From 028cb3f83e508e60c668921754b6451bd38ea75f Mon Sep 17 00:00:00 2001 From: x p k Date: Tue, 12 Feb 2019 23:33:00 +0800 Subject: [PATCH] grouping tasks with block --- tasks/main.yml | 104 ++++++++++++++++++++++++------------------------- 1 file changed, 51 insertions(+), 53 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index b5f51ad..3327ccf 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -37,25 +37,25 @@ path: "/home/{{ ad_domain }}" mode: 0755 -- name: Wipe existing krb5.conf - copy: - content: '' - dest: /etc/krb5.conf - backup: yes +- name: Update krb5.conf + block: + - copy: + content: '' + dest: /etc/krb5.conf + backup: yes -- name: Create krb5.conf - blockinfile: - path: /etc/krb5.conf - marker: "###...{mark} adcli {mark}...###" - block: | - [libdefaults] - rdns = false - default_realm = {{ ad_domain|upper }} - dns_lookup_realm = true - dns_lookup_kdc = true - ticket_lifetime = 24h - renew_lifetime = 7d - forwardable = true + - blockinfile: + path: /etc/krb5.conf + marker: "###...{mark} adcli {mark}...###" + block: | + [libdefaults] + rdns = false + default_realm = {{ ad_domain|upper }} + dns_lookup_realm = true + dns_lookup_kdc = true + ticket_lifetime = 24h + renew_lifetime = 7d + forwardable = true - name: Join AD shell: echo '{{ ad_joinpw }}' | adcli join --verbose --domain={{ ad_domain|upper }} -U {{ ad_joinusr }} --computer-name={{ ad_netbios_name | default(inventory_hostname) }} --stdin-password 2>&1 | tee /var/log/adcli.log @@ -63,32 +63,32 @@ - name: Run authconfig shell: authconfig --enablesssd --enablesssdauth --enablemkhomedir --update -- name: Wipe existing sssd.conf - copy: - content: '' - dest: /etc/sssd/sssd.conf - backup: yes +- name: Update sssd.conf + block: + - copy: + content: '' + dest: /etc/sssd/sssd.conf + backup: yes -- name: Create sssd.conf - blockinfile: - path: /etc/sssd/sssd.conf - mode: 0600 - marker: "###...{mark} adcli {mark}...###" - block: | - [sssd] - services = nss, pam, ssh, autofs - config_file_version = 2 - domains = {{ ad_domain|upper }} - [nss] - filter_groups = dpadmin - [domain/{{ ad_domain|upper }}] - id_provider = ad - default_shell = /bin/bash - override_homedir = /home/%u - create_homedir = true - homedir_umask = 077 - use_fully_qualified_names = false - ad_hostname = "{{ ad_netbios_name }}$" + - blockinfile: + path: /etc/sssd/sssd.conf + mode: 0600 + marker: "###...{mark} adcli {mark}...###" + block: | + [sssd] + services = nss, pam, ssh, autofs + config_file_version = 2 + domains = {{ ad_domain|upper }} + [nss] + filter_groups = dpadmin + [domain/{{ ad_domain|upper }}] + id_provider = ad + default_shell = /bin/bash + override_homedir = /home/%u + create_homedir = true + homedir_umask = 077 + use_fully_qualified_names = false + ad_hostname = "{{ ad_netbios_name }}$" - name: Start sssd service service: @@ -100,15 +100,15 @@ - oddjobd - name: Enable password auth on sshd - replace: - path: /etc/ssh/sshd_config - regexp: '^PasswordAuthentication.*$' - replace: 'PasswordAuthentication yes' + block: + - replace: + path: /etc/ssh/sshd_config + regexp: '^PasswordAuthentication.*$' + replace: 'PasswordAuthentication yes' -- name: Restart sshd - service: - name: sshd - state: restarted + - service: + name: sshd + state: restarted - name: Add client group to sudoers lineinfile: @@ -124,5 +124,3 @@ - debug: var: idOut.stdout_lines - -