A Univention Corporate Server (UCS) is not particularly suited for configuration by Ansible, since many tasks have to be done either via the Web GUI or via special Bash commands. Examples of this are creating, modifying or deleting users and groups. Since we still want to automatically install and configure UCS from the Adfinis SyGroup, we've written new Ansible modules for various tasks. These currently include the following:
These modules are shipped as part of Ansible Modules Extras with Ansible version 2.2. Meaning they can be used like every other Ansible module. If other Ansible Modules should be developed in the future (and if they are not part of Ansible), they can be installed per project. Afterwards, a brief explanation is given on how to install additional Ansible modules, and then the above-mentioned modules are briefly introduced.
Additional Ansible modules are installed either by project or in the Ansible source code. For additional modules to be installed by project, they need to be copied into the "library" folder under the top directories of the project. This looks roughly as follows: ``` $ ls |- ansible.cfg |- group_vars/ | |- all/ |- inventory |- library/ | |- README.md | |- ucr.py | |- udm_dns_record.py | |- udm_dns_zone.py | |- udm_group.py | |- udm_share.py | |- udm_user.py |- README.md |- site.yml
If the modules are installed in the Ansible source code, the entire Ansible source code has to be cloned: ```bash
$ git clone https://github.com/ansible/ansible.git
$ cd ansible/
$ git submodule update --init --recursive
After that, Ansible can be installed using pip: ```bash $ virtualenv -p /usr/bin/python2 venv $ . venv/bin/activate $ pip install -e ansible/
Finally, the additional Ansible modules need to be copied into the folder `ansible/lib/ansible/modules/extras/` or a subfolder thereof. For example, the Univention modules belong in the subfolder `univention`.
## udm\_group
To create a group with the name `employee` and the LDAP DN `cn=employee,cn=groups,ou=company,dc=example,dc=org` , the following Ansible task is required: ```yaml
- udm_group: name=employee
description=Employee
ou=company
subpath=‘cn=groups‘
If only the attribute name is indicated, the group is created with the DN cn=,cn=groups, .
A user object comprises a great deal of possible attributes, so the following is just a minimal example. All available attributes are documented directly in the Ansible module. If a user Hans Muster with the user ID hans.muster and the password secure_password is created, the following task is required:
- udm_user: name=hans.muster
firstname=Hans
lastname=Muster
password=secure_password
The exact LDAP path can also be indicated as with udm_group. If nothing further is indicated, the user is created with the LDAP DN uid=hans.muster,cn=users,dc=example,dc=com .
DNS zones do not have very many possible attributes. One thing to note is that the interfaces, NS and MX records are defined in the zone. The interfaces can be compared with BIND 9 Views. These define where the corresponding DNS queries are answered from. The NS and MX records are handled differently in UCS and are therefore not configured with udm_dns_record but rather by udm_dns_zone. For example, the forward zone example.com with the authoritative name server ucs.example.com, which answers DNS queries at the IP address 192.168.1.1 is set up as follows:
- udm_dns_zone: zone=example.com
type=forward_zone
nameserver=['ucs.example.com']
interfaces=['192.168.1.1']
Individual DNS records can be created with udm_dns_record. Possible entries are: - host_record (A und AAAA Records)
If the zone example.com has the entry www.example.com. IN A 192.168.1.1 added to it, the following task is required: ```yaml
## udm\_share
Samba and NFS shares can be handled with the module udm\_share. A share object comprises a large number of attributes, which are documented in the Ansible module. For the share `homes` to be created on the Ansible target system, the following task is required:
```yaml
- udm_share: name=homes
host='{{ ansible_fqdn }}'
path=/home
owner=root
group=root
directorymode='00755'
sambaName=homes
We use cookies to ensure you get the best experience on our website. By using our site, you agree to our cookie policy.