make sssd-ldap optional

Author: sjpb

ansible/roles/sssd/README.md

@@ -1,2 +1,16 @@
 # sssd
 
+Install and configure [sssd](https://sssd.io/docs/introduction.html).
+
+
+## Role variables
+
+The only required configuration is to create a [sssd.conf](https://www.mankier.com/5/sssd.conf) template at the location specified by `sssd_conf_src`.
+
+- `sssd_packages`: Optional list. Packages to install.
+- `sssd_ldap_install`: Optional bool. Whether to install packages enabling SSSD to authenticate against LDAP. Default `false`.
+- `sssd_ldap_packages`: Optional list. Packages to install when using `sssd_ldap_install`.
+- `sssd_conf_src`: Optional string. Path to `sssd.conf` template. Default (which must be created) is `{{ appliances_environment_root }}/files/sssd.conf.j2`.
+- `sssd_conf_dest`: Optional string. Path to destination for `sssd.conf`. Default `/etc/sssd/sssd.conf`.
+- `sssd_started`: Optional bool. Whether `sssd` service should be started.
+- `sssd_enabled`: Optional bool. Whether `sssd` service should be enabled.

ansible/roles/sssd/defaults/main.yml

@@ -1,6 +1,8 @@
 sssd_packages:
   - sssd-common
-  - sssd-ldap # TODO: maybe should be in ldap role ??
+sssd_install_ldap: false
+sssd_ldap_packages:
+  - sssd-ldap
 sssd_conf_src: "{{ appliances_environment_root }}/files/sssd.conf.j2"
 sssd_conf_dest: /etc/sssd/sssd.conf
 sssd_started: true

ansible/roles/sssd/tasks/install.yml

@@ -1,3 +1,3 @@
-- name: Install packages
+- name: Install sssd packages
   dnf:
-    name: "{{ sssd_packages }}"
+    name: "{{ sssd_packages + sssd_ldap_packages if (sssd_install_ldap | bool) else [] }}"