grouping tasks with block

2019-02-12 23:33:00 +08:00
parent 0d648cc570
commit 028cb3f83e
1 changed files with 51 additions and 53 deletions
@@ -37,25 +37,25 @@
    path: "/home/{{ ad_domain }}"
    mode: 0755

- name: Wipe existing krb5.conf
-  copy:
-    content: ''
-    dest: /etc/krb5.conf
-    backup: yes
+- name: Update krb5.conf
+  block:
+    - copy:
+        content: ''
+        dest: /etc/krb5.conf
+        backup: yes

- name: Create krb5.conf
-  blockinfile:
-    path: /etc/krb5.conf
-    marker: "###...{mark} adcli {mark}...###"
-    block: |
-      [libdefaults]
-      rdns = false
-      default_realm = {{ ad_domain|upper }}
-      dns_lookup_realm = true
-      dns_lookup_kdc = true
-      ticket_lifetime = 24h
-      renew_lifetime = 7d
-      forwardable = true
+    - blockinfile:
+        path: /etc/krb5.conf
+        marker: "###...{mark} adcli {mark}...###"
+        block: |
+          [libdefaults]
+          rdns = false
+          default_realm = {{ ad_domain|upper }}
+          dns_lookup_realm = true
+          dns_lookup_kdc = true
+          ticket_lifetime = 24h
+          renew_lifetime = 7d
+          forwardable = true

 - name: Join AD
  shell: echo '{{ ad_joinpw }}' | adcli join --verbose --domain={{ ad_domain|upper }} -U {{ ad_joinusr }} --computer-name={{ ad_netbios_name | default(inventory_hostname) }} --stdin-password 2>&1 | tee /var/log/adcli.log
@@ -63,32 +63,32 @@
 - name: Run authconfig
  shell: authconfig --enablesssd --enablesssdauth --enablemkhomedir --update

- name: Wipe existing sssd.conf
-  copy:
-    content: ''
-    dest: /etc/sssd/sssd.conf
-    backup: yes
+- name: Update sssd.conf
+  block:
+    - copy:
+        content: ''
+        dest: /etc/sssd/sssd.conf
+        backup: yes

- name: Create sssd.conf
-  blockinfile:
-    path: /etc/sssd/sssd.conf
-    mode: 0600
-    marker: "###...{mark} adcli {mark}...###"
-    block: |
-      [sssd]
-      services = nss, pam, ssh, autofs
-      config_file_version = 2
-      domains = {{ ad_domain|upper }}
-      [nss]
-      filter_groups = dpadmin
-      [domain/{{ ad_domain|upper }}]
-      id_provider = ad
-      default_shell = /bin/bash
-      override_homedir = /home/%u
-      create_homedir = true
-      homedir_umask = 077
-      use_fully_qualified_names = false
-      ad_hostname = "{{ ad_netbios_name }}$"
+    - blockinfile:
+        path: /etc/sssd/sssd.conf
+        mode: 0600
+        marker: "###...{mark} adcli {mark}...###"
+        block: |
+          [sssd]
+          services = nss, pam, ssh, autofs
+          config_file_version = 2
+          domains = {{ ad_domain|upper }}
+          [nss]
+          filter_groups = dpadmin
+          [domain/{{ ad_domain|upper }}]
+          id_provider = ad
+          default_shell = /bin/bash
+          override_homedir = /home/%u
+          create_homedir = true
+          homedir_umask = 077
+          use_fully_qualified_names = false
+          ad_hostname = "{{ ad_netbios_name }}$"

 - name: Start sssd service
  service:
@@ -100,15 +100,15 @@
  - oddjobd

 - name: Enable password auth on sshd
-  replace:
-    path: /etc/ssh/sshd_config
-    regexp: '^PasswordAuthentication.*$'
-    replace: 'PasswordAuthentication yes'
+  block:
+    - replace:
+        path: /etc/ssh/sshd_config
+        regexp: '^PasswordAuthentication.*$'
+        replace: 'PasswordAuthentication yes'

- name: Restart sshd
-  service:
-    name: sshd
-    state: restarted
+    - service:
+        name: sshd
+        state: restarted

 - name: Add client group to sudoers
  lineinfile:
@@ -124,5 +124,3 @@

 - debug:
    var: idOut.stdout_lines
-
-