Merge branch 'main' into chore/bareos_dir_overwrite_dir_conf

adfinis · Jan 6, 2025 · 6349748 · 6349748
2 parents 24a378e + 116dc27
commit 6349748
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 69 deletions.
diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
@@ -11,57 +11,39 @@ on:
     - cron: '3 2 2 * *'
 
 jobs:
-  lint:
-    runs-on: ubuntu-20.04
-    steps:
-      - name: checkout
-        uses: actions/checkout@v4
-      - name: ansible-lint
-        uses: ansible-community/ansible-lint-action@main
   test:
-    needs:
-      - lint
-    runs-on: ubuntu-20.04
-    strategy:
-      fail-fast: false
-      matrix:
-        config:
-          - image: "debian"
-            tag: "latest"
-          - image: "debian"
-            tag: "bullseye"
-          - image: "enterpriselinux"
-            tag: "latest"
-          - image: "fedora"
-            tag: "39"
-          - image: "fedora"
-            tag: "latest"
-          - image: "ubuntu"
-            tag: "jammy"
-          - image: "ubuntu"
-            tag: "latest"
-    steps:
-      - name: checkout
-        uses: actions/checkout@v4
-
-      - name: disable apparmor for mysql
-        run: sudo ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/
-
-      - name: parse apparmor for mysql
-        run: sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld
-
-      - name: Set up Python 3.
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.x'
-
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install -r requirements.txt
-
-      - name: molecule
-        run: molecule converge
-        env:
-          image: ${{ matrix.config.image }}
-          tag: ${{ matrix.config.tag }}
+    uses: adfinis/github-workflows-bareos/.github/workflows/[email protected]
+    with:
+      systems: |
+        {
+          "config": [
+            {
+              "image": "debian",
+              "tag": "latest"
+            },
+            {
+              "image": "debian",
+              "tag": "bullseye"
+            },
+            {
+              "image": "enterpriselinux",
+              "tag": "latest"
+            },
+            {
+              "image": "fedora",
+              "tag": "40"
+            },
+            {
+              "image": "fedora",
+              "tag": "latest"
+            },
+            {
+              "image": "ubuntu",
+              "tag": "jammy"
+            },
+            {
+              "image": "ubuntu",
+              "tag": "latest"
+            }
+          ]
+        }
diff --git a/meta/argument_specs.yml b/meta/argument_specs.yml
@@ -180,7 +180,8 @@ argument_specs:
         choices:
           - "ldap"
           - "unix"
-        description: "Decide if Unix or LDAP socket should be used for PAM authentication"
+          - "sss"
+        description: "Decide if Unix, SSS or LDAP socket should be used for PAM authentication"
       bareos_dir_pam_auth_profile:
         type: "str"
         default: "webui-admin"

diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
@@ -1,21 +1,26 @@
 ---
+
 - name: Prepare
   hosts: all
-  become: yes
-  gather_facts: no
+  become: true
+  gather_facts: false
 
   roles:
     - role: robertdebock.bootstrap
     # The roles buildtools, python_pip and postgres are required.
     # bareos-dir needs to connect to a database.
     - role: robertdebock.buildtools
-    # EPEL is required for RHEL7.
-    - role: robertdebock.epel
     - role: robertdebock.python_pip
     - role: robertdebock.postgres
-    # The roles core_dependencies and postfix are  required for the `bareos_role`: "dir".
+    # The roles core_dependencies and postfix are required for the `bareos_role`: "dir".
     # bareos-dir needs to send emails.
     # - role: robertdebock.core_dependencies
     # - role: robertdebock.postfix
+
+- name: Setup Bareos Repository
+  hosts: all
+  become: true
+  gather_facts: true
+  roles: 
     - role: adfinis.bareos_repository
-      bareos_repository_enable_tracebacks: yes
+      bareos_repository_enable_tracebacks: true
diff --git a/tasks/pam_auth.yml b/tasks/pam_auth.yml
@@ -43,14 +43,6 @@
     - bareos_dir_pam_auth_method == "unix"
     - ansible_facts.os_family == "RedHat"
 
-- name: pam_auth | Download pam_exec_add_bareos_user.py from bareos Github
-  ansible.builtin.get_url:
-    url: https://github.com/bareos/bareos/blob/master/contrib/misc/bareos_pam_integration/pam_exec_add_bareos_user.py
-    dest: "/usr/local/bin/pam_exec_add_bareos_user.py"
-    owner: bareos
-    group: bareos
-    mode: "0744"
-
 - name: pam_auth | Create PAM specific Bareos Console
   ansible.builtin.template:
     src: console.conf.j2

diff --git a/templates/pam.d/bareos.j2 b/templates/pam.d/bareos.j2
@@ -5,5 +5,8 @@ account    requisite           pam_unix.so
 {% elif bareos_dir_pam_auth_method == "ldap" %}
 auth       required            pam_ldap.so
 account    requisite           pam_ldap.so
+{% elif bareos_dir_pam_auth_method == "sss" %}
+auth       optional            pam_unix.so
+auth       required            pam_sss.so   use_first_pass
+account    requisite           pam_sss.so
 {% endif %}
-account    [default=ignore]    pam_exec.so /usr/bin/python3 /usr/local/bin/pam_exec_add_bareos_user.py --name {{ bareos_dir_pam_auth_username | default('pam-adduser') }} --password {{ bareos_dir_pam_auth_password }} --profile {{ bareos_dir_pam_auth_profile | default("webui-admin") }}