Skip to content

Commit 7362b7b

Browse files
sjpbsjpb
committed
add basic_users_override_sssd flag
1 parent 2ee20c7 commit 7362b7b

File tree

3 files changed

+18
-1
lines changed

3 files changed

+18
-1
lines changed

ansible/roles/basic_users/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ Role Variables
2424
- An additional key `sudo` may optionally be specified giving a string (possibly multiline) defining sudo rules to be templated.
2525
- Any other keys may present for other purposes (i.e. not used by this role).
2626
- `basic_users_groups`: Optional, default empty list. A list of mappings defining information for each group. Mapping keys/values are passed through as parameters to [ansible.builtin.group](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/group_module.html) and default values are as given there.
27+
- `basic_users_override_sssd`: Optional bool, default false. Whether to disable `sssd` when ensuring users/groups exist with this role. Permits creating local users/groups even if they clash with users provided via sssd (e.g. from LDAP). Ignored if host is not in group `sssd` as well. Note with this option active `sssd` will be stopped and restarted on every run.
2728

2829
Dependencies
2930
------------

ansible/roles/basic_users/defaults/main.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,3 +7,4 @@ basic_users_userdefaults:
77
shell: "{{'/sbin/nologin' if 'control' in group_names else omit }}"
88
basic_users_users: []
99
basic_users_groups: []
10+
basic_users_override_sssd: false

ansible/roles/basic_users/tasks/main.yml

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,16 @@
77
label: "{{ item.name }}"
88
when:
99
- "item.state | default('present') == 'absent'"
10-
10+
11+
- name: Stop sssd if required
12+
systemd:
13+
name: sssd
14+
state: stopped
15+
register: _stop_sssd
16+
when:
17+
- "'sssd' in group_names"
18+
- basic_users_override_sssd | bool
19+
1120
- name: Create groups
1221
ansible.builtin.group: "{{ item }}"
1322
loop: "{{ basic_users_groups }}"
@@ -19,6 +28,12 @@
1928
label: "{{ item.name }} [{{ item.state | default('present') }}]"
2029
register: basic_users_info
2130

31+
- name: Restart sssd if required
32+
systemd:
33+
name: sssd
34+
state: started
35+
when: _stop_sssd.changed | default(false)
36+
2237
- name: Write supplied public key as authorized for SSH access
2338
authorized_key:
2439
user: "{{ item.name }}"

0 commit comments

Comments
 (0)