chornberger-c2c · October 9, 2024 10:39
diff --git a/adjoin.yml b/adjoin.yml
 ---
 - hosts: all
  become: true

  vars:
    - addomain: "mydomain"
    - user: "myuser"

  vars_prompt:
    - name: password
      prompt: "AD Passwort für {{ user }}"

  tasks:

    - name: install necessary packages
      yum:
        name:
          - samba-common-tools 
          - realmd 
          - oddjob 
          - oddjob-mkhomedir 
          - sssd 
          - adcli 
          - krb5-workstation
        state: present

    - name: "discover domain {{ addomain }}"
      shell:
        cmd: "realm discover {{ addomain }}"
      register: discover

    - name: print discovery output
      debug:
        msg: "{{ discover.stdout }}"

    - name: "join domain {{ addomain }}"
      shell:
        cmd: "echo {{ password }} | realm join -U {{ user }} {{ addomain }}"
      args:
        creates: /etc/sssd/sssd.conf
      notify: restart sssd

    - name: configure /etc/sssd/sssd.conf - use_fully_qualified_name
      ini_file:
        path: /etc/sssd/sssd.conf
        section: "domain/{{ addomain }}"
        option: use_fully_qualified_name
        value: "False"
        backup: yes
      notify: restart sssd

    - name: configure /etc/sssd/sssd.conf - access_provider
      ini_file:
        path: /etc/sssd/sssd.conf
        section: "domain/{{ addomain }}"
        option: access_provider
        value: simple
        backup: yes
      notify: restart sssd

    - name: configure /etc/sssd/sssd.conf - simple_allow_groups
      ini_file:
        path: /etc/sssd/sssd.conf
        section: "domain/{{ addomain }}"
        option: simple_allow_groups
        value: LinuxAdmins
        backup: yes
      notify: restart sssd

    - name: configure /etc/sssd/sssd.conf - auto_private_groups
      ini_file:
        path: /etc/sssd/sssd.conf
        section: "domain/{{ addomain }}"
        option: auto_private_groups
        value: "True"
        backup: yes
      notify: restart sssd

  handlers:
    - name: restart sssd
      systemd:
        name: sssd
        state: restarted
        enabled: yes
        daemon_reload: yes
	---
	- hosts: all
	become: true

	vars:
	- addomain: "mydomain"
	- user: "myuser"

	vars_prompt:
	- name: password
	prompt: "AD Passwort für {{ user }}"

	tasks:

	- name: install necessary packages
	yum:
	name:
	- samba-common-tools
	- realmd
	- oddjob
	- oddjob-mkhomedir
	- sssd
	- adcli
	- krb5-workstation
	state: present

	- name: "discover domain {{ addomain }}"
	shell:
	cmd: "realm discover {{ addomain }}"
	register: discover

	- name: print discovery output
	debug:
	msg: "{{ discover.stdout }}"

	- name: "join domain {{ addomain }}"
	shell:
	cmd: "echo {{ password }} \| realm join -U {{ user }} {{ addomain }}"
	args:
	creates: /etc/sssd/sssd.conf
	notify: restart sssd

	- name: configure /etc/sssd/sssd.conf - use_fully_qualified_name
	ini_file:
	path: /etc/sssd/sssd.conf
	section: "domain/{{ addomain }}"
	option: use_fully_qualified_name
	value: "False"
	backup: yes
	notify: restart sssd

	- name: configure /etc/sssd/sssd.conf - access_provider
	ini_file:
	path: /etc/sssd/sssd.conf
	section: "domain/{{ addomain }}"
	option: access_provider
	value: simple
	backup: yes
	notify: restart sssd

	- name: configure /etc/sssd/sssd.conf - simple_allow_groups
	ini_file:
	path: /etc/sssd/sssd.conf
	section: "domain/{{ addomain }}"
	option: simple_allow_groups
	value: LinuxAdmins
	backup: yes
	notify: restart sssd

	- name: configure /etc/sssd/sssd.conf - auto_private_groups
	ini_file:
	path: /etc/sssd/sssd.conf
	section: "domain/{{ addomain }}"
	option: auto_private_groups
	value: "True"
	backup: yes
	notify: restart sssd

	handlers:
	- name: restart sssd
	systemd:
	name: sssd
	state: restarted
	enabled: yes
	daemon_reload: yes