[playbook-auth-usersldap.yml] cleaned add/rm user mount tasks

680c133a · Joffrey STUTZ · ac37e59b · 680c133a
Commit 680c133a authored 1 year ago by Joffrey STUTZ
--- a/ansible/playbook-auth-usersldap.yml
+++ b/ansible/playbook-auth-usersldap.yml
 # https://intragate.ec.europa.eu/snet/wiki/index.php/Service_Support/Application_Management_Service/Snet_AAA/Account_creation_and_deletion_of_Snet_members
-# ansible-playbook-2.9 playbook-auth-usersldap.yml --extra-vars "username=xxx scrat_user=xxx" -kK --tags "add_user/rm_user, mandatory" -u snet
+# ansible-playbook-4.7 playbook-auth-usersldap.yml --extra-vars "username=xxx scrat_user=xxx" -kK --tags "add_user/rm_user, mandatory" -u snet
 # To run specific task:
-# ansible-playbook-2.9 playbook-auth-usersldap.yml --extra-vars "username=xxx" -kK --tags "propagate" -u snet
-
-
+# ansible-playbook-4.7 playbook-auth-usersldap.yml --extra-vars "username=xxx" -kK --tags "propagate" -u snet
 ---

 - hosts: localhost
@@ -68,11 +66,6 @@
            whoami: "{{register_whoami.stdout}}"
          changed_when: False

-#        - name: check that user is known
-#          fail:
-#            msg: "whoami should not be snet or www-data not: '{{whoami}}'"
-#          when: "whoami in ['snet', 'www-data', 'root', 'unknown']"
-
        - name: debug
          debug:
            msg: "The whoami is {{ whoami }}"
@@ -82,43 +75,40 @@
 ##########
 #Add user#
 ##########
-
    - name: Add user on Vshare
      block:
-        - name: allow share on fstab on vshare
-          replace:
-            path: /etc/fstab
-            #regexp: '#vnx2nfs-vshare-lu.snmc.cec.eu.int:/fs/home'
-            #replace: 'vnx2nfs-vshare-lu.snmc.cec.eu.int:/fs/home'
-            regexp: '#unityspb-vshare-lu.snmc.cec.eu.int:/fs_home'
-            replace: 'unityspb-vshare-lu.snmc.cec.eu.int:/fs_home'
+        - name: set /opt/home_nas
+          ansible.builtin.file:
+            path: /opt/home_nas
+            state: directory
+            mode: '0755'
+            owner: root
+            group: root

-        - name: mount all
-          command: mount -a
+        - name: mount /opt/home_nas
+          mount:
+            path: /opt/home_nas
+            state: mounted
+            src: unityspb-vshare-lu.snmc.cec.eu.int:/fs_home
+            opts: defaults,rw,soft,nolock,tcp,vers=3
+            boot: false
+            fstype: nfs

        - name: Create user directory in home
-          file:
-            path: /opt/new_home_vnx/{{username}}
+          ansible.builtin.file:
+            path: /opt/home_nas/{{username}}
            state: directory
            mode: '0755'
            owner: "{{username}}"
            group: snmc

-        - name: Unmount /opt/new_home_vnx
+        - name: Unmount /opt/home_nas
          mount:
-            path: /opt/new_home_vnx
+            path: /opt/home_nas
            state: unmounted

-        - name: Disallow share on fstab on vshare
-          replace:
-            path: /etc/fstab
-            #regexp: 'vnx2nfs-vshare-lu.snmc.cec.eu.int:/fs/home'
-            #replace: '#vnx2nfs-vshare-lu.snmc.cec.eu.int:/fs/home'
-            regexp: 'unityspb-vshare-lu.snmc.cec.eu.int:/fs_home'
-            replace: '#unityspb-vshare-lu.snmc.cec.eu.int:/fs_home'
- 
      become: true
-      delegate_to: vshare-jmo.snmc.cec.eu.int
+      delegate_to: vshare-bx.snmc.cec.eu.int
      tags:
      - add_user
      - add_user_vshare
@@ -129,48 +119,45 @@

    - name: Remove user on Vshare
      block:
-        - name: allow share on fstab on vshare
-          replace:
-            path: /etc/fstab
-            #regexp: '#vnx2nfs-vshare-lu.snmc.cec.eu.int:/fs/home'
-            #replace: 'vnx2nfs-vshare-lu.snmc.cec.eu.int:/fs/home' 
-            regexp: '#unityspb-vshare-lu.snmc.cec.eu.int:/fs_home'
-            replace: 'unityspb-vshare-lu.snmc.cec.eu.int:/fs_home'
-
-        - name: mount all
-          shell:
-            cmd: "mount -a"
+        - name: set /opt/home_nas
+          ansible.builtin.file:
+            path: /opt/home_nas
+            state: directory
+            mode: '0755'
+            owner: root
+            group: root

-        - name: stat /opt/new_home_vnx/{{username}}
+        - name: mount /opt/home_nas
+          mount:
+            path: /opt/home_nas
+            state: mounted
+            src: unityspb-vshare-lu.snmc.cec.eu.int:/fs_home
+            opts: defaults,rw,soft,nolock,tcp,vers=3
+            boot: false
+            fstype: nfs
+
+        - name: stat /opt/home_nas/{{username}}
          stat:
-            path: /opt/new_home_vnx/{{username}}
+            path: /opt/home_nas/{{username}}
          register: user_folder

        - name: Compress and archive
          shell:
-            cmd: tar -jcf /opt/new_home_vnx/_OLD/{{username}}.tbz /opt/new_home_vnx/{{username}}
+            cmd: tar -jcf /opt/home_nas/_OLD/{{username}}.tbz /opt/home_nas/{{username}}
          when: user_folder.stat.exists

        - name: Delete user directory in home
          file:
-            path: /opt/new_home_vnx/{{username}}
+            path: /opt/home_nas/{{username}}
            state: absent

-        - name: Unmount /opt/new_home_vnx
+        - name: Unmount /opt/home_nas
          mount:
-            path: /opt/new_home_vnx
+            path: /opt/home_nas
            state: unmounted

-        - name: Disallow share on fstab on vshare
-          replace:
-            path: /etc/fstab
-            #regexp: 'vnx2nfs-vshare-lu.snmc.cec.eu.int:/fs/home'
-            #replace: '#vnx2nfs-vshare-lu.snmc.cec.eu.int:/fs/home'
-            regexp: 'unityspb-vshare-lu.snmc.cec.eu.int:/fs_home'
-            replace: '#unityspb-vshare-lu.snmc.cec.eu.int:/fs_home'
-
      become: true
-      delegate_to: vshare-jmo.snmc.cec.eu.int
+      delegate_to: vshare-bx.snmc.cec.eu.int
      tags:
      - rm_user
      - rm_user_vshare
@@ -199,7 +186,6 @@
      tags:
      - mandatory
      - propagate
-        #when: false

    - name: Launch propagate users on leankit
      shell:
@@ -218,12 +204,14 @@
      tags:
      - mandatory
      - propagate
-        #when: false

    - name: Launch redmine LDAP sync
      shell:
-        cmd: sudo -u www-data /usr/local/sbin/snet-redmine-ldapsync
-      delegate_to: vcodebox-lu.snmc.cec.eu.int
+        cmd: /usr/local/sbin/sync_users
+      become: true
+      become_method: sudo
+      delegate_to: "{{ item }}"
+      loop: "{{ groups['vredmine_prd'] }}"
      tags:
      - mandatory
      - redmine