diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_enable_pam_services/ansible/shared.yml new file mode 100644 index 00000000000..bfc1b754cb3 --- /dev/null +++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/ansible/shared.yml @@ -0,0 +1,54 @@ +# platform = multi_platform_all +# reboot = false +# strategy = configure +# complexity = low +# disruption = medium + +- name: {{{ rule_title }}} - Find all the conf files inside the /etc/sssd/conf.d/ directory + ansible.builtin.find: + paths: + - "/etc/sssd/conf.d/" + patterns: "*.conf" + register: sssd_conf_d_files + +- name: {{{ rule_title }}} - Modify lines in files in the /etc/sssd/conf.d/ directory + ansible.builtin.replace: + path: "{{ item }}" + regexp: '^(\s*\[sssd\].*(?:\n\s*[^[\s].*)*\n\s*services\s*=(?!.*\bpam\b).*)$' + replace: '\1,pam' + with_items: "{{ sssd_conf_d_files.files | map(attribute='path') }}" + register: modify_lines_sssd_conf_d_files + +- name: {{{ rule_title }}} - Find /etc/sssd/sssd.conf + ansible.builtin.stat: + path: /etc/sssd/sssd.conf + register: sssd_conf_file + +- name: {{{ rule_title }}} - Modify lines in /etc/sssd/sssd.conf + ansible.builtin.replace: + path: "/etc/sssd/sssd.conf" + regexp: '^(\s*\[sssd\].*(?:\n\s*[^[\s].*)*\n\s*services\s*=(?!.*\bpam\b).*)$' + replace: '\1,pam' + register: modify_lines_sssd_conf_file + when: sssd_conf_file.stat.exists + +- name: {{{ rule_title }}} - Find services key in /etc/sssd/sssd.conf + ansible.builtin.replace: + path: "/etc/sssd/sssd.conf" + regexp: '^\s*\[sssd\][^\[\]]*?(?:\n(?!\[)[^\n]*?services\s*=)+' + replace: '' + changed_when: false + check_mode: true + register: sssd_conf_file_services + when: sssd_conf_file.stat.exists + +- name: {{{ rule_title }}} - Insert entry to /etc/sssd/sssd.conf + ini_file: + path: /etc/sssd/sssd.conf + section: sssd + option: services + value: pam + when: + - not modify_lines_sssd_conf_d_files.changed + - not modify_lines_sssd_conf_file.changed + - (sssd_conf_file_services.msg is defined and "replacements" not in sssd_conf_file_services.msg) or not sssd_conf_file.stat.exists diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/tests/services_pam_missing.fail.sh b/linux_os/guide/services/sssd/sssd_enable_pam_services/tests/services_pam_missing.fail.sh index a0918bf3349..31662f48d05 100644 --- a/linux_os/guide/services/sssd/sssd_enable_pam_services/tests/services_pam_missing.fail.sh +++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/tests/services_pam_missing.fail.sh @@ -2,11 +2,10 @@ # packages = sssd # -SSSD_SERVICES_REGEX_SHORT="^[[:space:]]*services.*$" SSSD_CONF="/etc/sssd/sssd.conf" rm -rf /etc/sssd/conf.d/ -rm -f SSSD_CONF +rm -f $SSSD_CONF cat < $SSSD_CONF [sssd] section1 = key diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/tests/sssd_pam_services_conf_d.pass.sh b/linux_os/guide/services/sssd/sssd_enable_pam_services/tests/sssd_pam_services_conf_d.pass.sh new file mode 100644 index 00000000000..42519ee006f --- /dev/null +++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/tests/sssd_pam_services_conf_d.pass.sh @@ -0,0 +1,12 @@ +#!/bin/bash +# packages = sssd + +rm -rf "/etc/sssd/conf.d/" +rm -f "/etc/sssd/sssd.conf" +mkdir -p "/etc/sssd/conf.d/" +cat < "/etc/sssd/conf.d/sssd.conf" +[sssd] +services = nss,pam +[pam] +example1 = abc +EOF