|
1
|
|
|
2
|
PLAY [Configure a FUSS Server.] ************************************************
|
|
3
|
|
|
4
|
TASK [setup] *******************************************************************
|
|
5
|
ok: [localhost]
|
|
6
|
|
|
7
|
TASK [common : Clean package list] *********************************************
|
|
8
|
|
|
9
|
TASK [common : Install base packages] ******************************************
|
|
10
|
included: /usr/share/fuss-server/includes/install-package-apt.yml for localhost
|
|
11
|
included: /usr/share/fuss-server/includes/install-package-apt.yml for localhost
|
|
12
|
included: /usr/share/fuss-server/includes/install-package-apt.yml for localhost
|
|
13
|
included: /usr/share/fuss-server/includes/install-package-apt.yml for localhost
|
|
14
|
included: /usr/share/fuss-server/includes/install-package-apt.yml for localhost
|
|
15
|
included: /usr/share/fuss-server/includes/install-package-apt.yml for localhost
|
|
16
|
included: /usr/share/fuss-server/includes/install-package-apt.yml for localhost
|
|
17
|
included: /usr/share/fuss-server/includes/install-package-apt.yml for localhost
|
|
18
|
|
|
19
|
TASK [common : Install package jed,less,screen,links,wget,rsync,bzip2,unzip,strace,lsof by apt] ***
|
|
20
|
ok: [localhost]
|
|
21
|
|
|
22
|
TASK [common : register packages] **********************************************
|
|
23
|
|
|
24
|
TASK [common : Install package tcpdump,netcat,iputils-arping,nmap,iproute2,mtr-tiny,traceroute by apt] ***
|
|
25
|
ok: [localhost]
|
|
26
|
|
|
27
|
TASK [common : register packages] **********************************************
|
|
28
|
|
|
29
|
TASK [common : Install package netmask,iptraf-ng,dnsutils,python-ipaddr by apt]
|
|
30
|
ok: [localhost]
|
|
31
|
|
|
32
|
TASK [common : register packages] **********************************************
|
|
33
|
|
|
34
|
TASK [common : Install package iotop,iftop,atop,hdparm,pciutils by apt] ********
|
|
35
|
ok: [localhost]
|
|
36
|
|
|
37
|
TASK [common : register packages] **********************************************
|
|
38
|
|
|
39
|
TASK [common : Install package apt-listchanges,sudo,molly-guard by apt] ********
|
|
40
|
ok: [localhost]
|
|
41
|
|
|
42
|
TASK [common : register packages] **********************************************
|
|
43
|
|
|
44
|
TASK [common : Install package apticron,witalian,easy-rsa,ssl-cert by apt] *****
|
|
45
|
ok: [localhost]
|
|
46
|
|
|
47
|
TASK [common : register packages] **********************************************
|
|
48
|
|
|
49
|
TASK [common : Install package tiger,chkrootkit,libpam-cracklib by apt] ********
|
|
50
|
ok: [localhost]
|
|
51
|
|
|
52
|
TASK [common : register packages] **********************************************
|
|
53
|
|
|
54
|
TASK [common : Install package openssl,clusterssh,fuse by apt] *****************
|
|
55
|
ok: [localhost]
|
|
56
|
|
|
57
|
TASK [common : register packages] **********************************************
|
|
58
|
|
|
59
|
TASK [common : Read all interface addresses + subnet] **************************
|
|
60
|
changed: [localhost] => (item=eth0)
|
|
61
|
changed: [localhost] => (item=eth1)
|
|
62
|
|
|
63
|
TASK [common : Load all network configuration into yaml] ***********************
|
|
64
|
ok: [localhost]
|
|
65
|
|
|
66
|
TASK [common : Set common facts] ***********************************************
|
|
67
|
ok: [localhost]
|
|
68
|
|
|
69
|
TASK [common : Set additional convenience facts] *******************************
|
|
70
|
ok: [localhost]
|
|
71
|
|
|
72
|
TASK [common : Create Credentials directory] ***********************************
|
|
73
|
changed: [localhost]
|
|
74
|
|
|
75
|
TASK [common : Check permissions on configuration file] ************************
|
|
76
|
ok: [localhost]
|
|
77
|
|
|
78
|
TASK [ssl-ca-init : Create CA directory on server] *****************************
|
|
79
|
changed: [localhost]
|
|
80
|
|
|
81
|
TASK [ssl-ca-init : Generate Certificates with issue-host-ssl-cert script] *****
|
|
82
|
ok: [localhost] => (item= creating s1.brunico.lan-cert.pem and s1.brunico.lan-key.pem) => {
|
|
83
|
"item": " creating s1.brunico.lan-cert.pem and s1.brunico.lan-key.pem",
|
|
84
|
"msg": " creating s1.brunico.lan-cert.pem and s1.brunico.lan-key.pem"
|
|
85
|
}
|
|
86
|
|
|
87
|
TASK [ssl-ca-init : Copy CA data on the server CA directory] *******************
|
|
88
|
changed: [localhost]
|
|
89
|
|
|
90
|
TASK [ssl-ca-init : install SSL CA file] ***************************************
|
|
91
|
changed: [localhost]
|
|
92
|
|
|
93
|
TASK [ssl-ca-init : install SSL cert file] *************************************
|
|
94
|
changed: [localhost]
|
|
95
|
|
|
96
|
TASK [ssl-ca-init : install SSL key file] **************************************
|
|
97
|
changed: [localhost]
|
|
98
|
|
|
99
|
TASK [ldap-base : fail] ********************************************************
|
|
100
|
skipping: [localhost]
|
|
101
|
|
|
102
|
TASK [ldap-base : include] *****************************************************
|
|
103
|
included: /usr/share/fuss-server/includes/install-package-apt.yml for localhost
|
|
104
|
|
|
105
|
TASK [ldap-base : Install package ldap-utils by apt] ***************************
|
|
106
|
changed: [localhost]
|
|
107
|
|
|
108
|
TASK [ldap-base : register packages] *******************************************
|
|
109
|
|
|
110
|
TASK [ldap-base : install SSL CA certificate] **********************************
|
|
111
|
ok: [localhost]
|
|
112
|
|
|
113
|
TASK [ldap-base : Setup /etc/ldap/ldap.conf] ***********************************
|
|
114
|
ok: [localhost]
|
|
115
|
|
|
116
|
TASK [slapd : fail] ************************************************************
|
|
117
|
skipping: [localhost]
|
|
118
|
|
|
119
|
TASK [slapd : Look if slapd.conf file is already there] ************************
|
|
120
|
ok: [localhost]
|
|
121
|
|
|
122
|
TASK [slapd : Remove slapd before preseeding it] *******************************
|
|
123
|
ok: [localhost]
|
|
124
|
|
|
125
|
TASK [slapd : Preseed debconf slapd admin password, first time] ****************
|
|
126
|
changed: [localhost]
|
|
127
|
|
|
128
|
TASK [slapd : Preseed debconf slapd admin password, second time] ***************
|
|
129
|
changed: [localhost]
|
|
130
|
|
|
131
|
TASK [slapd : Preseed debconf LDAP base DN] ************************************
|
|
132
|
changed: [localhost]
|
|
133
|
|
|
134
|
TASK [slapd : include] *********************************************************
|
|
135
|
included: /usr/share/fuss-server/includes/install-package-apt.yml for localhost
|
|
136
|
|
|
137
|
TASK [slapd : Install package slapd,slapd-smbk5pwd,gosa-schema by apt] *********
|
|
138
|
changed: [localhost]
|
|
139
|
|
|
140
|
TASK [slapd : register packages] ***********************************************
|
|
141
|
|
|
142
|
TASK [slapd : Generate hashed password] ****************************************
|
|
143
|
ok: [localhost]
|
|
144
|
|
|
145
|
TASK [slapd : Is there slapd.d directory] **************************************
|
|
146
|
ok: [localhost]
|
|
147
|
|
|
148
|
TASK [slapd : Stopping slapd server] *******************************************
|
|
149
|
changed: [localhost]
|
|
150
|
|
|
151
|
TASK [slapd : Move away slapd.d directory] *************************************
|
|
152
|
changed: [localhost]
|
|
153
|
|
|
154
|
TASK [slapd : Give slapd user access to server certificate key] ****************
|
|
155
|
ok: [localhost]
|
|
156
|
|
|
157
|
TASK [slapd : adding ldaps:/// to SLAPD_SERVICES in /etc/default/slapd] ********
|
|
158
|
changed: [localhost]
|
|
159
|
|
|
160
|
TASK [slapd : Setup /etc/ldap/slapd.conf] **************************************
|
|
161
|
changed: [localhost]
|
|
162
|
|
|
163
|
TASK [slapd : Starting slapd server] *******************************************
|
|
164
|
changed: [localhost]
|
|
165
|
|
|
166
|
TASK [slapd : include] *********************************************************
|
|
167
|
included: /usr/share/fuss-server/includes/install-package-apt.yml for localhost
|
|
168
|
|
|
169
|
TASK [slapd : Install package ldapvi by apt] ***********************************
|
|
170
|
ok: [localhost]
|
|
171
|
|
|
172
|
TASK [slapd : register packages] ***********************************************
|
|
173
|
|
|
174
|
TASK [slapd : Setup .ldapvirc] *************************************************
|
|
175
|
ok: [localhost]
|
|
176
|
|
|
177
|
TASK [slapd : include] *********************************************************
|
|
178
|
included: /usr/share/fuss-server/includes/install-package-apt.yml for localhost
|
|
179
|
|
|
180
|
TASK [slapd : Install package smbldap-tools,samba-common-bin,python-smbpasswd by apt] ***
|
|
181
|
changed: [localhost]
|
|
182
|
|
|
183
|
TASK [slapd : register packages] ***********************************************
|
|
184
|
|
|
185
|
TASK [slapd : Setup /etc/smbldap-tools/smbldap_bind.conf] **********************
|
|
186
|
ok: [localhost]
|
|
187
|
|
|
188
|
TASK [slapd : Get SID value] ***************************************************
|
|
189
|
ok: [localhost]
|
|
190
|
|
|
191
|
TASK [slapd : Setup /etc/smbldap-tools/smbldap.conf] ***************************
|
|
192
|
changed: [localhost]
|
|
193
|
|
|
194
|
TASK [slapd : Check if DIT is already done] ************************************
|
|
195
|
ok: [localhost]
|
|
196
|
|
|
197
|
TASK [slapd : Get hashed password from /etc/ldap/slapd.conf (for idempotency)] *
|
|
198
|
ok: [localhost]
|
|
199
|
|
|
200
|
TASK [slapd : debug] ***********************************************************
|
|
201
|
ok: [localhost] => {
|
|
202
|
"msg": "Hashed pass = {u'changed': False, u'end': u'2017-05-18 10:45:57.630759', 'failed': False, u'stdout': u'{SSHA}KFCY+KqV5LDFsceDyLKPkt7DAEDKa5Sn', u'cmd': u\"grep '# rootpw' /etc/ldap/slapd.conf|awk '{print $3}'\", u'rc': 0, u'start': u'2017-05-18 10:45:57.624264', u'stderr': u'', u'delta': u'0:00:00.006495', 'stdout_lines': [u'{SSHA}KFCY+KqV5LDFsceDyLKPkt7DAEDKa5Sn'], 'failed_when_result': False, u'warnings': []}"
|
|
203
|
}
|
|
204
|
|
|
205
|
TASK [slapd : Copy DIT template] ***********************************************
|
|
206
|
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "AnsibleError: Unexpected templating type error occurred on (# LDIF skeleton for LDAP tree initialization\n#\n\n# Users, Organizational Unit\ndn: ou=Users,{{ basedn }}\nobjectClass: top\nobjectClass: organizationalUnit\nou: Users\n\n# Groups, Organizational Unit\ndn: ou=Groups,{{ basedn }}\nobjectClass: top\nobjectClass: organizationalUnit\nou: Groups\n\n# Computers, Organizational Unit\ndn: ou=Computers,{{ basedn }}\nobjectClass: top\nobjectClass: organizationalUnit\nou: Computers\n\n# Idmap, Organizational Unit\ndn: ou=Idmap,{{ basedn }}\nobjectClass: top\nobjectClass: organizationalUnit\nou: Idmap\n\n# Samba Domain Name, defaults\ndn: sambaDomainName={{ smb_domain }},{{ basedn }}\nsambaAlgorithmicRidBase: 1000\nsambaNextUserRid: 1000\nsambaLogonToChgPwd: 0\nsambaMinPwdAge: 0\nsambaLockoutDuration: 30\nsambaLockoutObservationWindow: 30\nsambaLockoutThreshold: 0\nsambaForceLogoff: -1\nsambaRefuseMachinePwdChange: 0\nsambaDomainName: {{ smb_domain }}\nsambaSID: {{sid.stdout}}\nsambaNextRid: 1000\nobjectClass: top\nobjectClass: sambaDomain\nobjectClass: sambaUnixIdPool\nsambaPwdHistoryLength: 3\nsambaMinPwdLength: 9\nsambaMaxPwdAge: -1\ngidNumber: 2000\nuidNumber: 2000\n\n# admin, Users, Windows Domain Admin\ndn: uid=admin,ou=Users,{{ basedn }}\nobjectClass: top\nobjectClass: person\nobjectClass: organizationalPerson\nobjectClass: inetOrgPerson\nobjectClass: sambaSamAccount\nobjectClass: posixAccount\nobjectClass: shadowAccount\nuid: admin\ncn: admin\nsn: admin\ngidNumber: 512\nuidNumber: 512\nhomeDirectory: /home/admin\nsambaLogonTime: 0\nsambaLogoffTime: 2147483647\nsambaKickoffTime: 2147483647\nsambaPwdCanChange: 0\nsambaPwdMustChange: 2147483647\nsambaHomeDrive: H:\nsambaPrimaryGroupSID: {{sid.stdout}}-512\nsambaAcctFlags: [U ]\nsambaSID: {{sid.stdout}}-500\nloginShell: /bin/false\ngecos: Netbios Domain Administrator\nsambaPwdLastSet: {{pass|this_second}}\nsambaNTPassword: {{pass|nthash}}\nsambaLMPassword: {{pass|lmhash}}\nuserPassword: {{ hashed_pass.stdout }}\nshadowLastChange: {{pass|this_day}}\n\n# nobody, Users, Windows guest user\ndn: uid=nobody,ou=Users,{{ basedn }}\nobjectClass: top\nobjectClass: person\nobjectClass: organizationalPerson\nobjectClass: inetOrgPerson\nobjectClass: sambaSamAccount\nobjectClass: posixAccount\nobjectClass: shadowAccount\ncn: nobody\nsn: nobody\ngidNumber: 514\nuid: nobody\nuidNumber: 65534\nhomeDirectory: /nonexistent\nsambaPwdLastSet: 0\nsambaLogonTime: 0\nsambaLogoffTime: 2147483647\nsambaKickoffTime: 2147483647\nsambaPwdCanChange: 0\nsambaPwdMustChange: 2147483647\nsambaHomeDrive: H:\nsambaPrimaryGroupSID: {{sid.stdout}}-514\nsambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX\nsambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX\nsambaAcctFlags: [NUD ]\nsambaSID: {{sid.stdout}}-501\nloginShell: /bin/false\n\n\n# Domain Admins, Groups, from Windows Default Groups\ndn: cn=Domain Admins,ou=Groups,{{ basedn }}\nobjectClass: top\nobjectClass: posixGroup\nobjectClass: sambaGroupMapping\ngidNumber: 512\ncn: Domain Admins\nmemberUid: admin\ndescription: Netbios Domain Administrators\nsambaSID: {{sid.stdout}}-512\nsambaGroupType: 2\ndisplayName: Domain Admins\n\n# Domain Users, Groups, from Windows Default Groups\ndn: cn=Domain Users,ou=Groups,{{ basedn }}\nobjectClass: top\nobjectClass: posixGroup\nobjectClass: sambaGroupMapping\ngidNumber: 513\ncn: Domain Users\ndescription: Netbios Domain Users\nsambaSID: {{sid.stdout}}-513\nsambaGroupType: 2\ndisplayName: Domain Users\n\n# Domain Guests, Groups, from Windows Default Groups\ndn: cn=Domain Guests,ou=Groups,{{ basedn }}\nobjectClass: top\nobjectClass: posixGroup\nobjectClass: sambaGroupMapping\ngidNumber: 514\ncn: Domain Guests\ndescription: Netbios Domain Guests Users\nsambaSID: {{sid.stdout}}-514\nsambaGroupType: 2\ndisplayName: Domain Guests\n\n# Domain Computers, Groups, from Windows Default Groups\ndn: cn=Domain Computers,ou=Groups,{{ basedn }}\nobjectClass: top\nobjectClass: posixGroup\nobjectClass: sambaGroupMapping\ngidNumber: 515\ncn: Domain Computers\ndescription: Netbios Domain Computers accounts\nsambaSID: {{sid.stdout}}-515\nsambaGroupType: 2\ndisplayName: Domain Computers\n\n# Administrators, Groups, from Windows Default Groups\ndn: cn=Administrators,ou=Groups,{{ basedn }}\nobjectClass: top\nobjectClass: posixGroup\nobjectClass: sambaGroupMapping\ngidNumber: 544\ncn: Administrators\ndescription: Netbios Domain Members can fully administer the computer/sambaDom\n ainName\nsambaSID: S-1-5-32-544\nsambaGroupType: 5\ndisplayName: Administrators\n\n# Account Operators, Groups, from Windows Default Groups\ndn: cn=Account Operators,ou=Groups,{{ basedn }}\nobjectClass: top\nobjectClass: posixGroup\nobjectClass: sambaGroupMapping\ngidNumber: 548\ncn: Account Operators\ndescription: Netbios Domain Users to manipulate users accounts\nsambaSID: S-1-5-32-548\nsambaGroupType: 5\ndisplayName: Account Operators\n\n# Print Operators, Groups, from Windows Default Groups\ndn: cn=Print Operators,ou=Groups,{{ basedn }}\nobjectClass: top\nobjectClass: posixGroup\nobjectClass: sambaGroupMapping\ngidNumber: 550\ncn: Print Operators\ndescription: Netbios Domain Print Operators\nsambaSID: S-1-5-32-550\nsambaGroupType: 5\ndisplayName: Print Operators\n\n# Backup Operators, Groups, from Windows Default Groups\ndn: cn=Backup Operators,ou=Groups,{{ basedn }}\nobjectClass: top\nobjectClass: posixGroup\nobjectClass: sambaGroupMapping\ngidNumber: 551\ncn: Backup Operators\ndescription: Netbios Domain Members can bypass file security to back up files\nsambaSID: S-1-5-32-551\nsambaGroupType: 5\ndisplayName: Backup Operators\n\n# Replicators, Groups, from Windows Default Groups\ndn: cn=Replicators,ou=Groups,{{ basedn }}\nobjectClass: top\nobjectClass: posixGroup\nobjectClass: sambaGroupMapping\ngidNumber: 552\ncn: Replicators\ndescription: Netbios Domain Supports file replication in a sambaDomainName\nsambaSID: S-1-5-32-552\nsambaGroupType: 5\ndisplayName: Replicators\n\n): coercing to Unicode: need string or buffer, int found"}
|
|
207
|
|
|
208
|
RUNNING HANDLER [slapd : restart slapd with slapd.conf] ************************
|
|
209
|
changed: [localhost]
|
|
210
|
to retry, use: --limit @/usr/share/fuss-server/create.retry
|
|
211
|
|
|
212
|
PLAY RECAP *********************************************************************
|
|
213
|
localhost : ok=60 changed=20 unreachable=0 failed=1
|
|
214
|
|