unixPB: fix up jckservices playbook

adoptium · Jul 7, 2021 · 48b3f43 · 48b3f43
1 parent 05cc09b
commit 48b3f43
Show file tree

Hide file tree

Showing 6 changed files with 118 additions and 213 deletions.
diff --git a/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/ubuntu-jckservices.yml b/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/ubuntu-jckservices.yml
diff --git a/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/variables/adoptopenjdk_variables.yml b/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/variables/adoptopenjdk_variables.yml
diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/FTP_User/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/FTP_User/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+############
+# FTP User #
+############
+- name: Create FTP user with password
+  action: user name="{{ jckftp_Username }}" shell=/bin/false password="{{ jckftp_Passwd }}" state=present
+
+- name: Create file for FTP access
+  copy:
+    content: ""
+    dest: "/home/{{ jckftp_Username }}/filename.txt"
+    force: no
+    owner: "{{ jckftp_Username }}"
+    mode: 0755
diff --git a/ansible/playbooks/conf/krb5.conf → ...ix_Playbook/roles/Kerberos/conf/krb5.conf b/ansible/playbooks/conf/krb5.conf → ...ix_Playbook/roles/Kerberos/conf/krb5.conf
@@ -1,5 +1,5 @@
 [libdefaults]
-	default_realm = ADOPTOPENJDK_NET
+	default_realm = ADOPTIUM_NET
 
 # The following encryption type specification will be used by MIT Kerberos
 # if uncommented.  In general, the defaults in the MIT Kerberos code are
@@ -16,13 +16,13 @@
 #	permitted_enctypes = des3-hmac-sha1
 
 [realms]
-	ADOPTOPENJDK_NET = {
-		kdc = jckservics.adoptopenjdk.net
-		admin_server = jckservices.adoptopenjdk.net
+	ADOPTIUM_NET = {
+		kdc = jckservices.adoptium.net
+		admin_server = jckservices.adoptium.net
 	}
 
 [domain_realm]
-	adoptopenjdk.net = ADOPTOPENJDK_NET
+	adoptium.net = ADOPTIUM_NET
 
 [logging]
 	default = SYSLOG
diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Kerberos/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Kerberos/tasks/main.yml
@@ -0,0 +1,49 @@
+---
+##################
+# Kerberos Setup #
+##################
+- name: Install Kerberos prerequisistes
+  apt: pkg={{ item }} state=latest
+  with_items:
+    - krb5-kdc
+    - krb5-admin-server
+    - pwgen
+  tags: dependencies
+
+- name: Copy krb5.conf
+  copy:
+    src: conf/krb5.conf
+    dest: /etc/krb5.conf
+    owner: root
+    group: root
+    mode: 0644
+    backup: yes
+
+- name: Configure kerberos server
+  shell: kdb5_util create -r ADOPTIUM_NET -W -s -P `pwgen -1`
+  args:
+    creates: /var/lib/krb5kdc/principal.kadm5
+
+- name: Run shell scripts
+  shell: "{{ item }}"
+  with_items:
+    - kadmin.local -q "addprinc -pw `pwgen -1` admin/admin@ADOPTIUM_NET"
+    - kadmin.local -q "addprinc -pw user1 user1/jckservices.adoptopenjdk.net@ADOPTIUM_NET"
+    - kadmin.local -q "addprinc -pw user2 user2/jckservices.adoptopenjdk.net@ADOPTIUM_NET"
+    - kadmin.local -q getprincs | egrep '^admin/admin@|^user1/|^user2/' > krb5.jckusers.txt; if test $(wc -l < krb5.jckusers.txt) -ne 3; then echo Wrong number of users - expected 3:; cat krb5.jckusers.txt; rm krb5.jckusers.txt; exit 1; fi
+  args:
+    creates: krb5.jckusers.txt
+  tags:
+    # false positive for 'use shell only when shell is required'
+    # this whole piece should be rewritten to avoid 'bashsible' code style
+    - skip_ansible_lint
+
+- name: Start krb5-kdc service
+  service:
+    name: krb5-kdc
+    state: started
+
+- name: Start krb5-admin-server service
+  service:
+    name: krb5-admin-server
+    state: started
diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/ubuntu-jckservices.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/ubuntu-jckservices.yml
@@ -0,0 +1,50 @@
+---
+###############################################
+# AdoptOpenJDK Ansible JCK svcs Playbook for: #
+# -------- Ubuntu 20 (tested on x64) -------- #
+###############################################
+
+- hosts: all
+  gather_facts: yes
+  tasks:
+    - block:
+      - name: Load AdoptOpenJDKs variable file
+        include_vars: group_vars/all/adoptopenjdk_variables.yml
+
+      - name: Set hostname to jckservices.adoptium.net
+        hostname:
+          name: jckservices.adoptium.net
+        tags: hostname
+
+      - name: OS update -- apt-get upgrade
+        apt: upgrade=safe update_cache=yes
+        tags: patch_update
+
+      - name: Install JCK prerequisistes
+        apt: pkg={{ item }} state=latest
+        with_items:
+          - ant
+          - ftpd
+          - gcc
+          - tomcat9
+          - unzip
+        tags: dependencies
+
+      - name: Start tomcat9 service
+        service:
+          name: tomcat9
+          state: started
+        tags: tomcat
+
+  #########
+  # Roles #
+  #########
+  roles:
+    - Debug
+    - role: Get_Vendor_Files
+      tags: [vendor_files, adoptopenjdk, jenkins_user]
+    - role: FTP_User
+      tags: ftp_user
+    - role: Kerberos
+      tags: kerberos
+    - Crontab