sssd: Initial version of module

2020-11-14 13:46:54 +00:00 · 2020-11-14 13:46:54 +00:00 · 019dd4978e
commit 019dd4978e
parent fa6062de18
4 changed files with 53 additions and 0 deletions
--- a/roles/sssd/handlers/main.yml
+++ b/roles/sssd/handlers/main.yml
@ -0,0 +1,6 @@
+---
+
+- name: restart sssd
+  service:
+    name: sssd
+    state: restarted
--- a/roles/sssd/meta/main.yml
+++ b/roles/sssd/meta/main.yml
@ -0,0 +1,4 @@
+---
+dependencies:
+  - {role: kerberos/client}
+  - {role: ldap/client}
--- a/roles/sssd/tasks/main.yml
+++ b/roles/sssd/tasks/main.yml
@ -0,0 +1,20 @@
+---
+- name: install packages
+  package:
+    name: sssd
+    state: installed
+
+- name: create sssd config
+  template:
+    dest: /etc/sssd/sssd.conf
+    src: sssd.conf.j2
+    mode: 0600
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: restart sssd
+
+- name: enable sssd service
+  service:
+    name: sssd
+    state: started
+    enabled: true
--- a/roles/sssd/templates/sssd.conf.j2
+++ b/roles/sssd/templates/sssd.conf.j2
@ -0,0 +1,23 @@
+[sssd]
+config_file_version = 2
+services = nss, pam
+domains = {{ kerberos_realm }}
+
+[nss]
+
+[pam]
+
+[domain/{{ kerberos_realm }}]
+id_provider = ldap
+auth_provider = krb5
+chpass_provider = ldap
+ldap_uri = ldaps://{{ ldap_server[0] }}
+ldap_search_base = {{ ldap_basedn }}
+ldap_schema = rfc2307bis
+ldap_group_member = uniqueMember
+ldap_id_use_start_tls = False
+ldap_tls_reqcert = demand
+ldap_sasl_mech = EXTERNAL
+ldap_tls_cert = {{ tls_certs }}/{{ inventory_hostname }}.crt
+ldap_tls_key = {{ tls_private }}/{{ inventory_hostname }}.key
+krb5_realm = {{ kerberos_realm }}