From 7722bc6a8587dfa27107219109e162f288c634d6 Mon Sep 17 00:00:00 2001 From: Kahu Anderson Date: Fri, 19 Jan 2024 13:50:45 +1300 Subject: [PATCH] small changes and updates --- deployment.sh | 3 +- destroy-k8s-cluster.yml | 3 +- roles/ldap_client/tasks/debian.yml | 48 ++++++++++++++++++++++++++++ roles/ldap_client/tasks/main.yml | 50 +++--------------------------- roles/ldap_client/tasks/redhat.yml | 48 ++++++++++++++++++++++++++++ 5 files changed, 103 insertions(+), 49 deletions(-) create mode 100644 roles/ldap_client/tasks/debian.yml create mode 100644 roles/ldap_client/tasks/redhat.yml diff --git a/deployment.sh b/deployment.sh index 2bc1cdc..37e5f0b 100755 --- a/deployment.sh +++ b/deployment.sh @@ -2,7 +2,8 @@ case $1 in "destroy") - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook destroy-k8s-cluster.yml + ansible-playbook setup-infra.yml -e operation=create -e terraform_workspace=${2:-default} + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i host.ini destroy-k8s-cluster.yml -e terraform_workspace=${2:-default} ansible-playbook configure-route53.yml -e operation=destroy -e terraform_workspace=${2:-default} ansible-playbook setup-infra.yml -e operation=destroy -e terraform_workspace=${2:-default} ;; diff --git a/destroy-k8s-cluster.yml b/destroy-k8s-cluster.yml index b47ed0e..64fdb04 100644 --- a/destroy-k8s-cluster.yml +++ b/destroy-k8s-cluster.yml @@ -1,4 +1,4 @@ -- hosts: localhost +- hosts: servicesnode vars: terraform_workspace: default tasks: @@ -6,6 +6,5 @@ shell: >- kubectl delete cluster {{ terraform_workspace }} when: - - (operation == "destroy") - "enable_k8s_openondemand|default(false)|bool == true" register: destroy diff --git a/roles/ldap_client/tasks/debian.yml b/roles/ldap_client/tasks/debian.yml new file mode 100644 index 0000000..67d683f --- /dev/null +++ b/roles/ldap_client/tasks/debian.yml @@ -0,0 +1,48 @@ +--- +- name: Full system upgrade + apt: + update_cache: yes + cache_valid_time: 3600 + upgrade: dist + +- name: Install LDAP client packages + apt: + name: + - libpam-ldap + - ldap-utils + - nscd + - nslcd + - libnss-ldapd + state: present + +- name: Configure nslcd uri + lineinfile: + path: /etc/nslcd.conf + regexp: '^uri' + line: 'uri ldap://{{ hostvars["servicesnode"]["ansible_default_ipv4"]["address"] }}/' + notify: restart nslcd + +- name: Configure basedn + lineinfile: + path: /etc/nslcd.conf + regexp: '^base' + line: 'base {{ ldap_base_dn }}' + notify: restart nslcd + +- name: Configure passwd in nsswitch.conf + lineinfile: + path: /etc/nsswitch.conf + regexp: '^passwd:' + line: 'passwd: files systemd ldap' + +- name: Configure group in nsswitch.conf + lineinfile: + path: /etc/nsswitch.conf + regexp: '^group:' + line: 'group: files systemd ldap' + +- name: Configure common-password + replace: + path: /etc/pam.d/common-password + regexp: '(use_authtok\s*)' + replace: '' diff --git a/roles/ldap_client/tasks/main.yml b/roles/ldap_client/tasks/main.yml index 645ef1c..3f1d5e0 100644 --- a/roles/ldap_client/tasks/main.yml +++ b/roles/ldap_client/tasks/main.yml @@ -1,48 +1,6 @@ --- -- name: Full system upgrade - apt: - update_cache: yes - cache_valid_time: 3600 - upgrade: dist - -- name: Install LDAP client packages - apt: - name: - - libpam-ldap - - ldap-utils - - nscd - - nslcd - - libnss-ldapd - state: present +- import_tasks: debian.yml + when: ansible_os_family == "Debian" -- name: Configure nslcd uri - lineinfile: - path: /etc/nslcd.conf - regexp: '^uri' - line: 'uri ldap://servicesnode.flexi.nesi/' - notify: restart nslcd - -- name: Configure basedn - lineinfile: - path: /etc/nslcd.conf - regexp: '^base' - line: 'base {{ ldap_base_dn }}' - notify: restart nslcd - -- name: Configure passwd in nsswitch.conf - lineinfile: - path: /etc/nsswitch.conf - regexp: '^passwd:' - line: 'passwd: files systemd ldap' - -- name: Configure group in nsswitch.conf - lineinfile: - path: /etc/nsswitch.conf - regexp: '^group:' - line: 'group: files systemd ldap' - -- name: Configure common-password - replace: - path: /etc/pam.d/common-password - regexp: '(use_authtok\s*)' - replace: '' +- import_tasks: redhat.yml + when: ansible_os_family == "RedHat" \ No newline at end of file diff --git a/roles/ldap_client/tasks/redhat.yml b/roles/ldap_client/tasks/redhat.yml new file mode 100644 index 0000000..b087fdf --- /dev/null +++ b/roles/ldap_client/tasks/redhat.yml @@ -0,0 +1,48 @@ +--- +- name: Full system upgrade + dnf: + update_cache: yes + cache_valid_time: 3600 + upgrade: dist + +- name: Install LDAP client packages + dnf: + name: + - libpam-ldap + - ldap-utils + - nscd + - nslcd + - libnss-ldapd + state: present + +- name: Configure nslcd uri + lineinfile: + path: /etc/nslcd.conf + regexp: '^uri' + line: 'uri ldap://{{ hostvars["servicesnode"]["ansible_default_ipv4"]["address"] }}/' + notify: restart nslcd + +- name: Configure basedn + lineinfile: + path: /etc/nslcd.conf + regexp: '^base' + line: 'base {{ ldap_base_dn }}' + notify: restart nslcd + +- name: Configure passwd in nsswitch.conf + lineinfile: + path: /etc/nsswitch.conf + regexp: '^passwd:' + line: 'passwd: files systemd ldap' + +- name: Configure group in nsswitch.conf + lineinfile: + path: /etc/nsswitch.conf + regexp: '^group:' + line: 'group: files systemd ldap' + +- name: Configure common-password + replace: + path: /etc/pam.d/common-password + regexp: '(use_authtok\s*)' + replace: ''