Randomly Expressed

About

Welcome to my blog “randomly expressed”. I created this website to publish helpful tips. It’s mainly technology driven, but I will blog about other topics. I am a Unix sysadmin that is always looking to learn new things. My goal is to be able to share knowledge that others may find useful. xkcd.com

Continue Reading »

Contact

Connect With US

Connect with us on the following social networking sites.

Most Popular Posts.

Add Some Content to This Area

You should either deactivate this panel on the Theme Settings page, or add some content via the Widgets page in your WordPress dashboard.

Ansible CentrifyDC Express playbook

By on February 10, 2017 in Technology with No Comments

The following Ansible playbook will install CentrifyDC express via yum or rpm depending on the OS. The CentrifyDC express package allows you bind Linux servers to your Active Directory server. This will allow you to ssh to your Linux servers using your AD credentials and use AD groups for sudoers access. It comes in pretty handy if you want to manage Linux accounts in one central place versus managing local accounts on each Linux server.

---
- name: Configure unbuntu/centos server with centrify

  hosts: aofl-run
  become: yes
  become_user: root
  vars_files:
    - /etc/ansible/group_vars/crypto.yml
  vars:
    - u: '{{ centrify_user }}'
    - p: '{{ centrify_password }}'

  tasks:
    - name: install archive repo trusty
      #apt_repository: repo='deb http://archive.canonical.com/ trusty partner' state=present
      apt_repository: repo='deb http://archive.canonical.com/ maverick partner' state=present
      when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'

    - name: install Ubuntu centrifydc package
      apt: name=centrifydc update_cache=yes state=present
      when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'

    - name: install CentOS centrifydc package
      yum: name=http://ansible.company.com/centrifydc-5.3.1-rhel4-x86_64.rpm state=present
      when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'

    - name: Updating centrify.conf private.group
      lineinfile: "dest=/etc/centrifydc/centrifydc.conf line='auto.schema.private.group: false'"

    - name: Updating centrify.conf private.gid
      lineinfile: "dest=/etc/centrifydc/centrifydc.conf line='auto.schema.primary.gid: 272630273'"

    - name: checking centrifydc package is not installed
      command: dpkg-query -W centrifydc
      register: centrifydc_check_deb
      failed_when: centrifydc_check_deb.rc > 1
      changed_when: centrifydc_check_deb.rc == 1
      when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'


    - shell: adlicense -l; adjoin -w corp.company.com -c "OU=Servers,DC=corp,DC=company,DC=com" -u "{{ centrify_user }}" -p "{{ centrify_password }}"
      no_log: False

  roles:
    - { role: slack,  message: '{{ inventory_hostname }} system joined the AD domain'}

Facebook Comments

Tagged With: ,

Post a Comment

Your email address will not be published. Required fields are marked *

Top