Remove unwanted packages

Such as libnss-ldap, nscd,…
2018-04-12 11:40:34 +02:00 · 2018-04-12 11:40:34 +02:00 · 0134afdf58
parent ca3ef23d77
commit 0134afdf58
5 changed files with 23 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,4 +1,9 @@

+## v1.x
+
+### Enhancement
+* Remove unwanted packages.
+
 ## v1.2.1

 ### Enhancement
--- a/README.md
+++ b/README.md
@ -18,6 +18,7 @@ Highly inspired by [Lae's system_ldap role][lae sssd galaxy] with minors updates
 ## Role Variables

 * **sssd_pkg_state** : State of new sssd packages [default : `latest`].
+* **sssd__unwanted_packages_state** : State of unwanted packages that might interfer with SSSD [default : `absent`].
 * **sssd_conf_manage** : If SSSD configuration should be managed with this role [default : `true`].
 * **sssd_main_conf_path** : Path to set main SSSD's configuration [default : `/etc/sssd/sssd.conf`].
 * **sssd_main_conf_tpl** : Template used to generate the previous config file [default : `etc/sssd/sssd.conf.j2`].
@ -36,6 +37,7 @@ Please see default value by Operating System file in [vars][vars directory] dire

 * **sssd_pkg_list** : The list of packages to install to provide `sssd`.
  * Be careful, `sssd` may need additional packages to be able to establish a TLS connection to a LDAP/AD/… server (such as `ca-certificates`,…).
+* **sssd__unwanted_packages_list** : The list of packages to remove.

 ## Example Playbook

@ -69,6 +71,7 @@ sssd_flush_handlers: True

 This role will :
 * Install needed packages to provide `sssd`.
+* Remove packages that might interfer with `sssd` for authentication.
 * Manage the default `sssd` configuration file (`/etc/sssd/sssd.conf`).
 * Create an additional configuration file to only store the bind_password (`/etc/sssd/conf.d/domain.bind.conf`).
 * Remove `sss` directive for `sudoers` in `/etc/nsswitch.conf` file if `sssd_nsswitch_manage` is set.
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -3,6 +3,8 @@
 # Package
 sssd_pkg_state: 'latest'

+sssd__unwanted_packages_state: 'absent'
+
 # Configuration
 sssd_conf_manage: true
 sssd_main_conf_path: '/etc/sssd/sssd.conf'
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -8,13 +8,20 @@
    - "{{ ansible_distribution|lower }}.yml"
    - "{{ ansible_os_family|lower }}.yml"

-# Packages
+# Packages [[[
 - name: Install sssd
  package:
    name: "{{ item }}"
    state: "{{ sssd_pkg_state }}"
  with_items: "{{ sssd_pkg_list }}"

+- name: Remove unwanted packages
+  package:
+    name: "{{ item }}"
+    state: "{{ sssd__unwanted_packages_state }}"
+  with_items: "{{ sssd__unwanted_packages_list }}"
+# ]]]
+
 # Update nsswitch.conf
 - name: CONFIG sudoers nsswitch.conf
  lineinfile:
--- a/vars/debian.yml
+++ b/vars/debian.yml
@ -5,3 +5,8 @@ sssd_pkg_list:
  - libpam-sss
  - libnss-sss
  - sssd
+
+sssd__unwanted_packages_list:
+  - libnss-ldap
+  - nscd
+  - nslcd