parent
ca3ef23d77
commit
0134afdf58
|
@ -1,4 +1,9 @@
|
||||||
|
|
||||||
|
## v1.x
|
||||||
|
|
||||||
|
### Enhancement
|
||||||
|
* Remove unwanted packages.
|
||||||
|
|
||||||
## v1.2.1
|
## v1.2.1
|
||||||
|
|
||||||
### Enhancement
|
### Enhancement
|
||||||
|
|
|
@ -18,6 +18,7 @@ Highly inspired by [Lae's system_ldap role][lae sssd galaxy] with minors updates
|
||||||
## Role Variables
|
## Role Variables
|
||||||
|
|
||||||
* **sssd_pkg_state** : State of new sssd packages [default : `latest`].
|
* **sssd_pkg_state** : State of new sssd packages [default : `latest`].
|
||||||
|
* **sssd__unwanted_packages_state** : State of unwanted packages that might interfer with SSSD [default : `absent`].
|
||||||
* **sssd_conf_manage** : If SSSD configuration should be managed with this role [default : `true`].
|
* **sssd_conf_manage** : If SSSD configuration should be managed with this role [default : `true`].
|
||||||
* **sssd_main_conf_path** : Path to set main SSSD's configuration [default : `/etc/sssd/sssd.conf`].
|
* **sssd_main_conf_path** : Path to set main SSSD's configuration [default : `/etc/sssd/sssd.conf`].
|
||||||
* **sssd_main_conf_tpl** : Template used to generate the previous config file [default : `etc/sssd/sssd.conf.j2`].
|
* **sssd_main_conf_tpl** : Template used to generate the previous config file [default : `etc/sssd/sssd.conf.j2`].
|
||||||
|
@ -36,6 +37,7 @@ Please see default value by Operating System file in [vars][vars directory] dire
|
||||||
|
|
||||||
* **sssd_pkg_list** : The list of packages to install to provide `sssd`.
|
* **sssd_pkg_list** : The list of packages to install to provide `sssd`.
|
||||||
* Be careful, `sssd` may need additional packages to be able to establish a TLS connection to a LDAP/AD/… server (such as `ca-certificates`,…).
|
* Be careful, `sssd` may need additional packages to be able to establish a TLS connection to a LDAP/AD/… server (such as `ca-certificates`,…).
|
||||||
|
* **sssd__unwanted_packages_list** : The list of packages to remove.
|
||||||
|
|
||||||
## Example Playbook
|
## Example Playbook
|
||||||
|
|
||||||
|
@ -69,6 +71,7 @@ sssd_flush_handlers: True
|
||||||
|
|
||||||
This role will :
|
This role will :
|
||||||
* Install needed packages to provide `sssd`.
|
* Install needed packages to provide `sssd`.
|
||||||
|
* Remove packages that might interfer with `sssd` for authentication.
|
||||||
* Manage the default `sssd` configuration file (`/etc/sssd/sssd.conf`).
|
* Manage the default `sssd` configuration file (`/etc/sssd/sssd.conf`).
|
||||||
* Create an additional configuration file to only store the bind_password (`/etc/sssd/conf.d/domain.bind.conf`).
|
* Create an additional configuration file to only store the bind_password (`/etc/sssd/conf.d/domain.bind.conf`).
|
||||||
* Remove `sss` directive for `sudoers` in `/etc/nsswitch.conf` file if `sssd_nsswitch_manage` is set.
|
* Remove `sss` directive for `sudoers` in `/etc/nsswitch.conf` file if `sssd_nsswitch_manage` is set.
|
||||||
|
|
|
@ -3,6 +3,8 @@
|
||||||
# Package
|
# Package
|
||||||
sssd_pkg_state: 'latest'
|
sssd_pkg_state: 'latest'
|
||||||
|
|
||||||
|
sssd__unwanted_packages_state: 'absent'
|
||||||
|
|
||||||
# Configuration
|
# Configuration
|
||||||
sssd_conf_manage: true
|
sssd_conf_manage: true
|
||||||
sssd_main_conf_path: '/etc/sssd/sssd.conf'
|
sssd_main_conf_path: '/etc/sssd/sssd.conf'
|
||||||
|
|
|
@ -8,13 +8,20 @@
|
||||||
- "{{ ansible_distribution|lower }}.yml"
|
- "{{ ansible_distribution|lower }}.yml"
|
||||||
- "{{ ansible_os_family|lower }}.yml"
|
- "{{ ansible_os_family|lower }}.yml"
|
||||||
|
|
||||||
# Packages
|
# Packages [[[
|
||||||
- name: Install sssd
|
- name: Install sssd
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: "{{ sssd_pkg_state }}"
|
state: "{{ sssd_pkg_state }}"
|
||||||
with_items: "{{ sssd_pkg_list }}"
|
with_items: "{{ sssd_pkg_list }}"
|
||||||
|
|
||||||
|
- name: Remove unwanted packages
|
||||||
|
package:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: "{{ sssd__unwanted_packages_state }}"
|
||||||
|
with_items: "{{ sssd__unwanted_packages_list }}"
|
||||||
|
# ]]]
|
||||||
|
|
||||||
# Update nsswitch.conf
|
# Update nsswitch.conf
|
||||||
- name: CONFIG sudoers nsswitch.conf
|
- name: CONFIG sudoers nsswitch.conf
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
|
|
@ -5,3 +5,8 @@ sssd_pkg_list:
|
||||||
- libpam-sss
|
- libpam-sss
|
||||||
- libnss-sss
|
- libnss-sss
|
||||||
- sssd
|
- sssd
|
||||||
|
|
||||||
|
sssd__unwanted_packages_list:
|
||||||
|
- libnss-ldap
|
||||||
|
- nscd
|
||||||
|
- nslcd
|
||||||
|
|
Loading…
Reference in New Issue