2017-07-18 14:23:07 +02:00
|
|
|
---
|
2019-03-12 14:07:31 +01:00
|
|
|
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
|
|
|
|
|
2017-07-18 14:23:07 +02:00
|
|
|
# tasks file for ansible-role-sssd
|
|
|
|
|
2019-03-12 14:07:31 +01:00
|
|
|
# Load vars [[[1
|
2017-07-18 14:23:07 +02:00
|
|
|
- name: Load specific OS vars
|
|
|
|
include_vars: "{{ item }}"
|
|
|
|
with_first_found:
|
|
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version }}.yml"
|
|
|
|
- "{{ ansible_distribution|lower }}.yml"
|
|
|
|
- "{{ ansible_os_family|lower }}.yml"
|
|
|
|
|
2019-03-12 14:07:31 +01:00
|
|
|
# Manage packages [[[1
|
2017-07-18 14:23:07 +02:00
|
|
|
- name: Install sssd
|
|
|
|
package:
|
|
|
|
name: "{{ item }}"
|
2019-03-12 14:07:31 +01:00
|
|
|
state: 'present'
|
2019-01-10 16:39:55 +01:00
|
|
|
with_flattened:
|
2023-02-17 16:47:39 +01:00
|
|
|
- '{{ sssd_pkg_list | flatten }}'
|
2019-02-26 13:38:28 +01:00
|
|
|
register: sssd_pkg_result
|
|
|
|
until: sssd_pkg_result is success
|
2019-03-12 14:07:31 +01:00
|
|
|
when: (sssd__deploy_state == "present")
|
2017-07-18 14:23:07 +02:00
|
|
|
|
2018-04-12 11:40:34 +02:00
|
|
|
- name: Remove unwanted packages
|
|
|
|
package:
|
|
|
|
name: "{{ item }}"
|
|
|
|
state: "{{ sssd__unwanted_packages_state }}"
|
2019-01-10 16:39:55 +01:00
|
|
|
with_flattened:
|
2023-02-17 16:47:39 +01:00
|
|
|
- '{{ sssd__unwanted_packages_list | flatten }}'
|
2019-02-26 13:38:28 +01:00
|
|
|
register: sssd_remove_result
|
|
|
|
until: sssd_remove_result is success
|
2019-03-12 14:07:31 +01:00
|
|
|
when: (sssd__deploy_state == "present")
|
2018-04-12 11:40:34 +02:00
|
|
|
|
2019-03-12 14:07:31 +01:00
|
|
|
# Manage configuration [[[1
|
|
|
|
## Update nsswitch.conf
|
2017-08-21 16:27:36 +02:00
|
|
|
- name: CONFIG sudoers nsswitch.conf
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/nsswitch.conf
|
2017-09-07 13:46:52 +02:00
|
|
|
state: present
|
|
|
|
regexp: '^sudoers:'
|
2017-08-21 16:27:36 +02:00
|
|
|
line: 'sudoers: files'
|
2017-09-07 13:46:52 +02:00
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0644
|
2019-03-12 14:07:31 +01:00
|
|
|
when: (sssd__deploy_state == "present") and (not sssd_sudoers_ldap and sssd_nsswitch_manage)
|
2017-08-21 16:27:36 +02:00
|
|
|
|
2017-07-18 14:23:07 +02:00
|
|
|
# Configuration file
|
|
|
|
- name: CONFIG sssd.conf
|
|
|
|
template:
|
|
|
|
src: "{{ sssd_main_conf_tpl }}"
|
|
|
|
dest: "{{ sssd_main_conf_path }}"
|
|
|
|
mode: 0600
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
backup: true
|
2019-03-12 14:07:31 +01:00
|
|
|
when: (sssd__deploy_state == "present") and (sssd_conf_manage)
|
2017-07-18 14:23:07 +02:00
|
|
|
notify:
|
|
|
|
- restart sssd
|
2017-09-08 09:15:05 +02:00
|
|
|
- restart logind
|
2017-07-18 14:23:07 +02:00
|
|
|
|
|
|
|
- name: "CONFIG conf.d/{{ sssd_domain }}.conf"
|
|
|
|
blockinfile:
|
|
|
|
state: present
|
|
|
|
create: yes
|
|
|
|
mode: 0600
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
insertbefore: BOF
|
|
|
|
dest: "/etc/sssd/conf.d/{{ sssd_domain }}.conf"
|
|
|
|
content: |
|
|
|
|
[domain/{{ sssd_domain }}]
|
|
|
|
#ldap_default_authtok = password for {{ sssd_bind_dn }} after END BLOCK
|
2017-09-18 15:51:09 +02:00
|
|
|
{% if sssd_bind_password %}ldap_default_authtok = {{ sssd_bind_password }}{% endif %}
|
2019-03-12 14:07:31 +01:00
|
|
|
when: (sssd__deploy_state == "present") and (sssd_conf_manage)
|
2017-07-18 14:23:07 +02:00
|
|
|
notify:
|
|
|
|
- restart sssd
|
2017-09-08 09:15:05 +02:00
|
|
|
- restart logind
|
2017-07-18 14:23:07 +02:00
|
|
|
|
|
|
|
- name: Ensure home directories are created upon login with pam
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/pam.d/common-account
|
|
|
|
regexp: 'pam_mkhomedir\.so'
|
2019-02-26 13:39:24 +01:00
|
|
|
line: "session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ silent"
|
2017-07-18 14:23:07 +02:00
|
|
|
state: present
|
2019-03-12 14:07:31 +01:00
|
|
|
when: (sssd__deploy_state == "present") and (sssd_mkhomedir)
|
2017-09-27 18:45:44 +02:00
|
|
|
|
2019-02-26 13:29:47 +01:00
|
|
|
- name: Flush handlers to be able to use SSSD authentication
|
|
|
|
meta: flush_handlers
|