ipaclient_setup_sssd: Update and cleanup

ipaclient_setup_sssd is now using configure_sssd_conf from ipaclient/install/client.py instead. This simplified the module a lot and also adds more configuratino options for sssd. These are new config options supported by ipaclient_setup_sssd: ipaclient_no_sudo ipassd_fixed_primary ipassd_permit ipassd_enable_dns_updates ipassd_no_krb5_offline_passwords ipassd_preserve_sssd These variables have been added to ipaclient/defaults/main.yml.
2026-06-23 09:14:43 +00:00 · 2019-03-25 13:59:14 +01:00
parent c5ce754850
commit 2983d4e7b3
3 changed files with 83 additions and 174 deletions
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -216,13 +216,17 @@
      domain: "{{ result_ipaclient_test.domain }}"
      realm: "{{ result_ipaclient_test.realm }}"
      hostname: "{{ result_ipaclient_test.hostname }}"
-      services: ["ssh", "sudo"]
-      krb5_offline_passwords: yes
      on_master: "{{ ipaclient_on_master }}"
-      #primary: no
-      #permit: no
-      #dns_updates: no
-      #all_ip_addresses: no
+      no_ssh: "{{ ipaclient_no_ssh }}"
+      no_sshd: "{{ ipaclient_no_sshd }}"
+      no_sudo: "{{ ipaclient_no_sudo }}"
+      all_ip_addresses: "{{ ipahost_all_ip_addresses }}"
+
+      fixed_primary: "{{ ipassd_fixed_primary }}"
+      permit: "{{ ipassd_permit }}"
+      enable_dns_updates: "{{ ipassd_enable_dns_updates }}"
+      preserve_sssd: "{{ ipassd_preserve_sssd }}"
+      no_krb5_offline_passwords: "{{ ipassd_no_krb5_offline_passwords }}"

  - name: Install - Configure krb5 for IPA realm "{{ result_ipaclient_test.realm }} <= 4.4"
    include_role: