grouping tasks with block

tasks/main.yml

@@ -37,25 +37,25 @@
     path: "/home/{{ ad_domain }}"
     mode: 0755
 
-- name: Wipe existing krb5.conf
+- name: Update krb5.conf
-  copy:
+  block:
-    content: ''
+    - copy:
-    dest: /etc/krb5.conf
+        content: ''
-    backup: yes
+        dest: /etc/krb5.conf
+        backup: yes
 
-- name: Create krb5.conf
+    - blockinfile:
-  blockinfile:
+        path: /etc/krb5.conf
-    path: /etc/krb5.conf
+        marker: "###...{mark} adcli {mark}...###"
-    marker: "###...{mark} adcli {mark}...###"
+        block: |
-    block: |
+          [libdefaults]
-      [libdefaults]
+          rdns = false
-      rdns = false
+          default_realm = {{ ad_domain|upper }}
-      default_realm = {{ ad_domain|upper }}
+          dns_lookup_realm = true
-      dns_lookup_realm = true
+          dns_lookup_kdc = true
-      dns_lookup_kdc = true
+          ticket_lifetime = 24h
-      ticket_lifetime = 24h
+          renew_lifetime = 7d
-      renew_lifetime = 7d
+          forwardable = true
-      forwardable = true
 
 - name: Join AD
   shell: echo '{{ ad_joinpw }}' | adcli join --verbose --domain={{ ad_domain|upper }} -U {{ ad_joinusr }} --computer-name={{ ad_netbios_name | default(inventory_hostname) }} --stdin-password 2>&1 | tee /var/log/adcli.log
@@ -63,32 +63,32 @@
 - name: Run authconfig
   shell: authconfig --enablesssd --enablesssdauth --enablemkhomedir --update
 
-- name: Wipe existing sssd.conf
+- name: Update sssd.conf
-  copy:
+  block:
-    content: ''
+    - copy:
-    dest: /etc/sssd/sssd.conf
+        content: ''
-    backup: yes
+        dest: /etc/sssd/sssd.conf
+        backup: yes
 
-- name: Create sssd.conf
+    - blockinfile:
-  blockinfile:
+        path: /etc/sssd/sssd.conf
-    path: /etc/sssd/sssd.conf
+        mode: 0600
-    mode: 0600
+        marker: "###...{mark} adcli {mark}...###"
-    marker: "###...{mark} adcli {mark}...###"
+        block: |
-    block: |
+          [sssd]
-      [sssd]
+          services = nss, pam, ssh, autofs
-      services = nss, pam, ssh, autofs
+          config_file_version = 2
-      config_file_version = 2
+          domains = {{ ad_domain|upper }}
-      domains = {{ ad_domain|upper }}
+          [nss]
-      [nss]
+          filter_groups = dpadmin
-      filter_groups = dpadmin
+          [domain/{{ ad_domain|upper }}]
-      [domain/{{ ad_domain|upper }}]
+          id_provider = ad
-      id_provider = ad
+          default_shell = /bin/bash
-      default_shell = /bin/bash
+          override_homedir = /home/%u
-      override_homedir = /home/%u
+          create_homedir = true
-      create_homedir = true
+          homedir_umask = 077
-      homedir_umask = 077
+          use_fully_qualified_names = false
-      use_fully_qualified_names = false
+          ad_hostname = "{{ ad_netbios_name }}$"
-      ad_hostname = "{{ ad_netbios_name }}$"
 
 - name: Start sssd service
   service:
@@ -100,15 +100,15 @@
   - oddjobd
 
 - name: Enable password auth on sshd
-  replace:
+  block:
-    path: /etc/ssh/sshd_config
+    - replace:
-    regexp: '^PasswordAuthentication.*$'
+        path: /etc/ssh/sshd_config
-    replace: 'PasswordAuthentication yes'
+        regexp: '^PasswordAuthentication.*$'
+        replace: 'PasswordAuthentication yes'
 
-- name: Restart sshd
+    - service:
-  service:
+        name: sshd
-    name: sshd
+        state: restarted
-    state: restarted
 
 - name: Add client group to sudoers
   lineinfile:
@@ -124,5 +124,3 @@
 
 - debug:
     var: idOut.stdout_lines
-
-