From f946dd3f5f10c9f37073eb33a1310d0aa0da9331 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Fri, 5 Apr 2024 18:29:36 +0200 Subject: [PATCH] Add Ansible remediation to sssd_enable_pam_services This commit adds an Ansible remediation to rule sssd_enable_pam_services. Fixes: #11753 --- .../ansible/shared.yml | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 linux_os/guide/services/sssd/sssd_enable_pam_services/ansible/shared.yml diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_enable_pam_services/ansible/shared.yml new file mode 100644 index 00000000000..01e88e32f8a --- /dev/null +++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/ansible/shared.yml @@ -0,0 +1,41 @@ +# platform = multi_platform_all +# reboot = false +# strategy = configure +# complexity = low +# disruption = medium + +- name: Find all the conf files inside the /etc/sssd/conf.d/ directory + ansible.builtin.find: + paths: + - "/etc/sssd/conf.d/" + patterns: "*.conf" + register: sssd_conf_d_files + +- name: Modify lines in files in the /etc/sssd/conf.d/ directory + ansible.builtin.replace: + path: "{{ item }}" + regexp: '^(services\s*=.*)' + replace: '\1,pam' + with_items: "{{ sssd_conf_d_files.files | map(attribute='path') }}" + register: modify_lines_sssd_conf_d_files + +- name: Find /etc/sssd/sssd.conf + ansible.builtin.stat: + path: /etc/sssd/sssd.conf + register: sssd_conf_file + +- name: Modify lines in /etc/sssd/sssd.conf + ansible.builtin.replace: + path: "/etc/sssd/sssd.conf" + regexp: '^(services\s*=.*)' + replace: '\1,pam' + register: modify_lines_sssd_conf_file + when: sssd_conf_file.stat.exists + +- name: Insert entry to /etc/sssd/sssd.conf + community.general.ini_file: + path: /etc/sssd/sssd.conf + section: sssd + option: services + value: pam + when: not modify_lines_sssd_conf_d_files.changed and not modify_lines_sssd_conf_file.changed