From 09a6bcce84d59f444324b104287bdee667f57960 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Wed, 9 Sep 2020 18:28:00 +0000
Subject: [PATCH] autofs: Initial version of role

---
 roles/autofs/handlers/main.yml                |  5 ++
 roles/autofs/tasks/main.yml                   | 49 +++++++++++++++++++
 roles/autofs/templates/auto.master.j2         |  2 +
 .../autofs/templates/autofs_ldap_auth.conf.j2 |  9 ++++
 4 files changed, 65 insertions(+)
 create mode 100644 roles/autofs/handlers/main.yml
 create mode 100644 roles/autofs/tasks/main.yml
 create mode 100644 roles/autofs/templates/auto.master.j2
 create mode 100644 roles/autofs/templates/autofs_ldap_auth.conf.j2

diff --git a/roles/autofs/handlers/main.yml b/roles/autofs/handlers/main.yml
new file mode 100644
index 0000000..673f6a6
--- /dev/null
+++ b/roles/autofs/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart autofs
+  service:
+    name: autofs
+    state: restarted
diff --git a/roles/autofs/tasks/main.yml b/roles/autofs/tasks/main.yml
new file mode 100644
index 0000000..3e22f3d
--- /dev/null
+++ b/roles/autofs/tasks/main.yml
@@ -0,0 +1,49 @@
+---
+- name: install packages
+  package:
+    name: autofs
+    state: installed
+
+- name: configure ldap server for autofs
+  lineinfile:
+    dest: /etc/autofs.conf
+    regexp: '^#?ldap_uri\s*=.*'
+    line: "ldap_uri = {% for u in ldap_server %}ldaps://{{ u }} {% endfor %}"
+  notify: restart autofs
+
+- name: configure ldap schema for autofs
+  lineinfile:
+    dest: /etc/autofs.conf
+    line: "{{ item }}"
+    insertbefore: "^# auth_conf_file"
+  notify: restart autofs
+  with_items:
+    - value_attribute = automountInformation
+    - entry_attribute = automountKey
+    - map_attribute = ou
+    - entry_object_class = automount
+    - map_object_class = organizationalUnit
+
+- name: configure ldap auth for autofs
+  template:
+    dest: /etc/autofs_ldap_auth.conf
+    src: autofs_ldap_auth.conf.j2
+    mode: 0600
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: restart autofs
+
+- name: create auto.master config
+  template:
+    dest: /etc/auto.master
+    src: auto.master.j2
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: restart autofs
+
+- name: start autofs service
+  service:
+    name: autofs
+    state: started
+    enabled: true
diff --git a/roles/autofs/templates/auto.master.j2 b/roles/autofs/templates/auto.master.j2
new file mode 100644
index 0000000..d818c62
--- /dev/null
+++ b/roles/autofs/templates/auto.master.j2
@@ -0,0 +1,2 @@
+/home  ldap:///ou=People,{{ ldap_basedn }} rw,nosuid,nodev
+/roles ldap:///ou=Groups,{{ ldap_basedn }} rw,nosuid,nodev --ghost
diff --git a/roles/autofs/templates/autofs_ldap_auth.conf.j2 b/roles/autofs/templates/autofs_ldap_auth.conf.j2
new file mode 100644
index 0000000..dfc162c
--- /dev/null
+++ b/roles/autofs/templates/autofs_ldap_auth.conf.j2
@@ -0,0 +1,9 @@
+<?xml version="1.0" ?>
+<autofs_ldap_sasl_conf
+    usetls="no"
+    tlsrequired="no"
+    authrequired="yes"
+    authtype="EXTERNAL"
+    external_cert="{{ tls_certs }}/{{ inventory_hostname }}.crt"
+    external_key="{{ tls_private }}/{{ inventory_hostname }}.key"
+/>