Dustin C. Hatch
9fdd2243a6
Now that the domain controller servers use certificates issued by *step-ca*, client applications need to trust that root CA certificate.
26 lines
525 B
YAML
26 lines
525 B
YAML
- hosts: pyrocufflink:!samba-dc
|
|
roles:
|
|
- winbind
|
|
- nsswitch
|
|
- system-auth
|
|
- sudo
|
|
tasks:
|
|
- name: ensure winbind is running
|
|
service:
|
|
name=winbind
|
|
state=started
|
|
- name: ensure server admins can use sudo
|
|
copy:
|
|
dest: /etc/sudoers.d/20_server-admins
|
|
content: |
|
|
%server\ admins ALL=(ALL) ALL
|
|
mode: '0440'
|
|
validate: visudo -cf %s
|
|
- hosts: pyrocufflink
|
|
roles:
|
|
- role: trustca
|
|
ca: dch-root-ca
|
|
- role: trustca
|
|
ca: dch-root-ca-r2
|
|
tags: dch-root-ca-r2
|