Select Git revision
sssd.yml
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
sssd.yml 2.64 KiB
---
# file: roles/ad-auth/tasks/sssd.yml
- name: ensure sssd is installed
apt:
name:
- sssd
- libpam-sss
- libnss-sss
- sssd-tools
- realmd
# yamllint disable rule:line-length
- policykit-1 # this is required for realm to discover realms...
- adcli # this is required for realm to join realms...
- packagekit # this is required for realm to i don't know and don't even care anymore...
# yamllint enable rule:line-length
- cracklib-runtime
state: present
install_recommends: false
notify:
- clear sssd cache
tags:
- sssd
- name: check if our realm is configured
shell: |
set -o pipefail
realm list | grep "{{ domain }}"
args:
executable: /bin/bash
register: current_realms
changed_when: "current_realms.rc != 0"
failed_when: "current_realms.rc != 0 and current_realms.rc != 1"
tags:
- sssd
- block:
- name: discover our realm
command: realm discover -v "{{ domain }}"
tags:
- sssd
- name: ensure pexpect is installed
apt:
name: python3-pexpect
state: present
tags:
- sssd
- name: get a kerberos ticket
expect:
command: kinit Administrator
responses:
# yamllint disable-line rule:line-length
"Passwor(d|t) f(o|ü)r Administrator.*": "{{ ad_admin_password_content }}"
no_log: true
tags:
- sssd
- name: leave any other realm
command: realm leave
register: result
until: "result.rc != 0"
retries: 9001
delay: 0
failed_when: "result.rc != 0 and result.rc != 1"
tags:
- sssd
- name: join our realm