "{{ var }}": "{{ conres.stdout }}" diff --git a/roles/ands_idm/tasks/find_interface_by_net.yml b/roles/ands_idm/tasks/find_interface_by_net.yml new file mode 100644 index 0000000..ad44578 --- /dev/null +++ b/roles/ands_idm/tasks/find_interface_by_net.yml @@ -0,0 +1,17 @@ +- name: "Looking for interface holding {{ net }}" + set_fact: + "{{ var }}": "{{ eth['device'] }}" + vars: + eth: "{{ hostvars[inventory_hostname]['ansible_' + item] | default({}) }}" + ipv4: "{{ eth['ipv4'] | default({}) }}" + q: "{{ eth | json_query('ipv4_secondaries[*].network') }}" + sec: "{{ ((q == ands_none) or (q == '')) | ternary([], q) }}" + nets: "{{ sec | union([ipv4.network]) }}" + when: + - eth['type'] is defined + - eth['ipv4'] is defined + - eth['device'] is defined + - eth['type'] == 'ether' + - net | ipaddr('network') in nets + with_items: + - "{{ hostvars[inventory_hostname]['ansible_interfaces'] }}" diff --git a/roles/ands_idm/tasks/main.yml b/roles/ands_idm/tasks/main.yml new file mode 100644 index 0000000..667f14e --- /dev/null +++ b/roles/ands_idm/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- include_vars: dir="config" name="config" + +- name: Setup DNS + include_tasks: "setup_dns.yml" + +- name: Setup ipa-client + include_tasks: "setup_ipa.yml" + diff --git a/roles/ands_idm/tasks/setup_dns.yml b/roles/ands_idm/tasks/setup_dns.yml new file mode 100644 index 0000000..a463c77 --- /dev/null +++ b/roles/ands_idm/tasks/setup_dns.yml @@ -0,0 +1,38 @@ +- name: "Find NM connection" + include_tasks: "find_ands_connection.yml" + +- name: "Change FQDN" + replace: path="/etc/hostname" regexp="{{ public_domain }}" replace="{{ ands_domain }}" + +- name: "Read FQDN" + command: "cat /etc/hostname" + register: hostname + changed_when: false + +- name: "Adjust runtime FQDN" + hostname: name="{{ hostname.stdout }}" + +- name: "Find configured DNS servers" + shell: "nmcli d show {{ ands_network_interface }} | grep DNS | grep {{ ands_idm_server_ip | quote }}" + register: dns_check + changed_when: dns_check is failed + failed_when: false + +- name: "Change DNS server on {{ ands_network_connection }}" +# nmcli: conn_name="{{ ands_network_connection }}" dns4="[{{ ands_idm_server_ip }}]" state="present" + command: "nmcli connection modify {{ ands_network_connection | quote }} ipv4.dns {{ ands_idm_server_ip }} ipv4.ignore-auto-dns yes ipv6.ignore-auto-dns yes ipv4.dns-search '{{ ands_domain,public_search_domains }}'" + register: result + when: + - ands_network_connection is defined + - dns_check.rc != 0 + +- name: "Update associated interface {{ ands_network_interface }}" + command: "nmcli connection up {{ ands_network_connection | quote }}" + when: + - ands_network_interface is defined + - result is changed + + + +#- name: Register idM in /etc/hosts +# lineinfile: dest="/etc/hosts" line="192.168.26.212 ipeidm.ands.kit.edu ipeidm" regexp="ipeidm$" state="present" diff --git a/roles/ands_idm/tasks/setup_ipa.yml b/roles/ands_idm/tasks/setup_ipa.yml new file mode 100644 index 0000000..06fe6da --- /dev/null +++ b/roles/ands_idm/tasks/setup_ipa.yml @@ -0,0 +1,20 @@ +- name: Install ipa-client + package: name=ipa-client state=present + +- name: "Check if ipa is already configured" + shell: "grep {{ ands_domain }} /etc/krb5.conf" + register: ipa_check + changed_when: ipa_check is failed + failed_when: false + +- name: "Read FQDN" + command: "cat /etc/hostname" + register: hostname + changed_when: false + +- name: "Configure ipa" + command: "/usr/sbin/ipa-client-install -p admin -w {{ config.ands_idm_admin_password | quote }} --hostname={{ hostname.stdout }} --domain={{ ands_domain }} --server={{ ands_idm_server }} --enable-dns-updates --mkhomedir --request-cert --unattended" + when: + - ipa_check.rc != 0 + + -- cgit v1.2.3