sr2/ansible-collection-core
4
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions

feat(baseline): do not expect global become true

Browse source
This commit is contained in:
Iain Learmonth 2025-12-20 13:14:35 +00:00
parent c793b470b0
commit 6933aad1fa
8 changed files with 56 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

4
roles/baseline/tasks/ipaclient.yml
View file

@ -4,13 +4,16 @@
role: freeipa.ansible_freeipa.ipaclient
vars:
ipaclient_hostname: "{{ inventory_hostname }}"
when: ansible_user == "root" # We've already joined if we're using an unprivileged user
- name: FreeIPA Client | AUDIT | Check current authselect configuration
become: true
ansible.builtin.command: authselect current
register: _baseline_freeipa_authselect_status
changed_when: false
- name: FreeIPA Client | PATCH | Apply authselect profile with sssd, sudo, and more if not set
become: true
ansible.builtin.command: authselect select sssd with-sudo with-mkhomedir with-subid with-faillock with-pwhistory without-nullok --force
when: >
'Profile ID: sssd' not in _baseline_freeipa_authselect_status.stdout or
@ -22,6 +25,7 @@
'without-nullok' not in _baseline_freeipa_authselect_status.stdout
- name: FreeIPA Client | PATCH | Enable oddjobd.service (for with-mkhomedir feature)
become: true
ansible.builtin.systemd_service:
name: oddjobd.service
state: started