ansible.sssd/tasks/main.yml

90 lines
2.5 KiB
YAML
Raw Permalink Normal View History

2017-07-18 14:23:07 +02:00
---
2019-03-12 14:07:31 +01:00
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
2017-07-18 14:23:07 +02:00
# tasks file for ansible-role-sssd
2019-03-12 14:07:31 +01:00
# Load vars [[[1
2017-07-18 14:23:07 +02:00
- name: Load specific OS vars
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version }}.yml"
- "{{ ansible_distribution|lower }}.yml"
- "{{ ansible_os_family|lower }}.yml"
2019-03-12 14:07:31 +01:00
# Manage packages [[[1
2017-07-18 14:23:07 +02:00
- name: Install sssd
package:
name: "{{ item }}"
2019-03-12 14:07:31 +01:00
state: 'present'
with_flattened:
2023-02-17 16:47:39 +01:00
- '{{ sssd_pkg_list | flatten }}'
register: sssd_pkg_result
until: sssd_pkg_result is success
2019-03-12 14:07:31 +01:00
when: (sssd__deploy_state == "present")
2017-07-18 14:23:07 +02:00
- name: Remove unwanted packages
package:
name: "{{ item }}"
state: "{{ sssd__unwanted_packages_state }}"
with_flattened:
2023-02-17 16:47:39 +01:00
- '{{ sssd__unwanted_packages_list | flatten }}'
register: sssd_remove_result
until: sssd_remove_result is success
2019-03-12 14:07:31 +01:00
when: (sssd__deploy_state == "present")
2019-03-12 14:07:31 +01:00
# Manage configuration [[[1
## Update nsswitch.conf
- name: CONFIG sudoers nsswitch.conf
lineinfile:
dest: /etc/nsswitch.conf
state: present
regexp: '^sudoers:'
line: 'sudoers: files'
owner: root
group: root
mode: 0644
2019-03-12 14:07:31 +01:00
when: (sssd__deploy_state == "present") and (not sssd_sudoers_ldap and sssd_nsswitch_manage)
2017-07-18 14:23:07 +02:00
# Configuration file
- name: CONFIG sssd.conf
template:
src: "{{ sssd_main_conf_tpl }}"
dest: "{{ sssd_main_conf_path }}"
mode: 0600
owner: root
group: root
backup: true
2019-03-12 14:07:31 +01:00
when: (sssd__deploy_state == "present") and (sssd_conf_manage)
2017-07-18 14:23:07 +02:00
notify:
- restart sssd
- restart logind
2017-07-18 14:23:07 +02:00
- name: "CONFIG conf.d/{{ sssd_domain }}.conf"
blockinfile:
state: present
create: yes
mode: 0600
owner: root
group: root
insertbefore: BOF
dest: "/etc/sssd/conf.d/{{ sssd_domain }}.conf"
content: |
[domain/{{ sssd_domain }}]
#ldap_default_authtok = password for {{ sssd_bind_dn }} after END BLOCK
2017-09-18 15:51:09 +02:00
{% if sssd_bind_password %}ldap_default_authtok = {{ sssd_bind_password }}{% endif %}
2019-03-12 14:07:31 +01:00
when: (sssd__deploy_state == "present") and (sssd_conf_manage)
2017-07-18 14:23:07 +02:00
notify:
- restart sssd
- restart logind
2017-07-18 14:23:07 +02:00
- name: Ensure home directories are created upon login with pam
lineinfile:
dest: /etc/pam.d/common-account
regexp: 'pam_mkhomedir\.so'
line: "session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ silent"
2017-07-18 14:23:07 +02:00
state: present
2019-03-12 14:07:31 +01:00
when: (sssd__deploy_state == "present") and (sssd_mkhomedir)
- name: Flush handlers to be able to use SSSD authentication
meta: flush_handlers