Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSSD Ansible tasks don't break sssd service #4198

Merged
merged 5 commits into from
Mar 19, 2019
Merged

SSSD Ansible tasks don't break sssd service #4198

merged 5 commits into from
Mar 19, 2019

Conversation

yuumasato
Copy link
Member

Description:

  • Ansible tasks for SSSD won't break service config, and service can start
  • Use variable for sshd_idle_timeout_value
  • Updated tasks to use ini_file module instead of lineinfile

Rationale:

  • Service SSSD wouldn't start after any remediation
  • This PR is mostly about not breaking sssd.conf

@yuumasato
Create /etc/sssd/sssd/conf with correct permissions
0cbb9fa 
Only owner of file should be able to access it.
@yuumasato
Use ini_file to deal with sssd config file
134b40f 
Much simpler then lineinfile module
@yuumasato
Use variable for ssh timeout
5d9e543
@yuumasato
Add minimal functional default/domain
a55f5bd 
Add domain and its required keys with default value for sssd service to
start
@yuumasato yuumasato added this to the 0.1.44 milestone Mar 14, 2019
@jan-cerny jan-cerny self-assigned this Mar 15, 2019
jan-cerny
jan-cerny reviewed Mar 15, 2019
View reviewed changes
linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml Outdated
regexp: '^\s*ldap_id_use_start_tls'
insertafter: '\s*\[domain\/[^]]*]'
line: 'ldap_id_use_start_tls = True'
section: "{{ test_grep_domain.stdout | regex_replace('[(.*)]','\\1') }}"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm receiving the following error:

< TASK [Configure LDAP to use STARTTLS] >
 ---------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: re.error: invalid group reference 1 at position 1                                                                
fatal: [all]: FAILED! => {"msg": "Unexpected failure during module execution.", "stdout": ""}
        to retry, use: --limit @/home/jcerny/scap-security-guide/sssd.retry

Copy link
Member Author

@yuumasato yuumasato Mar 15, 2019
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The square brackets needed to be escaped. Fixed

@scrutinizer-notifier
Copy link

The inspection completed: 1 new issues

@jan-cerny jan-cerny merged commit edf9f6f into ComplianceAsCode:master Mar 19, 2019
@yuumasato yuumasato deleted the sssd_tasks_dont_break_sssd_service branch March 19, 2019 08:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jan-cerny jan-cerny jan-cerny left review comments

Assignees

@jan-cerny jan-cerny

Labels
None yet
Projects
None yet
Milestone
0.1.44
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@yuumasato @scrutinizer-notifier @jan-cerny