fedora-infra_ansible/roles/fas_client/tasks/main.yml

---
#
# This task sets up fasClient on a machine. 
# It installs the fas-clients package, then the /etc/fas.conf and finally a cron job update.
#

#
# fas-clients is in the infrastructure repo. 
# nss_db is needed to store user/group info.
#
- name: install package needed for fas-client
  yum: state=installed name={{ item }}
  with_items:
  - fas-clients
  - cronie
  tags:
  - packages

- name: install nss_db on rhel hosts only
  yum: state=installed name=nss_db
  when: is_rhel == 'True'
  tags:
  - packages

#
# setup /etc/nsswitch.conf to use nssdb
#
- name: setup /etc/nsswitch.conf for client use
  copy: src=nsswitch.conf  dest=/etc/nsswitch.conf owner=root mode=644
  tags:
  - config

#
# fasClients needs a valid /etc/fas.conf. 
# There's vars used in this template: 
#
# fas_client_groups = "sysadmin-main"
# fas_client_restricted_app = ""
# fas_client_admin_app = ""
# fas_client_ssh_groups = ""
#
# if desired, set them on a per host/group basis. 
#
# Currently the default template is used, but could be modified on a host basis. 
#
- name: setup /etc/fas.conf for client use
  template: src={{ item }} dest=/etc/fas.conf owner=root mode=600
  first_available_file:
  - "{{ ansible_fqdn }}.fas.conf.j2"
  - "{{ ansible_hostname }}.fas.conf.j2"
  - "{{ ansible_hostname }}.fas.conf.j2" 
  - fas.conf.j2
  tags:
  - config
  notify:
  - run fasclient

#
# setup /etc/cron.d/ file to run sync every 10min
# TODO: use cron module when it's fixed
#
#- name: fas_client cron job
#  cron: name="fas client" user=root cron_file=fas-client minute="*/10" job="/usr/bin/fasClient -i"
#  tags:
#  - config

- name: fas_client cron job
  copy: src=fas-client.cron dest=/etc/cron.d/fas-client owner=root mode=644
  tags:
  - config