lmn-client/roles/lmn_sssd/tasks/main.yml

---
- name: Install needed packages
  ansible.builtin.apt:
    name:
      - sssd-ad
      - sssd-tools
      - adcli
      - kstart

- name: Provide user identities from AD
  ansible.builtin.template:
    src: sssd.conf.j2
    dest: /etc/sssd/sssd.conf
    mode: '0600'
  notify: Restart sssd

  ## Either one of the variables is defined:
- name: Join the domain
  ansible.builtin.shell:
    cmd: >
      echo "{{ ansible_cmdline.adpw | default('') + adpw.user_input | default('') }}" |
      adcli join --stdin-password -U global-admin {{ domain | upper }}
  when: >
    ansible_cmdline.adpw | default('') | length > 0 or
    adpw.user_input | default('') | length > 0

- name: Set CCache file name
  ansible.builtin.lineinfile:
    dest: /etc/krb5.conf
    line: '        default_ccache_name = FILE:/tmp/krb5cc_%{uid}'
    insertbefore: '\[realms\]'
    state: present

- name: Create kstart systemd service for obtaining machine ticket
  ansible.builtin.template:
    src: kstart.service.j2
    dest: /etc/systemd/system/kstart.service
    mode: '0644'
  when: not nfs4

- name: Enable kstart service
  ansible.builtin.systemd:
    name: kstart.service
    enabled: true
  when: not nfs4