Add a var to disable the role
This commit is contained in:
parent
084fb02065
commit
d0e0247978
GPG Key ID:
E759BAA22501AF32
|
|
@ -1,3 +1,8 @@
|
|||
## v1.X
|
||||
|
||||
### Enhancements
|
||||
|
||||
* Add a var to disable the role.
|
||||
|
||||
## v1.3.1
|
||||
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ Highly inspired by [Lae's system_ldap role][lae sssd galaxy] with minors updates
|
|||
|
||||
## Role Variables
|
||||
|
||||
* **sssd__deploy_state**: The desired state this role should achieve [default : `present`].
|
||||
* **sssd_pkg_state** : State of new sssd packages [default : `latest`].
|
||||
* **sssd__unwanted_packages_state** : State of unwanted packages that might interfer with SSSD [default : `absent`].
|
||||
* **sssd_conf_manage** : If SSSD configuration should be managed with this role [default : `true`].
|
||||
|
|
|
|||
|
|
@ -1,9 +1,59 @@
|
|||
---
|
||||
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
|
||||
|
||||
# Package
|
||||
# ipr-cnrs.netdata default variables [[[
|
||||
# ======================================
|
||||
|
||||
# Packages and installation [[[
|
||||
# -----------------------------
|
||||
|
||||
# .. envvar:: sssd_pkg_state [[[
|
||||
#
|
||||
# State of the packages to install. Possible options :
|
||||
#
|
||||
# ``latest``
|
||||
# Default. Ensure those packages are in the latest state.
|
||||
#
|
||||
# ``absent``
|
||||
# Default. Ensure to remove those packages.
|
||||
#
|
||||
# ``present``
|
||||
# Ensure to install those packages.
|
||||
#
|
||||
sssd_pkg_state: 'latest'
|
||||
|
||||
# ]]]
|
||||
# .. envvar:: sssd__unwanted_packages_state [[[
|
||||
#
|
||||
# State of the unwanted packages. Possible options :
|
||||
#
|
||||
# ``absent``
|
||||
# Default. Ensure to remove those packages.
|
||||
#
|
||||
# ``present``
|
||||
# Ensure to install those packages.
|
||||
#
|
||||
# ``latest``
|
||||
# Ensure those packages are in the latest state.
|
||||
#
|
||||
# ``Anything else``
|
||||
# The packages will not be touch.
|
||||
#
|
||||
sssd__unwanted_packages_state: 'absent'
|
||||
# ]]]
|
||||
# .. envvar:: sssd__deploy_state [[[
|
||||
#
|
||||
# What is the desired state which this role should achieve ? Possible options :
|
||||
#
|
||||
# ``present``
|
||||
# Default. Ensure that sssd is installed and configured as requested.
|
||||
#
|
||||
# ``absent``
|
||||
# TODO: Ensure that sssd is uninstalled and it's configuration is removed.
|
||||
#
|
||||
sssd__deploy_state: 'present'
|
||||
# ]]]
|
||||
# ]]]
|
||||
|
||||
|
||||
# Configuration
|
||||
sssd_conf_manage: true
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
---
|
||||
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
|
||||
|
||||
# tasks file for ansible-role-sssd
|
||||
|
||||
# Load vars [[[1
|
||||
- name: Load specific OS vars
|
||||
include_vars: "{{ item }}"
|
||||
with_first_found:
|
||||
|
|
@ -8,15 +11,16 @@
|
|||
- "{{ ansible_distribution|lower }}.yml"
|
||||
- "{{ ansible_os_family|lower }}.yml"
|
||||
|
||||
# Packages [[[
|
||||
# Manage packages [[[1
|
||||
- name: Install sssd
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: "{{ sssd_pkg_state }}"
|
||||
state: 'present'
|
||||
with_flattened:
|
||||
- '{{ sssd_pkg_list | to_nice_json }}'
|
||||
register: sssd_pkg_result
|
||||
until: sssd_pkg_result is success
|
||||
when: (sssd__deploy_state == "present")
|
||||
|
||||
- name: Remove unwanted packages
|
||||
package:
|
||||
|
|
@ -26,9 +30,10 @@
|
|||
- '{{ sssd__unwanted_packages_list | to_nice_json }}'
|
||||
register: sssd_remove_result
|
||||
until: sssd_remove_result is success
|
||||
# ]]]
|
||||
when: (sssd__deploy_state == "present")
|
||||
|
||||
# Update nsswitch.conf
|
||||
# Manage configuration [[[1
|
||||
## Update nsswitch.conf
|
||||
- name: CONFIG sudoers nsswitch.conf
|
||||
lineinfile:
|
||||
dest: /etc/nsswitch.conf
|
||||
|
|
@ -38,7 +43,7 @@
|
|||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
when: not sssd_sudoers_ldap and sssd_nsswitch_manage
|
||||
when: (sssd__deploy_state == "present") and (not sssd_sudoers_ldap and sssd_nsswitch_manage)
|
||||
|
||||
# Configuration file
|
||||
- name: CONFIG sssd.conf
|
||||
|
|
@ -49,7 +54,7 @@
|
|||
owner: root
|
||||
group: root
|
||||
backup: true
|
||||
when: sssd_conf_manage
|
||||
when: (sssd__deploy_state == "present") and (sssd_conf_manage)
|
||||
notify:
|
||||
- restart sssd
|
||||
- restart logind
|
||||
|
|
@ -67,7 +72,7 @@
|
|||
[domain/{{ sssd_domain }}]
|
||||
#ldap_default_authtok = password for {{ sssd_bind_dn }} after END BLOCK
|
||||
{% if sssd_bind_password %}ldap_default_authtok = {{ sssd_bind_password }}{% endif %}
|
||||
when: sssd_conf_manage
|
||||
when: (sssd__deploy_state == "present") and (sssd_conf_manage)
|
||||
notify:
|
||||
- restart sssd
|
||||
- restart logind
|
||||
|
|
@ -78,7 +83,7 @@
|
|||
regexp: 'pam_mkhomedir\.so'
|
||||
line: "session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ silent"
|
||||
state: present
|
||||
when: sssd_mkhomedir
|
||||
when: (sssd__deploy_state == "present") and (sssd_mkhomedir)
|
||||
|
||||
- name: Flush handlers to be able to use SSSD authentication
|
||||
meta: flush_handlers
|
||||
|
|
|
|||
Loading…
Reference in New Issue