ipa_client: on f40 there is no sssd user, so files are owned by root
On rhel and f41+ there is a sssd user, so we should use that. If we don't, sssd will change the ownership on restart, meaning we flip it back and forth each time we run the playbook. remember to remove this when fedora 40 is all gone from infra Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi
parent
df36530d00
commit
ce1f5b02e6
1 changed files with 13 additions and 1 deletions
|
|
@ -73,7 +73,7 @@
|
|||
- config
|
||||
run_once: yes
|
||||
|
||||
- name: Ensure that nss knows to skip certain users
|
||||
- name: Ensure that nss knows to skip certain users (f41/rhel)
|
||||
template: src=fedora-nss-ignore.conf.j2 dest=/etc/sssd/conf.d/fedora-nss-ignore.conf mode=600 owner=sssd group=sssd
|
||||
tags:
|
||||
- ipa/client
|
||||
|
|
@ -82,5 +82,17 @@
|
|||
notify:
|
||||
- restart sssd
|
||||
- clean sss caches
|
||||
when: ansible_distribution_major_version|int >= 41 or ansible_distribution == 'RedHat'
|
||||
|
||||
- name: Ensure that nss knows to skip certain users (f40)
|
||||
template: src=fedora-nss-ignore.conf.j2 dest=/etc/sssd/conf.d/fedora-nss-ignore.conf mode=600 owner=root group=root
|
||||
tags:
|
||||
- ipa/client
|
||||
- config
|
||||
- fedora-nss-ignore
|
||||
notify:
|
||||
- restart sssd
|
||||
- clean sss caches
|
||||
when: ansible_distribution_major_version|int == 40
|
||||
|
||||
- meta: flush_handlers
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue