Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

ipa/client: clean sss caches on changes

Browse source 
SSSD caches information, some types for hours by default. When changing
anything in IPA pertaining to a host this role is applied to, clean out
the caches on the host so the changes are effective immediately.

Signed-off-by: Nils Philippsen <nils@redhat.com>
This commit is contained in:
Nils Philippsen 2021-03-10 16:33:29 +01:00 committed by nphilipp
parent 7118984b64
commit 3abcb2d011
4 changed files with 11 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
roles/ipa/client/handlers/main.yml Normal file
View file

@ -0,0 +1,3 @@
---
- name: clean sss caches
command: sss_cache -E

5
roles/ipa/client/tasks/hbac.yml
View file

@ -14,6 +14,7 @@
state: present state: present
group: group:
- sysadmin-main - sysadmin-main
notify: clean sss caches
no_log: true no_log: true
loop: "{{ ipa_servers }}" loop: "{{ ipa_servers }}"
when: ipa_servers is defined when: ipa_servers is defined
@ -24,6 +25,7 @@
name: "usergroup/sysadmin-main" name: "usergroup/sysadmin-main"
ipaadmin_password: "{{ ipa_server_admin_passwords[item] }}" ipaadmin_password: "{{ ipa_server_admin_passwords[item] }}"
state: enabled state: enabled
notify: clean sss caches
no_log: true no_log: true
loop: "{{ ipa_servers }}" loop: "{{ ipa_servers }}"
when: ipa_servers is defined when: ipa_servers is defined
@ -34,6 +36,7 @@
name: allow_all name: allow_all
ipaadmin_password: "{{ ipa_server_admin_passwords[item] }}" ipaadmin_password: "{{ ipa_server_admin_passwords[item] }}"
state: disabled state: disabled
notify: clean sss caches
no_log: true no_log: true
loop: "{{ ipa_servers }}" loop: "{{ ipa_servers }}"
when: ipa_servers is defined when: ipa_servers is defined
@ -49,6 +52,7 @@
usercategory: "all" usercategory: "all"
hbacsvcgroup: hbacsvcgroup:
- Sudo - Sudo
notify: clean sss caches
no_log: true no_log: true
loop: "{{ ipa_servers }}" loop: "{{ ipa_servers }}"
when: ipa_servers is defined when: ipa_servers is defined
@ -120,5 +124,6 @@
action: member action: member
state: present state: present
group: "{{ ipa_server_host_groups_dict[item[0]][item[1]]['shell_groups'] }}" group: "{{ ipa_server_host_groups_dict[item[0]][item[1]]['shell_groups'] }}"
notify: clean sss caches
loop: "{{ ipa_server_host_groups }}" loop: "{{ ipa_server_host_groups }}"
when: ipa_server_host_groups is defined and ipa_server_host_groups_dict[item[0]][item[1]]['shell_groups'] is defined when: ipa_server_host_groups is defined and ipa_server_host_groups_dict[item[0]][item[1]]['shell_groups'] is defined

1
roles/ipa/client/tasks/main.yml
View file

@ -26,6 +26,7 @@
-U -N --force-join -U -N --force-join
--mkhomedir --mkhomedir
creates: /etc/ipa/default.conf creates: /etc/ipa/default.conf
notify: clean sss caches
tags: tags:
- ipa/client - ipa/client
- config - config

2
roles/ipa/client/tasks/sudo.yml
View file

@ -14,6 +14,7 @@
runasgroupcategory: "all" runasgroupcategory: "all"
group: group:
- sysadmin-main - sysadmin-main
notify: clean sss caches
no_log: true no_log: true
loop: "{{ ipa_servers }}" loop: "{{ ipa_servers }}"
when: ipa_servers is defined when: ipa_servers is defined
@ -30,5 +31,6 @@
cmdcategory: "all" cmdcategory: "all"
runasusercategory: "all" runasusercategory: "all"
runasgroupcategory: "all" runasgroupcategory: "all"
notify: clean sss caches
loop: "{{ ipa_server_host_groups }}" loop: "{{ ipa_server_host_groups }}"
when: ipa_server_host_groups is defined and ipa_server_host_groups_dict[item[0]][item[1]]['sudo_groups'] is defined when: ipa_server_host_groups is defined and ipa_server_host_groups_dict[item[0]][item[1]]['sudo_groups'] is defined