ipa/client: clean sss caches on changes

SSSD caches information, some types for hours by default. When changing anything in IPA pertaining to a host this role is applied to, clean out the caches on the host so the changes are effective immediately. Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-10 16:33:29 +01:00 · 2021-03-10 16:33:29 +01:00 · 3abcb2d011
commit 3abcb2d011
parent 7118984b64
4 changed files with 11 additions and 0 deletions
--- a/roles/ipa/client/handlers/main.yml
+++ b/roles/ipa/client/handlers/main.yml
@ -0,0 +1,3 @@
+---
+- name: clean sss caches
+  command: sss_cache -E
--- a/roles/ipa/client/tasks/hbac.yml
+++ b/roles/ipa/client/tasks/hbac.yml
@ -14,6 +14,7 @@
    state: present
    group:
      - sysadmin-main
+  notify: clean sss caches
  no_log: true
  loop: "{{ ipa_servers }}"
  when: ipa_servers is defined
@ -24,6 +25,7 @@
    name: "usergroup/sysadmin-main"
    ipaadmin_password: "{{ ipa_server_admin_passwords[item] }}"
    state: enabled
+  notify: clean sss caches
  no_log: true
  loop: "{{ ipa_servers }}"
  when: ipa_servers is defined
@ -34,6 +36,7 @@
    name: allow_all
    ipaadmin_password: "{{ ipa_server_admin_passwords[item] }}"
    state: disabled
+  notify: clean sss caches
  no_log: true
  loop: "{{ ipa_servers }}"
  when: ipa_servers is defined
@ -49,6 +52,7 @@
    usercategory: "all"
    hbacsvcgroup:
      - Sudo
+  notify: clean sss caches
  no_log: true
  loop: "{{ ipa_servers }}"
  when: ipa_servers is defined
@ -120,5 +124,6 @@
    action: member
    state: present
    group: "{{ ipa_server_host_groups_dict[item[0]][item[1]]['shell_groups'] }}"
+  notify: clean sss caches
  loop: "{{ ipa_server_host_groups }}"
  when: ipa_server_host_groups is defined and ipa_server_host_groups_dict[item[0]][item[1]]['shell_groups'] is defined
--- a/roles/ipa/client/tasks/main.yml
+++ b/roles/ipa/client/tasks/main.yml
@ -26,6 +26,7 @@
         -U -N --force-join
         --mkhomedir
    creates: /etc/ipa/default.conf
+  notify: clean sss caches
  tags:
    - ipa/client
    - config
--- a/roles/ipa/client/tasks/sudo.yml
+++ b/roles/ipa/client/tasks/sudo.yml
@ -14,6 +14,7 @@
    runasgroupcategory: "all"
    group:
      - sysadmin-main
+  notify: clean sss caches
  no_log: true
  loop: "{{ ipa_servers }}"
  when: ipa_servers is defined
@ -30,5 +31,6 @@
    cmdcategory: "all"
    runasusercategory: "all"
    runasgroupcategory: "all"
+  notify: clean sss caches
  loop: "{{ ipa_server_host_groups }}"
  when: ipa_server_host_groups is defined and ipa_server_host_groups_dict[item[0]][item[1]]['sudo_groups'] is defined