updated auth for new ansible playbook

2016-06-02 13:17:41 -04:00 · 2016-06-02 13:17:41 -04:00 · c7c669c6fa
parent 1cb9bd08ba
commit c7c669c6fa
5 changed files with 35 additions and 4 deletions
--- a/install-office-terminal.yml
+++ b/install-office-terminal.yml
@ -9,5 +9,5 @@
      - devel
      - generate-hosts
      - auth
-      - nfs
      - csc-packages
+      - nfs
--- a/roles/auth/files/GlobalSign_Intermediate_Root_SHA256_G2.pem
+++ b/roles/auth/files/GlobalSign_Intermediate_Root_SHA256_G2.pem
@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw
+MDBaFw0yNDAyMjAxMDAwMDBaMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW
+YWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDHDmw/I5N/zHClnSDDDlM/fsBOwphJykfVI+8DNIV0yKMCLkZc
+C33JiJ1Pi/D4nGyMVTXbv/Kz6vvjVudKRtkTIso21ZvBqOOWQ5PyDLzm+ebomchj
+SHh/VzZpGhkdWtHUfcKc1H/hgBKueuqI6lfYygoKOhJJomIZeg0k9zfrtHOSewUj
+mxK1zusp36QUArkBpdSmnENkiN74fv7j9R7l/tyjqORmMdlMJekYuYlZCa7pnRxt
+Nw9KHjUgKOKv1CGLAcRFrW4rY6uSa2EKTSDtc7p8zv4WtdufgPDWi2zZCHlKT3hl
+2pK8vjX5s8T5J4BO/5ZS5gIg4Qdz6V0rvbLxAgMBAAGjggElMIIBITAOBgNVHQ8B
+Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUlt5h8b0cFilT
+HMDMfTuDAEDmGnwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0
+dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCow
+KKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYB
+BQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNv
+bS9yb290cjEwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZI
+hvcNAQELBQADggEBAEYq7l69rgFgNzERhnF0tkZJyBAW/i9iIxerH4f4gu3K3w4s
+32R1juUYcqeMOovJrKV3UPfvnqTgoI8UV6MqX+x+bRDmuo2wCId2Dkyy2VG7EQLy
+XN0cvfNVlg/UBsD84iOKJHDTu/B5GqdhcIOKrwbFINihY9Bsrk8y1658GEV1BSl3
+30JAZGSGvip2CTFvHST0mdCF/vIhCPnG9vHQWe3WVjwIKANnuvD58ZAWR65n5ryA
+SOlCdjSXVWkkDoPWoC209fN5ikkodBpBocLTJIg1MGCUF7ThBCIxPTsvFwayuJ2G
+K1pp74P1S8SqtCr4fKGxhZSM9AyHDPSsQPhZSZg=
+-----END CERTIFICATE-----
--- a/roles/auth/tasks/main.yml
+++ b/roles/auth/tasks/main.yml
@ -19,13 +19,16 @@
      - libpam-sss

 - name: copy over configs
-  template: src={{ item.src }} dest={{ item.dest }}
+  copy: src={{ item.src }} dest={{ item.dest }}
  with_items:
      - { src: 'krb5.conf', dest: '/etc/krb5.conf' }
      - { src: 'ldap.conf', dest: '/etc/ldap/ldap.conf' }
      - { src: 'sssd.conf', dest: '/etc/sssd/sssd.conf' }
      - { src: 'sshd_config', dest: '/etc/ssh/sshd_config' }
      - { src: 'ssh_config', dest: '/etc/ssh/ssh_config' }
+      - { src: 'GlobalSign_Intermediate_Root_SHA256_G2.pem', dest: '/etc/ssl/certs/GlobalSign_Intermediate_Root_SHA256_G2.pem' }
+- name: make sssd.conf accessable only by root
+  file: path=/etc/sssd/sssd.conf owner=root group=root mode=0600

 - name: configure PAM for syscom machine
  when: syscom
--- a/roles/auth/vars/main.yml
+++ b/roles/auth/vars/main.yml
@ -0,0 +1,2 @@
+---
+syscom: False
--- a/roles/devel/tasks/main.yml
+++ b/roles/devel/tasks/main.yml
@ -278,7 +278,7 @@
 -   name: Install misc libs
    apt: name={{ item }} state=latest
    with_items:
-        - libpam2-dev
+        - libldap2-dev
        - libpam0g-dev
        - comerr-dev
        - e2fslibs-dev