parent
ca3ef23d77
commit
0134afdf58
|
@ -1,4 +1,9 @@
|
|||
|
||||
## v1.x
|
||||
|
||||
### Enhancement
|
||||
* Remove unwanted packages.
|
||||
|
||||
## v1.2.1
|
||||
|
||||
### Enhancement
|
||||
|
|
|
@ -18,6 +18,7 @@ Highly inspired by [Lae's system_ldap role][lae sssd galaxy] with minors updates
|
|||
## Role Variables
|
||||
|
||||
* **sssd_pkg_state** : State of new sssd packages [default : `latest`].
|
||||
* **sssd__unwanted_packages_state** : State of unwanted packages that might interfer with SSSD [default : `absent`].
|
||||
* **sssd_conf_manage** : If SSSD configuration should be managed with this role [default : `true`].
|
||||
* **sssd_main_conf_path** : Path to set main SSSD's configuration [default : `/etc/sssd/sssd.conf`].
|
||||
* **sssd_main_conf_tpl** : Template used to generate the previous config file [default : `etc/sssd/sssd.conf.j2`].
|
||||
|
@ -36,6 +37,7 @@ Please see default value by Operating System file in [vars][vars directory] dire
|
|||
|
||||
* **sssd_pkg_list** : The list of packages to install to provide `sssd`.
|
||||
* Be careful, `sssd` may need additional packages to be able to establish a TLS connection to a LDAP/AD/… server (such as `ca-certificates`,…).
|
||||
* **sssd__unwanted_packages_list** : The list of packages to remove.
|
||||
|
||||
## Example Playbook
|
||||
|
||||
|
@ -69,6 +71,7 @@ sssd_flush_handlers: True
|
|||
|
||||
This role will :
|
||||
* Install needed packages to provide `sssd`.
|
||||
* Remove packages that might interfer with `sssd` for authentication.
|
||||
* Manage the default `sssd` configuration file (`/etc/sssd/sssd.conf`).
|
||||
* Create an additional configuration file to only store the bind_password (`/etc/sssd/conf.d/domain.bind.conf`).
|
||||
* Remove `sss` directive for `sudoers` in `/etc/nsswitch.conf` file if `sssd_nsswitch_manage` is set.
|
||||
|
|
|
@ -3,6 +3,8 @@
|
|||
# Package
|
||||
sssd_pkg_state: 'latest'
|
||||
|
||||
sssd__unwanted_packages_state: 'absent'
|
||||
|
||||
# Configuration
|
||||
sssd_conf_manage: true
|
||||
sssd_main_conf_path: '/etc/sssd/sssd.conf'
|
||||
|
|
|
@ -8,13 +8,20 @@
|
|||
- "{{ ansible_distribution|lower }}.yml"
|
||||
- "{{ ansible_os_family|lower }}.yml"
|
||||
|
||||
# Packages
|
||||
# Packages [[[
|
||||
- name: Install sssd
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: "{{ sssd_pkg_state }}"
|
||||
with_items: "{{ sssd_pkg_list }}"
|
||||
|
||||
- name: Remove unwanted packages
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: "{{ sssd__unwanted_packages_state }}"
|
||||
with_items: "{{ sssd__unwanted_packages_list }}"
|
||||
# ]]]
|
||||
|
||||
# Update nsswitch.conf
|
||||
- name: CONFIG sudoers nsswitch.conf
|
||||
lineinfile:
|
||||
|
|
|
@ -5,3 +5,8 @@ sssd_pkg_list:
|
|||
- libpam-sss
|
||||
- libnss-sss
|
||||
- sssd
|
||||
|
||||
sssd__unwanted_packages_list:
|
||||
- libnss-ldap
|
||||
- nscd
|
||||
- nslcd
|
||||
|
|
Loading…
Reference in New Issue