Commit f9832045 authored by Elena Grandi's avatar Elena Grandi
Browse files

fuss-server-defaults.yaml for advanced configuration knobs

parent 574a4d6c
......@@ -26,6 +26,7 @@
hosts: all
vars_files:
- /etc/fuss-server/fuss-server.yaml
- /etc/fuss-server/fuss-server-defaults.yaml
roles:
- common
- cp-common
......
......@@ -26,6 +26,7 @@
hosts: all
vars_files:
- /etc/fuss-server/fuss-server.yaml
- /etc/fuss-server/fuss-server-defaults.yaml
vars:
# TODO: decide if this is always true, otherwise set it in the file above
pxe_server: true
......
......@@ -26,6 +26,7 @@
hosts: all
vars_files:
- /etc/fuss-server/fuss-server.yaml
- /etc/fuss-server/fuss-server-defaults.yaml
- "{{playbook_dir}}/roles/common/defaults/main.yml"
- "{{playbook_dir}}/roles/slapd/defaults/main.yml"
tasks:
......@@ -63,5 +64,3 @@
debug:
with_lines:
- "{{script_dir}}/reset-ssl-ca {{ca_name}} {{ca_dir}}"
\ No newline at end of file
......@@ -121,7 +121,7 @@
path: /etc/bind/named.conf.options
regex: 'dnssec-validation auto;'
line: 'dnssec-validation no;'
when: bad_provider is defined
when: bad_provider is defined and bad_provider
- name: Create directory for bind9 /etc/default workaround
file:
......
......@@ -39,14 +39,14 @@ tls_cacertfile /etc/ssl/certs/ca-certificates.crt
# The search scope.
#scope sub
{% if filter is defined %}
{% if ldap_filter is defined and ldap_filter %}
# adding user filtering
filter passwd {{ filter }}
filter shadow {{ filter }}
filter passwd {{ ldap_filter }}
filter shadow {{ ldap_filter }}
{% endif %}
{% if gfilter is defined %}
{% if ldap_gfilter is defined and ldap_gfilter %}
# adding group filtering
filter group {{ gfilter }}
filter group {{ ldap_gfilter }}
{% endif %}
......@@ -67,7 +67,7 @@
# define smb_pass_policy var in defaults if you want to enable this
- name: Setup samba password policy
command: pdbedit -P "{{item.key}}" -C "{{item.value}}"
when: smb_pass_policy is defined
when: smb_pass_policy is defined and smb_pass_policy
with_items:
- { key: 'maximum password age', value: 175 }
- { key: 'password history', value: 3 }
......
......@@ -331,7 +331,7 @@
#======================= Other Share Definitions =======================
{% if samba_data_share is defined %}
{% if samba_data_share is defined and samba_data_share%}
# public share for client data
[client-data]
path = {{samba_data_share}}
......
......@@ -168,7 +168,7 @@ shadowAccount="1"
# Default password validation time (time in days) Comment the next line if
# you don't want password to be enable for defaultMaxPasswordAge days (be
# careful to the sambaPwdMustChange attribute's value)
{% if pass_age is defined %}
{% if pass_age is defined and pass_age %}
defaultMaxPasswordAge="{{ pass_age }}"
{% endif %}
......
......@@ -26,6 +26,7 @@
hosts: all
vars_files:
- /etc/fuss-server/fuss-server.yaml
- /etc/fuss-server/fuss-server-defaults.yaml
roles:
- common
- bind
......
#
# Configuration file for custom properties of the fuss server
#
# These options should work in most cases, and only need changing in very
# specific situations.
#
# enable samba password expiry
smb_pass_policy: no
# enable unix password expiry (time in days)
pass_age: ''
# path for the client-data share
samba_data_share: ''
# allowed LDAP users
ldap_filter: ''
# allowed LDAP groups
ldap_gfilter: ''
# disable DNSSEC
bad_provider: no
ansible/fuss-server usr/bin
ansible/* usr/share/fuss-server/
conf/fuss-server-defaults.yaml etc/fuss-server/
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment