From ce1f5b02e6dff9710876ed912beb97f56861c781 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 10 Dec 2024 14:43:47 -0800 Subject: [PATCH] ipa_client: on f40 there is no sssd user, so files are owned by root On rhel and f41+ there is a sssd user, so we should use that. If we don't, sssd will change the ownership on restart, meaning we flip it back and forth each time we run the playbook. remember to remove this when fedora 40 is all gone from infra Signed-off-by: Kevin Fenzi --- roles/ipa/client/tasks/main.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/roles/ipa/client/tasks/main.yml b/roles/ipa/client/tasks/main.yml index 2d7813c0e7..4feae3a3c4 100644 --- a/roles/ipa/client/tasks/main.yml +++ b/roles/ipa/client/tasks/main.yml @@ -73,7 +73,7 @@ - config run_once: yes -- name: Ensure that nss knows to skip certain users +- name: Ensure that nss knows to skip certain users (f41/rhel) template: src=fedora-nss-ignore.conf.j2 dest=/etc/sssd/conf.d/fedora-nss-ignore.conf mode=600 owner=sssd group=sssd tags: - ipa/client @@ -82,5 +82,17 @@ notify: - restart sssd - clean sss caches + when: ansible_distribution_major_version|int >= 41 or ansible_distribution == 'RedHat' + +- name: Ensure that nss knows to skip certain users (f40) + template: src=fedora-nss-ignore.conf.j2 dest=/etc/sssd/conf.d/fedora-nss-ignore.conf mode=600 owner=root group=root + tags: + - ipa/client + - config + - fedora-nss-ignore + notify: + - restart sssd + - clean sss caches + when: ansible_distribution_major_version|int == 40 - meta: flush_handlers