ipa/client: no comment in this jinja2 sadly, just make this a normal comment

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-05-22 10:26:50 -07:00 · 2021-05-22 10:26:50 -07:00 · 1c6dfc82fd
commit 1c6dfc82fd
parent 24ae7d3d16
4 changed files with 0 additions and 20 deletions
--- a/roles/ipa/client/templates/fedora-nss-ignore.conf
+++ b/roles/ipa/client/templates/fedora-nss-ignore.conf
@ -1,6 +0,0 @@
-## This file contains users who are in ipa to stop people from
-## creating restricted accounts but we want to make sure the id in
-## /etc/passwd and /etc/group are used.
-[nss]
-filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,avahi-autoipd,dbus,polkitd,rpc,tss,ntp,rpcuser,nfsnobody,postfix,sshd,nagios,nrpe,openvpn,,chrony,sssd,named,mock,apache,bodhi,ftpsync
-filter_groups = root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,cdrom,mail,man,dialout,floppy,games,tape,video,ftp,lock,audio,nobody,users,utmp,utempter,avahi-autoipd,ssh_keys,systemd-journal,dbus,rpc,tss,ntp,dip,rpcuser,nfsnobody,postdrop,postfix,sshd,screen,nagios,nrpe,openvpn,input,systemd-bus-proxy,systemd-network,cgred,chrony,printadmin,sssd,named,mock,apache
--- a/roles/ipa/client/templates/fedora-nss-ignore.conf.j2
+++ b/roles/ipa/client/templates/fedora-nss-ignore.conf.j2
@ -1,8 +1,6 @@
-{% comment %}
 # There are a bunch of users we want to prefer the local version instead of the ipa/ldap version.
 # But in at least one case, there is a real user ('mock') that we want to exclude on most machines,
 # but not on people and ipsilon to allow them access to their people space and be able to login to things.
-{% endcomment %}
 {% if inventory_hostname in groups['people','ipsilon','ipsilon_stg'] %}
 ## This file contains users who are in ipa to stop people from
 ## creating restricted accounts but we want to make sure the id in
--- a/roles/ipa/client/templates/fedora-nss-ignore.conf.people
+++ b/roles/ipa/client/templates/fedora-nss-ignore.conf.people
@ -1,6 +0,0 @@
-## This file contains users who are in ipa to stop people from
-## creating restricted accounts but we want to make sure the id in
-## /etc/passwd and /etc/group are used.
-[nss]
-filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,avahi-autoipd,dbus,polkitd,rpc,tss,ntp,rpcuser,nfsnobody,postfix,sshd,nagios,nrpe,openvpn,,chrony,sssd,named,apache
-filter_groups = root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,cdrom,mail,man,dialout,floppy,games,tape,video,ftp,lock,audio,nobody,users,utmp,utempter,avahi-autoipd,ssh_keys,systemd-journal,dbus,rpc,tss,ntp,dip,rpcuser,nfsnobody,postdrop,postfix,sshd,screen,nagios,nrpe,openvpn,input,systemd-bus-proxy,systemd-network,cgred,chrony,printadmin,sssd,named,apache
--- a/roles/ipa/client/templates/fedora-nss-ignore.conf.staging
+++ b/roles/ipa/client/templates/fedora-nss-ignore.conf.staging
@ -1,6 +0,0 @@
-## This file contains users who are in ipa to stop people from
-## creating restricted accounts but we want to make sure the id in
-## /etc/passwd and /etc/group are used.
-[nss]
-filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,avahi-autoipd,dbus,polkitd,rpc,tss,ntp,rpcuser,nfsnobody,postfix,sshd,nagios,nrpe,openvpn,,chrony,sssd,named,mock
-filter_groups = root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,cdrom,mail,man,dialout,floppy,games,tape,video,ftp,lock,audio,nobody,users,utmp,utempter,avahi-autoipd,ssh_keys,systemd-journal,dbus,rpc,tss,ntp,dip,rpcuser,nfsnobody,postdrop,postfix,sshd,screen,nagios,nrpe,openvpn,input,systemd-bus-proxy,systemd-network,cgred,chrony,printadmin,sssd,named,mock