Update to 2021-04-06 13:00

master
Daniel Berteaud 4 years ago
parent 0d1edb5435
commit caa1ae729f
  1. 2
      roles/sssd_ldap_auth/tasks/install_Debian.yml
  2. 1
      roles/sssd_ldap_auth/tasks/install_RedHat.yml
  3. 9
      roles/sssd_ldap_auth/tasks/main.yml
  4. 1
      roles/sssd_ldap_auth/tasks/pam_Debian.yml
  5. 2
      roles/sssd_ldap_auth/tasks/pam_RedHat.yml

@ -7,6 +7,7 @@
- libnss-sss - libnss-sss
- libpam-sss - libpam-sss
- ca-certificates - ca-certificates
tags: auth
- name: Install oddjob-mkhomedir - name: Install oddjob-mkhomedir
apt: apt:
@ -14,4 +15,5 @@
- oddjob-mkhomedir - oddjob-mkhomedir
when: ansible_distribution_major_version is version('9', '>=') when: ansible_distribution_major_version is version('9', '>=')
notify: restart oddjobd notify: restart oddjobd
tags: auth

@ -6,3 +6,4 @@
- sssd - sssd
- oddjob-mkhomedir - oddjob-mkhomedir
- authconfig - authconfig
tags: auth

@ -1,11 +1,12 @@
--- ---
- include_tasks: install_{{ ansible_os_family }}.yml - include: install_{{ ansible_os_family }}.yml
- name: Deploy sssd config - name: Deploy sssd config
template: src=sssd.conf.j2 dest=/etc/sssd/sssd.conf owner=root group=root mode=0600 template: src=sssd.conf.j2 dest=/etc/sssd/sssd.conf owner=root group=root mode=0600
register: sssd_config register: sssd_config
notify: restart sssd notify: restart sssd
tags: auth
# On el8 for example, sssd is already installed and running on a default setup # On el8 for example, sssd is already installed and running on a default setup
# so we need to restart it now, so users are available (for eg, ssh authorized_keys setup) # so we need to restart it now, so users are available (for eg, ssh authorized_keys setup)
@ -13,6 +14,7 @@
- name: Restart sssd if needed - name: Restart sssd if needed
service: name=sssd state=restarted service: name=sssd state=restarted
when: sssd_config.changed when: sssd_config.changed
tags: auth
- name: Ensure nsswitch is using sssd - name: Ensure nsswitch is using sssd
lineinfile: lineinfile:
@ -26,12 +28,15 @@
line: 'shadow: files sss' line: 'shadow: files sss'
- regexp: '^group:.*' - regexp: '^group:.*'
line: 'group: files sss' line: 'group: files sss'
tags: auth
- name: Start and enable sssd service - name: Start and enable sssd service
service: name=sssd state=started enabled=True service: name=sssd state=started enabled=True
tags: auth
- name: Start oddjobd - name: Start oddjobd
service: name=oddjobd state=started enabled=True service: name=oddjobd state=started enabled=True
when: ansible_distribution != 'Debian' or ansible_distribution_major_version is version('9', '>=') when: ansible_distribution != 'Debian' or ansible_distribution_major_version is version('9', '>=')
tags: auth
- include_tasks: pam_{{ ansible_os_family }}.yml - include: pam_{{ ansible_os_family }}.yml

@ -7,3 +7,4 @@
- auth - auth
- password - password
- session - session
tags: auth

@ -5,7 +5,9 @@
register: auth_sss_done register: auth_sss_done
changed_when: False changed_when: False
failed_when: False failed_when: False
tags: auth
- name: Configure authentication with authconfig - name: Configure authentication with authconfig
command: authconfig --enablemkhomedir --enablesssd --enablesssdauth --update command: authconfig --enablemkhomedir --enablesssd --enablesssdauth --update
when: auth_sss_done.rc != 0 when: auth_sss_done.rc != 0
tags: auth

Loading…
Cancel
Save