support sssd configuration

sjpb · sjpb · commit 7413c08fe8c7 · 2024-09-13T19:42:48.000Z
diff --git a/ansible/.gitignore b/ansible/.gitignore
@@ -58,4 +58,5 @@ roles/*
 !roles/squid/**
 !roles/tuned/
 !roles/tuned/**
-
+!roles/sssd/
+!roles/sssd/**
diff --git a/ansible/iam.yml b/ansible/iam.yml
@@ -40,3 +40,12 @@
       import_role:
         name: freeipa
         tasks_from: users.yml
+
+- hosts: sssd
+  become: yes
+  gather_facts: no
+  tags: sssd
+  tasks:
+    - name: Configure sssd
+      import_role:
+        name: sssd
diff --git a/ansible/roles/sssd/README.md b/ansible/roles/sssd/README.md
@@ -0,0 +1,2 @@
+# sssd
+
diff --git a/ansible/roles/sssd/defaults/main.yml b/ansible/roles/sssd/defaults/main.yml
@@ -0,0 +1,7 @@
+sssd_packages:
+  - sssd-common
+  - sssd-ldap # TODO: maybe should be in ldap role ??
+sssd_conf_src: "{{ appliances_environment_root }}/files/sssd.conf.j2"
+sssd_conf_dest: /etc/sssd/sssd.conf
+sssd_started: true
+sssd_enabled: true
diff --git a/ansible/roles/sssd/handlers/main.yml b/ansible/roles/sssd/handlers/main.yml
@@ -0,0 +1,5 @@
+- name: Restart sssd
+  service:
+    name: sssd
+    state: restarted
+  when: sssd_started | bool
diff --git a/ansible/roles/sssd/tasks/configure.yml b/ansible/roles/sssd/tasks/configure.yml
@@ -0,0 +1,16 @@
+- name: Write sssd.conf
+  template:
+    src: "{{ sssd_conf_src }}"
+    dest: "{{ sssd_conf_dest }}"
+    owner: root
+    group: root
+    mode: u=rw,go=
+  notify: "Restart sssd"
+
+- meta: flush_handlers
+
+- name: Ensure sssd service state
+  systemd:
+    name: sssd
+    state: "{{ 'started' if sssd_started | bool else 'stopped' }}"
+    enabled: "{{ true if sssd_enabled else false }}"
diff --git a/ansible/roles/sssd/tasks/install.yml b/ansible/roles/sssd/tasks/install.yml
@@ -0,0 +1,3 @@
+- name: Install packages
+  dnf:
+    name: "{{ sssd_packages }}"
diff --git a/ansible/roles/sssd/tasks/main.yml b/ansible/roles/sssd/tasks/main.yml
@@ -0,0 +1,2 @@
+- import_tasks: install.yml
+- import_tasks: configure.yml
diff --git a/environments/common/inventory/group_vars/builder/defaults.yml b/environments/common/inventory/group_vars/builder/defaults.yml
@@ -22,3 +22,5 @@ squid_cache_disk: 0 # just needs to be defined
 squid_cache_mem: 0
 tuned_started: false
 tuned_enabled: false
+sssd_started: false
+sssd_enabled: false
diff --git a/environments/common/inventory/groups b/environments/common/inventory/groups
@@ -134,4 +134,7 @@ freeipa_client
 # Hosts to run TuneD configuration
 
 [ansible_init]
-# Hosts to run linux-anisble-init
+# Hosts to run linux-anisble-init
+
+[sssd]
+# Hosts to configure sssd on
diff --git a/environments/common/layouts/everything b/environments/common/layouts/everything
@@ -81,4 +81,7 @@ openhpc
 
 [ansible_init:children]
 # Hosts to run ansible-init
-cluster
+cluster
+
+[sssd]
+# Hosts to configure sssd on

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+- name: Install packages`
	`2`	`+ dnf:`
	`3`	`+ name: "{{ sssd_packages }}"`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+- import_tasks: install.yml`
	`2`	`+- import_tasks: configure.yml`