amad00
2/4/2020 - 9:00 PM
Ansiable
apt-get update
apt-get install python3-pip -y
pip3 install ansible
ansible --version
pip3 install pywinrm
pip3 install pywinrm[credssp]
mkdir /etc/ansible[base]
Target name
[base:vars]
ansible_user="c.chambliss@nbsupply.com"
ansible_password="PW"
ansible_connection=winrm
ansible_winrm_transport=credssp
ansible_winrm_server_cert_validation=ignoremake sure networking and DNS are in order
use NTP for time sync-
Then
apt-get install samba krb5-config krb5-user winbind libpam-winbind libnss-winbind
window will pop up for domain name
then
kinit ad_admin_user
klist
- name: Install winbind packages
apt:
name: "{{ packages }}"
update_cache: yes
vars:
packages:
- krb5-config
- krb5-user
- libnss-winbind
- libpam-winbind
- resolvconf
- samba
- smbclient
- winbind
- name: Upload kerberos config
copy:
src: ../../../files/krb5.conf
dest: /etc/krb5.conf
owner: root
group: root
mode: '0644'
backup: yes
- name: Upload samba config
copy:
src: "../../../files/smb.{{short_host}}.conf"
dest: /etc/samba/smb.conf
owner: root
group: root
mode: '0644'
backup: yes
- name: Reload systemd configs
systemd:
daemon_reload: yes
- name: Stop AD services
systemd:
state: stopped
name: samba-ad-dc
- name: Restart and enable samba service
systemd:
state: restarted
name: smbd
enabled: yes
- name: Restart and enable netbios service
systemd:
state: restarted
name: nmbd
enabled: yes
- name: Join domain
shell: |
net ads join -U ansible_service%kK8IsGKzt5TOofw
touch /etc/adjoined
args:
creates: /etc/adjoined
- name: Upload nsswitch config
copy:
src: ../../../files/nsswitch.conf
dest: /etc/nsswitch.conf
owner: root
group: root
mode: '0644'
backup: yes
- name: Restart and enable winbind service
systemd:
state: restarted
name: winbind
enabled: yes
#TODO: run pam-auth-update and select all options; script this out later
- name: Add root privileges for domain group
blockinfile:
path: /etc/sudoers
block: |
%cachadmins ALL=(ALL:ALL) ALL
insertafter: EOF- name: Setup endeca cache servers
hosts: "debian:&endeca"
become: yes
become_user: root
become_method: sudo
vars_files:
- ../creds/ad_service.yml
tasks:
- name: Set shorthostname
import_tasks: ../tasks/shorthostname.yml
- name: Set timesync
import_tasks: ../tasks/debian/timesync.yml
- name: Base setup
import_tasks: ../tasks/debian/base.yml
- name: Setup desktop central linux agent
import_tasks: ../tasks/desktopcentral.yml
- name: Set symlinks
import_tasks: ../tasks/debian/symlinks.yml
- name: Configure active directory
import_tasks: ../tasks/debian/ubuntu/winbind.yml
- name: Install postgres
import_tasks: ../tasks/debian/postgres-concourse.yml
- name: Install docker
import_tasks: ../tasks/debian/ubuntu/docker.yml
- name: Setup concourse
import_tasks: ../tasks/debian/concourse-temp.yml
- name: Install endeca
import_tasks: ../tasks/endeca.yml
- name: Debug
import_tasks: ../tasks/debug.yml
handlers:
- name: Reload nginx
systemd:
state: reloaded
name: nginx