From d43e99a7f34e00ba785fe428073c28997cc9a0c1 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Tue, 20 Nov 2018 23:33:24 +0100 Subject: [PATCH] add tasks to setup system roles and acls --- defaults/main.yml | 15 +++++++++++++++ tasks/filesystem.yml | 10 ++++++++++ tasks/main.yml | 2 ++ tasks/users_groups.yml | 9 +++++++++ 4 files changed, 36 insertions(+) create mode 100644 tasks/filesystem.yml create mode 100644 tasks/users_groups.yml diff --git a/defaults/main.yml b/defaults/main.yml index 70f4e55..2acbca5 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -7,3 +7,18 @@ ucs_tls_certs_dir: /etc/pki/tls/certs ucs_tls_key_dir: /etc/pki/tls/private ucs_tls_cert_path: /etc/pki/tls/certs/mycert.pem ucs_tls_key_path: /etc/pki/tls/private/mykey.pem + +# ucs_filesystem_acl: +# - path: /shares/mydocuments # needs to be set +# entity: john # needs to be set +# etype: user # needs to be set +# permissions: rw # needs to be set +# state: # defaults to 'query' +# recursive: # defaults to 'no' + +# ucs_system_groups: +# - name: fs-mydocuments-rw # needs to be set +# description: # defaults to not set +# subpath: # defaults to not set +# ou: # defaults to not set +# state: # defaults to 'present' diff --git a/tasks/filesystem.yml b/tasks/filesystem.yml new file mode 100644 index 0000000..d190214 --- /dev/null +++ b/tasks/filesystem.yml @@ -0,0 +1,10 @@ +--- +- name: Set acl for shares + acl: + path: "{{ item.path }}" + entity: "{{ item.entity }}" + etype: "{{ item.etype }}" + permissions: "{{ item.permissions }}" + state: "{{ item.state | default('query') }}" + recursive: "{{ item.recursive | default('no') }}" + with_items: "{{ ucs_filesystem_acl | default([]) }}" diff --git a/tasks/main.yml b/tasks/main.yml index 3730440..a9750bc 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,3 +1,5 @@ --- +- include_tasks: users_groups.yml +- include_tasks: filesystem.yml - import_tasks: tls.yml tags: tls_renewal diff --git a/tasks/users_groups.yml b/tasks/users_groups.yml new file mode 100644 index 0000000..97b0a1e --- /dev/null +++ b/tasks/users_groups.yml @@ -0,0 +1,9 @@ +--- +- name: Create system groups + udm_group: + name: "{{ item.name }}" + description: "{{ item.description | default(omit) }}" + subpath: "{{ item.subpath | default(omit) }}" + ou: "{{ item.ou | default(omit) }}" + state: "{{ item.state | default('present') }}" + with_items: "{{ ucs_system_groups | default([]) }}"