transcaffeine/nscd-nslcd #2

Open
transcaffeine wants to merge 2 commits from transcaffeine/nscd-nslcd into main
8 changed files with 177 additions and 0 deletions

View File

@ -0,0 +1,41 @@
---
nscd_config_file: /etc/nscd.conf
nscd_config_password_enable_cache: true
nscd_config_password_positive_ttl_seconds: 300
nscd_config_password_negative_ttl_seconds: 10
nscd_config_password_suggested_size: 221
nscd_config_password_check_files: true
nscd_config_password_persistent: true
nscd_config_password_shared: true
nscd_config_password_max_db_size_bytes: 33554432
nscd_config_password_auto_propagate: yes
nscd_config_group_enable_cache: true
nscd_config_group_positive_ttl_seconds: 900
nscd_config_group_negative_ttl_seconds: 30
nscd_config_group_suggested_size: 221
nscd_config_group_check_files: true
nscd_config_group_persistent: true
nscd_config_group_shared: true
nscd_config_group_max_db_size_bytes: 33554432
nscd_config_group_auto_propagate: yes
nscd_config_hosts_enable_cache: true
nscd_config_hosts_positive_ttl_seconds: 1800
nscd_config_hosts_negative_ttl_seconds: 60
nscd_config_hosts_suggested_size: 221
nscd_config_hosts_check_files: true
nscd_config_hosts_persistent: true
nscd_config_hosts_shared: true
nscd_config_hosts_max_db_size_bytes: 33554432
nscd_config_services_enable_cache: true
nscd_config_services_positive_ttl_seconds: 28800
nscd_config_services_negative_ttl_seconds: 20
nscd_config_services_suggested_size: 221
nscd_config_services_check_files: true
nscd_config_services_persistent: true
nscd_config_services_shared: true
nscd_config_services_max_db_size_bytes: 33554432

27
roles/nscd/tasks/main.yml Normal file
View File

@ -0,0 +1,27 @@
---
- name: Make sure nscd is installed
apt:
name: "{{ nscd_apt_package_name }}"
state: present
when: ansible_facts['pkg_mgr'] == 'apt'
- name: Ensure nscd is configured
template:
src: nscd.conf.j2
dest: "{{ nscd_config_file }}"
owner: root
group: root
mode: "0640"
- name: Ensure systemd service is enabled
systemd:
service: "{{ nscd_systemd_service_name }}"
enabled: true
when: ansible_facts['service_mgr'] == 'systemd'
- name: Ensure systemd service is started
systemd:
service: "{{ nscd_systemd_service_name }}"
state: started
when: ansible_facts['service_mgr'] == 'systemd'

View File

@ -0,0 +1,41 @@
#logfile /var/log/nscd.log
#threads 4
#max-threads 32
enable-cache passwd {{ nscd_config_passwd_auto_propagate | ternary('yes', 'no') }}
positive-time-to-live passwd {{ nscd_config_passwd_positive_ttl_seconds }}
negative-time-to-live passwd {{ nscd_config_passwd_negative_ttl_seconds }}
suggested-size passwd {{ nscd_config_passwd_suggested_size }}
check-files passwd {{ nscd_config_passwd_check_files | ternary('yes', 'no') }}
persistent passwd {{ nscd_config_passwd_persistent | ternary('yes', 'no') }}
shared passwd {{ nscd_config_passwd_shared | ternary('yes', 'no') }}
max-db-size passwd {{ nscd_config_passwd_max_db_size_bytes }}
auto-propagate passwd {{ nscd_config_passwd_auto_propagate | ternary('yes', 'no') }}
enable-cache group {{ nscd_config_group_auto_propagate | ternary('yes', 'no') }}
positive-time-to-live group {{ nscd_config_group_positive_ttl_seconds }}
negative-time-to-live group {{ nscd_config_group_negative_ttl_seconds }}
suggested-size group {{ nscd_config_group_suggested_size }}
check-files group {{ nscd_config_group_check_files | ternary('yes', 'no') }}
persistent group {{ nscd_config_group_persistent | ternary('yes', 'no') }}
shared group {{ nscd_config_group_shared | ternary('yes', 'no') }}
max-db-size group {{ nscd_config_group_max_db_size_bytes }}
auto-propagate group {{ nscd_config_group_auto_propagate | ternary('yes', 'no') }}
enable-cache hosts {{ nscd_config_hosts_auto_propagate | ternary('yes', 'no') }}
positive-time-to-live hosts {{ nscd_config_hosts_positive_ttl_seconds }}
negative-time-to-live hosts {{ nscd_config_hosts_negative_ttl_seconds }}
suggested-size hosts {{ nscd_config_hosts_suggested_size }}
check-files hosts {{ nscd_config_hosts_check_files | ternary('yes', 'no') }}
persistent hosts {{ nscd_config_hosts_persistent | ternary('yes', 'no') }}
shared hosts {{ nscd_config_hosts_shared | ternary('yes', 'no') }}
max-db-size hosts {{ nscd_config_hosts_max_db_size_bytes }}
enable-cache services {{ nscd_config_services_auto_propagate | ternary('yes', 'no') }}
positive-time-to-live services {{ nscd_config_services_positive_ttl_seconds }}
negative-time-to-live services {{ nscd_config_services_negative_ttl_seconds }}
suggested-size services {{ nscd_config_services_suggested_size }}
check-files services {{ nscd_config_services_check_files | ternary('yes', 'no') }}
persistent services {{ nscd_config_services_persistent | ternary('yes', 'no') }}
shared services {{ nscd_config_services_shared | ternary('yes', 'no') }}
max-db-size services {{ nscd_config_services_max_db_size_bytes }}

4
roles/nscd/vars/main.yml Normal file
View File

@ -0,0 +1,4 @@
---
nscd_apt_package_name: nscd
nscd_systemd_service_name: nscd.service

View File

@ -0,0 +1,20 @@
---
nslcd_config_uid: nslcd
nslcd_config_gid: nslcd
nslcd_config_ldap_uri: ldaps://127.0.0.1
nslcd_config_ldap_base: ~
nslcd_config_ldap_scope: sub
nslcd_config_ldap_version: 3
nslcd_config_ldap_bind_dn: ~
nslcd_config_ldap_bind_pw: ~
nslcd_config_ldap_root_pw_mod_dn: ~
nslcd_config_ldap_ssl: on
nslcd_config_ldap_tls_reqcert: always
nslcd_config_ldap_tls_cacertfile: /etc/ssl/certs/ca-certificates.crt
nslcd_config_pam_authz_search: >-2
(&(objectClass=posixAccount)(uid=$username)(|
(host=$hostname)(host=$fqdn)
))

View File

@ -0,0 +1,27 @@
---
- name: Ensure nslcd is installed
apt:
name: "{{ nslcd_apt_package_name }}"
state: present
when: ansible_facts['pkg_mgr'] == 'apt'
- name: Ensure config is templated
template:
src: nslcd.conf.j2
dest: /etc/nslcd.conf
owner: root
group: root
mode: "0640"
- name: Ensure systemd service is enabled
systemd:
service: "{{ nslcd_systemd_service_name }}"
enabled: true
when: ansible_facts['service_mgr'] == 'systemd'
- name: Ensure systemd service is running
systemd:
service: "{{ nslcd_systemd_service_name }}"
state: started
when: ansible_facts['service_mgr'] == 'systemd'

View File

@ -0,0 +1,17 @@
uid {{ nslcd_config_uid }}
gid {{ nslcd_config_gid }}
uri {{ nslcd_config_ldap_uri }}
base {{ nslcd_config_ldap_base }}
binddn {{ nslcd_config_ldap_bind_dn }}
bindpw {{ nslcd_config_ldap_bind_pw }}
ldap_version {{ nslcd_config_ldap_version }}
rootpwmoddn {{ nslcd_config_ldap_root_pw_mod_dn }}
ssl {{ nslcd_config_ldap_ssl }}
tls_reqcert {{ nslcd_config_ldap_tls_reqcert }}
tls_cacertfile {{ nslcd_config_ldap_tls_cacertfile }}
scope {{ nslcd_config_ldap_scope }}
pam_authz_search {{ nslcd_config_ldap_pam_authz_search }}

View File