ansible-freeipa
ansible-freeipa copied to clipboard
freeipa
manage sssd.conf tuning
Is there a way to manage sssd.conf tuning options with this role. For example, to insert cache_timeout changes and other recommendations from the tuning guide (https://access.redhat.com/articles/2133801) Or even copy a template sssd.conf file? It appears that the role overwrites any sssd.conf file that is in place without making a backup or appending changes to the existing file. So looking for a way to insert or preserve sssd.conf tuning options with this role.
looks like https://github.com/CSCfi/ansible-role-sssd does most of what we need so we may end up doing this after the freeipa client install. Would be nice to merge some of these settings to take care of all of the sssd tuning options in the freeipa roles/playbooks.
Why not simply loop over the ini_file task ?
- name: tune sssd
hosts: localhost
remote_user: root
gather_facts: false
vars:
sssd_tunables:
- section: domain/ipa.domain option: subdomain_inherit value: ignore_group_members, ldap_purge_cache_timeout path: /etc/sssd/sssd.conf
- section: domain/ipa.domain option: ignore_group_members value: 'true' path: /etc/sssd/sssd.conf
tasks:
- name: tune sssd ini_file: section: '{{ item.section'}} option: '{{item.option}}' value: '{{item.value}}' path: '{{ item.path}}' loop: '{{ sssd_tunables}}'
At the moment there is no way to manage additional sssd options while deploying the server, replica or clients. For now this can only be done after deployment.
Having to configure sssd on top of freeipa's configuration is not idempotent...
