diff options
Diffstat (limited to 'roles/ssh-ldap/tasks/main.yml')
-rw-r--r-- | roles/ssh-ldap/tasks/main.yml | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/roles/ssh-ldap/tasks/main.yml b/roles/ssh-ldap/tasks/main.yml new file mode 100644 index 00000000..cc1ba17f --- /dev/null +++ b/roles/ssh-ldap/tasks/main.yml @@ -0,0 +1,49 @@ +- name: Install packages + apt: pkg={{item}} state=installed + with_items: + - libnss-db + - libnss-ldap + - libpam-ccreds + - nss-updatedb + - python-ldap + +- name: Copy linaro_ldap script + copy: src=linaro_ldap.py dest=/usr/lib/python2.7/dist-packages mode=555 owner=root + +- name: Copy ssh_keys.py script + copy: src=ssh_keys.py dest=/etc/ssh/ssh_keys.py mode=555 owner=root + register: ssh_keys + +- name: Configure ldap.conf + template: src=ldap.conf dest=/etc/ + +- name: See if offline LDAP cache exists + stat: path=/var/lib/misc/group.db + register: cache + +- name: Generate offline LDAP cache + when: cache.stat.exists == False or ssh_keys.changed + command: /etc/ssh/ssh_keys.py --sync {{ldap_cache_url}} + +- name: Configure nsswitch.conf + copy: src=nsswitch.conf dest=/etc/ + +- name: Configure sudoers + template: src=ansible_sudoers dest=/etc/sudoers.d/ + mode=0400 owner=root + +- name: Enable home directory creation + copy: src=mkhomedir dest=/usr/share/pam-configs/ + register: mkhomedir + +- name: Update pam-auth-update + when: mkhomedir is defined and mkhomedir.changed + command: pam-auth-update --force --package + +- name: Configure sshd (authorized keys and allowgroups) + template: src=sshd_config dest=/etc/ssh/ + notify: + - restart-sshd + +- name: Add cron job for syncing with LDAP + template: src=cron.d dest=/etc/cron.d/ldap-sync |