Remove provision_homedir role

46526eb0 · Kerri Wait · 29d69064 · 29d69064 · 29d69064 · 29d69064
Commit 46526eb0 authored 4 years ago by Kerri Wait
--- a/roles/provision_homedir/tasks/main.yml
+++ b/roles/provision_homedir/tasks/main.yml
---
- name: make  dir
-  file: path="{{ provision_homedir | dirname }}" state=directory mode=755 owner=root
-  become: true
-
- name: install python packages
-  yum: name=python-ldap state=present
-  become: true
-  when: ansible_os_family == 'RedHat'
-
- name: install python packages
-  apt: name=python-ldap state=present
-  become: true
-  when: ansible_os_family == 'Debian'
-
- name: copy provision_homedir template
-  template: src=provision_homedir.py.j2 dest={{ provision_homedir }} mode=700 owner=root
-  become: true
-
-# the lockfile for makeing home directories should be located on the shared directory where the home directories will be created. Otherwise it will be racey
- name: provision_homedir cron job
-  cron: name=provision_homedir job="/usr/bin/flock -x -n {{ mnthome }}/home/provision.lck -c {{ provision_homedir }}" user=root minute=*/15 state=present
-  become: true
--- a/roles/provision_homedir/templates/provision_homedir.py.j2
+++ b/roles/provision_homedir/templates/provision_homedir.py.j2
-#!/usr/bin/python
-import ldap
-import traceback
-import os
-import stat
-import shutil
-import subprocess
-
-class ldapSearchConfig:
-    def __init__(self):
-        self.ldapserver=""
-        self.binddn=""
-        self.bindpw=""
-        self.baseDN=""
-        self.searchFilter=""
-        self.cacertfile=''
-
-class genericUser:
-    def __init__(self):
-        self.dn=""
-        self.cn=""
-        self.entry=""
-        self.uid=""
-
-def get_users(server):
-#    ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,server.cacertfile)
-    ldap.set_option( ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER )
-    l=ldap.initialize(server.ldapserver)
-    l.simple_bind_s(server.binddn,server.bindpw)
-    retrieveAttributes = ["*"]
-    searchScope=ldap.SCOPE_SUBTREE
-    try:
-        ldap_result_id = l.search(server.baseDN,searchScope,server.searchFilter,retrieveAttributes)
-    except ldap.LDAPError, e:
-        pass
-    rtype,rdata = l.result(ldap_result_id,1)
-    allusers={}
-    for user in rdata:
-        dn=user[0]
-        attrs=user[1]
-        allusers[dn]=genericUser()
-        allusers[dn].dn=dn
-        allusers[dn].entry=attrs
-    return allusers
-
-def mk_homedir(path,uidNumber,gidNumber):
-	skelroot = path.rsplit("/", 1)[0]
-	# fix this later if your common/skel is located elsewhere
-	skelpath = os.path.join(skelroot, 'common', 'skel')
-	try:
-		statinfo = os.stat(path)
-	except OSError as e:
-		if 'No such file or directory' in e:
-		    shutil.copytree(skelpath, path)
-	statinfo = os.stat(path)
-	os.chown(path,uidNumber,gidNumber)
-	recursive_chown(path, uidNumber, gidNumber)
-
-# adapted from http://stackoverflow.com/questions/5994840/how-to-change-the-user-and-group-permissions-for-a-directory-by-name
-def recursive_chown(path,uidNumber,gidNumber):
-	si = os.stat(path)
-	# just a precaution before we recursively apply uid/gid to a path
-	if si.st_uid != uidNumber or si.st_gid != gidNumber:
-		raise Exception("user home %s uid %d != %d, gid %d != %d mismatch" % (path,si.st_uid,uidNumber,si.st_gid,gidNumber))
-	for root, dirs, files in os.walk(path):
-		for dname in dirs:
-			os.chown(os.path.join(root, dname), uidNumber, gidNumber)
-		for fname in files:
-			os.chown(os.path.join(root, fname), uidNumber, gidNumber)
-
-def check_homedir(path,uidNumber,gidNumber):
-	try:
-		si = os.stat(path)
-		if si.st_uid != uidNumber or si.st_gid != gidNumber:
-			raise Exception("user home %s uid %d != %d, gid %d != %d mismatch" % (path,si.st_uid,uidNumber,si.st_gid,gidNumber))
-		return True
-	except:
-		return False
-
-
-
-s=ldapSearchConfig()
-s.ldapserver="{{ ldapURI }}"
-s.binddn="{{ ldapBindDN }}"
-s.bindpw="{{ ldapBindDNPassword }}"
-s.baseDN="{{ ldapBase }}"
-s.searchFilter = "{{ ldap_access_filter }}"
-homeDirEntry= "{{ homeDirEntry }}"
-mnthome = "{{ mnthome }}"
-
-users=get_users(s)
-for user in users:
-	try:
-		if mnthome != "":
-			path=mnthome+"/"+users[user].entry[homeDirEntry][0].rsplit("/",1)[1]
-		else:
-			path=users[user].entry[homeDirEntry][0]
-		if not check_homedir(path,int(users[user].entry['uidNumber'][0]),int(users[user].entry['gidNumber'][0])):
-			mk_homedir(path,int(users[user].entry['uidNumber'][0]),int(users[user].entry['gidNumber'][0]))
-	except:
-		print traceback.format_exc()
-		pass
--- a/roles/provision_homedir/vars/main.yml
+++ b/roles/provision_homedir/vars/main.yml
---
-use_active_directory: False
-provision_homedir: /usr/local/sbin/provision_homedir.py
-homeDirEntry: "{% if use_active_directory %}unixHomeDirectory{% else %}homeDirectory{% endif %}"
-search_filter: "{% if use_active_directory %}(unixHomeDirectory=*){% else %}(objectClass=posixAccount){% endif %}"
-mnthome: "{% if mntpt %}{{ mntpt }}{% else %}''{% endif %}"