Update git.ipr domain

Update meta informations.

CHANGELOG.md

@@ -1,3 +1,25 @@
+## v1.3.2
+
+### Enhancements
+
+* Add a var to disable the role.
+
+### Fix
+* Use flatten to manage packages list.
+
+## v1.3.1
+
+### Enhancements
+* Fix E405 Remote package tasks should have a retry.
+* Fix E203 Most files should not contain tabs.
+
+## v1.3.0
+
+### Minor changes
+* Give the correct path in comment to see ldap_default_authtok value.
+* Use to_nice_json to manage packages list.
+* flush_handlers don't support when statement.
+* Works on Debian Buster.
 
 ## v1.2.2
 

README.md

@@ -17,6 +17,7 @@ Highly inspired by [Lae's system_ldap role][lae sssd galaxy] with minors updates
 
 ## Role Variables
 
+* **sssd__deploy_state**: The desired state this role should achieve [default : `present`].
 * **sssd_pkg_state** : State of new sssd packages [default : `latest`].
 * **sssd__unwanted_packages_state** : State of unwanted packages that might interfer with SSSD [default : `absent`].
 * **sssd_conf_manage** : If SSSD configuration should be managed with this role [default : `true`].
@@ -99,7 +100,7 @@ Jérémy Gardais
 [vars directory]: ./vars
 [ansible vault]: http://docs.ansible.com/ansible/latest/vault.html
 [gogs to github hook]: https://stackoverflow.com/a/21998477
-[sssd source]: https://git.ipr.univ-rennes1.fr/cellinfo/ansible.sssd
+[sssd source]: https://git.ipr.univ-rennes.fr/cellinfo/ansible.sssd
 [sssd github]: https://github.com/ipr-cnrs/sssd
 [wtfpl website]: http://www.wtfpl.net/about/
 [ipr website]: https://ipr.univ-rennes1.fr/

defaults/main.yml

@@ -1,9 +1,59 @@
 ---
+# .. vim: foldmarker=[[[,]]]:foldmethod=marker
 
-# Package
+# ipr-cnrs.netdata default variables [[[
+# ======================================
+
+# Packages and installation [[[
+# -----------------------------
+
+# .. envvar:: sssd_pkg_state [[[
+#
+# State of the packages to install. Possible options :
+#
+# ``latest``
+#   Default. Ensure those packages are in the latest state.
+#
+# ``absent``
+#   Default. Ensure to remove those packages.
+#
+# ``present``
+#   Ensure to install those packages.
+#
 sssd_pkg_state: 'latest'
-
+                                                                       # ]]]
+# .. envvar:: sssd__unwanted_packages_state [[[
+#
+# State of the unwanted packages. Possible options :
+#
+# ``absent``
+#   Default. Ensure to remove those packages.
+#
+# ``present``
+#   Ensure to install those packages.
+#
+# ``latest``
+#   Ensure those packages are in the latest state.
+#
+# ``Anything else``
+#   The packages will not be touch.
+#
 sssd__unwanted_packages_state: 'absent'
+                                                                       # ]]]
+# .. envvar:: sssd__deploy_state [[[
+#
+# What is the desired state which this role should achieve ? Possible options :
+#
+# ``present``
+#   Default. Ensure that sssd is installed and configured as requested.
+#
+# ``absent``
+#   TODO: Ensure that sssd is uninstalled and it's configuration is removed.
+#
+sssd__deploy_state: 'present'
+                                                                   # ]]]
+                                                                   # ]]]
+
 
 # Configuration
 sssd_conf_manage: true

meta/main.yml

@@ -7,12 +7,13 @@ galaxy_info:
   description: "Manage LDAP authentication with SSSD (System Security Services Daemon)."
   license: WTFPL
   company: IPR
-  issue_tracker_url: https://git.ipr.univ-rennes1.fr/cellinfo/ansible.sssd/issues
+  issue_tracker_url: https://git.ipr.univ-rennes.fr/cellinfo/ansible.sssd/issues
-  min_ansible_version: 2.2
+  min_ansible_version: 2.7
   platforms:
   - name: Debian
     versions:
     - stretch
+    - buster
   galaxy_tags:
     - system
     - authentication

tasks/main.yml

@@ -1,6 +1,9 @@
 ---
+# .. vim: foldmarker=[[[,]]]:foldmethod=marker
+
 # tasks file for ansible-role-sssd
 
+# Load vars [[[1
 - name: Load specific OS vars
   include_vars: "{{ item }}"
   with_first_found:
@@ -8,21 +11,29 @@
     - "{{ ansible_distribution|lower }}.yml"
     - "{{ ansible_os_family|lower }}.yml"
 
-# Packages [[[
+# Manage packages [[[1
 - name: Install sssd
   package:
     name: "{{ item }}"
-    state: "{{ sssd_pkg_state }}"
+    state: 'present'
-  with_items: "{{ sssd_pkg_list }}"
+  with_flattened:
+    - '{{ sssd_pkg_list | flatten }}'
+  register: sssd_pkg_result
+  until: sssd_pkg_result is success
+  when: (sssd__deploy_state == "present")
 
 - name: Remove unwanted packages
   package:
     name: "{{ item }}"
     state: "{{ sssd__unwanted_packages_state }}"
-  with_items: "{{ sssd__unwanted_packages_list }}"
+  with_flattened:
-# ]]]
+    - '{{ sssd__unwanted_packages_list | flatten }}'
+  register: sssd_remove_result
+  until: sssd_remove_result is success
+  when: (sssd__deploy_state == "present")
 
-# Update nsswitch.conf
+# Manage configuration [[[1
+## Update nsswitch.conf
 - name: CONFIG sudoers nsswitch.conf
   lineinfile:
     dest: /etc/nsswitch.conf
@@ -32,7 +43,7 @@
     owner: root
     group: root
     mode: 0644
-  when: not sssd_sudoers_ldap and sssd_nsswitch_manage
+  when: (sssd__deploy_state == "present") and (not sssd_sudoers_ldap and sssd_nsswitch_manage)
 
 # Configuration file
 - name: CONFIG sssd.conf
@@ -43,7 +54,7 @@
     owner: root
     group: root
     backup: true
-  when: sssd_conf_manage
+  when: (sssd__deploy_state == "present") and (sssd_conf_manage)
   notify:
     - restart sssd
     - restart logind
@@ -61,7 +72,7 @@
       [domain/{{ sssd_domain }}]
       #ldap_default_authtok = password for {{ sssd_bind_dn }} after END BLOCK
       {% if sssd_bind_password %}ldap_default_authtok = {{ sssd_bind_password }}{% endif %}
-  when: sssd_conf_manage
+  when: (sssd__deploy_state == "present") and (sssd_conf_manage)
   notify:
     - restart sssd
     - restart logind
@@ -70,9 +81,9 @@
   lineinfile:
     dest: /etc/pam.d/common-account
     regexp: 'pam_mkhomedir\.so'
-    line: "session	required			pam_mkhomedir.so	umask=0022	skel=/etc/skel/	silent"
+    line: "session required                        pam_mkhomedir.so        umask=0022      skel=/etc/skel/ silent"
     state: present
-  when: sssd_mkhomedir
+  when: (sssd__deploy_state == "present") and (sssd_mkhomedir)
 
-- meta: flush_handlers
+- name: Flush handlers to be able to use SSSD authentication
-  when: sssd_flush_handlers
+  meta: flush_handlers

templates/etc/sssd/sssd.conf.j2

@@ -22,7 +22,7 @@ ldap_tls_reqcert = never
 ldap_search_base = {{ sssd_search_base }}
 ldap_default_bind_dn = {{ sssd_bind_dn }}
 ldap_default_authtok_type = password
-#ldap_default_authtok = ... # See conf.d/default.bind.conf
+#ldap_default_authtok = ... # See conf.d/{{ sssd_domain }}.conf
 cache_credentials = True
 entry_cache_timeout = 5400