Skip to content
Snippets Groups Projects
Select Git revision
  • c76c322c762c194b3b7063ce8407c8f1e9035008
  • master default protected
2 results

admin_user_index.html

Blame
  • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    sssd.yml 2.12 KiB
    ---
    # file: roles/ad-auth/tasks/sssd.yml
    
    - name: ensure sssd is installed
      apt: name="{{ item }}" state=present install_recommends=no
      with_items:
        - sssd
        - libpam-sss
        - libnss-sss
        - sssd-tools
        - realmd
        - policykit-1 # this is required for realm to discover realms...
        - adcli # this is required for realm to join realms...
        - packagekit # this is required for realm to i don't know and don't even care anymore...
        - cracklib-runtime
      notify:
        - clear sssd cache
      tags:
        - sssd
        - packages
    
    - name: check if our realm is configured
      shell: realm list | grep "{{ domain }}"
      register: current_realms
      changed_when: "current_realms.rc != 0"
      failed_when: "current_realms.rc != 0 and current_realms.rc != 1"
    
    - block:
        - name: discover our realm
          command: realm discover -v "{{ domain }}"
        - name: get a kerberos ticket
          shell: echo "{{ lookup('passwordstore', ad_admin_password) }}" | kinit Administrator
          when: debian_version == "jessie"
          no_log: True
        - name: ensure pexpect is installed
          apt: name=python-pexpect state=present
          when: debian_version == "stretch"
        - name: get a kerberos ticket
          expect:
            command: kinit Administrator
            responses:
              "Passwor(d|t) for Administrator.*": "{{ lookup('passwordstore', ad_admin_password) }}"
          when: debian_version == "stretch"
          no_log: True
        - name: leave any other realm
          command: realm leave
          register: result
          until: "result.rc != 0"
          retries: 9001
          delay: 0
          failed_when: "result.rc != 0 and result.rc != 1"
        - name: join our realm
          command: realm join -v "{{ domain }}"
          notify:
            - clear sssd cache
            - restart sssd
        - name: destroy kerberos ticket
          command: kdestroy
      when: "current_realms.rc != 0"
    
    - name: ensure sssd is configured
      template: src=sssd.conf.j2 dest=/etc/sssd/sssd.conf owner=root group=root mode=0600
      notify:
        - restart sssd
        - clear sssd cache
      tags:
        - sssd
        - config
    
    - name: ensure sssd is enabled and running