ipa_client: on f40 there is no sssd user, so files are owned by root

On rhel and f41+ there is a sssd user, so we should use that. If we don't, sssd will change the ownership on restart, meaning we flip it back and forth each time we run the playbook. remember to remove this when fedora 40 is all gone from infra Signed-off-by: Kevin Fenzi <[email protected]>
fedora-infra · Dec 10, 2024 · ce1f5b0 · ce1f5b0
1 parent df36530
commit ce1f5b0
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/roles/ipa/client/tasks/main.yml b/roles/ipa/client/tasks/main.yml
@@ -73,7 +73,7 @@
     - config
   run_once: yes
 
-- name: Ensure that nss knows to skip certain users
+- name: Ensure that nss knows to skip certain users (f41/rhel)
   template: src=fedora-nss-ignore.conf.j2 dest=/etc/sssd/conf.d/fedora-nss-ignore.conf mode=600 owner=sssd group=sssd
   tags:
   - ipa/client
@@ -82,5 +82,17 @@
   notify:
     - restart sssd
     - clean sss caches
+  when: ansible_distribution_major_version|int >= 41 or ansible_distribution == 'RedHat'
+
+- name: Ensure that nss knows to skip certain users (f40)
+  template: src=fedora-nss-ignore.conf.j2 dest=/etc/sssd/conf.d/fedora-nss-ignore.conf mode=600 owner=root group=root
+  tags:
+  - ipa/client
+  - config
+  - fedora-nss-ignore
+  notify:
+    - restart sssd
+    - clean sss caches
+  when: ansible_distribution_major_version|int == 40
 
 - meta: flush_handlers