fws
/
ansible-roles
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to 2021-04-06 13:00

Browse Source
master
Daniel Berteaud 4 years ago
parent 0d1edb5435
commit caa1ae729f
5 changed files with 13 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      roles/sssd_ldap_auth/tasks/install_Debian.yml
  2. 1
      roles/sssd_ldap_auth/tasks/install_RedHat.yml
  3. 9
      roles/sssd_ldap_auth/tasks/main.yml
  4. 1
      roles/sssd_ldap_auth/tasks/pam_Debian.yml
  5. 2
      roles/sssd_ldap_auth/tasks/pam_RedHat.yml

2
roles/sssd_ldap_auth/tasks/install_Debian.yml
Unescape View File

@ -7,6 +7,7 @@
- libnss-sss - libnss-sss
- libpam-sss - libpam-sss
- ca-certificates - ca-certificates
tags: auth
- name: Install oddjob-mkhomedir - name: Install oddjob-mkhomedir
apt: apt:
@ -14,4 +15,5 @@
- oddjob-mkhomedir - oddjob-mkhomedir
when: ansible_distribution_major_version is version('9', '>=') when: ansible_distribution_major_version is version('9', '>=')
notify: restart oddjobd notify: restart oddjobd
tags: auth

1
roles/sssd_ldap_auth/tasks/install_RedHat.yml
Unescape View File

@ -6,3 +6,4 @@
- sssd - sssd
- oddjob-mkhomedir - oddjob-mkhomedir
- authconfig - authconfig
tags: auth

9
roles/sssd_ldap_auth/tasks/main.yml
Unescape View File

@ -1,11 +1,12 @@
--- ---
- include_tasks: install_{{ ansible_os_family }}.yml - include: install_{{ ansible_os_family }}.yml
- name: Deploy sssd config - name: Deploy sssd config
template: src=sssd.conf.j2 dest=/etc/sssd/sssd.conf owner=root group=root mode=0600 template: src=sssd.conf.j2 dest=/etc/sssd/sssd.conf owner=root group=root mode=0600
register: sssd_config register: sssd_config
notify: restart sssd notify: restart sssd
tags: auth
# On el8 for example, sssd is already installed and running on a default setup # On el8 for example, sssd is already installed and running on a default setup
# so we need to restart it now, so users are available (for eg, ssh authorized_keys setup) # so we need to restart it now, so users are available (for eg, ssh authorized_keys setup)
@ -13,6 +14,7 @@
- name: Restart sssd if needed - name: Restart sssd if needed
service: name=sssd state=restarted service: name=sssd state=restarted
when: sssd_config.changed when: sssd_config.changed
tags: auth
- name: Ensure nsswitch is using sssd - name: Ensure nsswitch is using sssd
lineinfile: lineinfile:
@ -26,12 +28,15 @@
line: 'shadow: files sss' line: 'shadow: files sss'
- regexp: '^group:.*' - regexp: '^group:.*'
line: 'group: files sss' line: 'group: files sss'
tags: auth
- name: Start and enable sssd service - name: Start and enable sssd service
service: name=sssd state=started enabled=True service: name=sssd state=started enabled=True
tags: auth
- name: Start oddjobd - name: Start oddjobd
service: name=oddjobd state=started enabled=True service: name=oddjobd state=started enabled=True
when: ansible_distribution != 'Debian' or ansible_distribution_major_version is version('9', '>=') when: ansible_distribution != 'Debian' or ansible_distribution_major_version is version('9', '>=')
tags: auth
- include_tasks: pam_{{ ansible_os_family }}.yml - include: pam_{{ ansible_os_family }}.yml

1
roles/sssd_ldap_auth/tasks/pam_Debian.yml
Unescape View File

@ -7,3 +7,4 @@
- auth - auth
- password - password
- session - session
tags: auth

2
roles/sssd_ldap_auth/tasks/pam_RedHat.yml
Unescape View File

@ -5,7 +5,9 @@
register: auth_sss_done register: auth_sss_done
changed_when: False changed_when: False
failed_when: False failed_when: False
tags: auth
- name: Configure authentication with authconfig - name: Configure authentication with authconfig
command: authconfig --enablemkhomedir --enablesssd --enablesssdauth --update command: authconfig --enablemkhomedir --enablesssd --enablesssdauth --update
when: auth_sss_done.rc != 0 when: auth_sss_done.rc != 0
tags: auth

Write Preview
Loading…
Cancel
Save