Update to 2022-03-07 15:00

roles/sssd_ad_auth/tasks/main.yml

@@ -7,13 +7,15 @@
 - set_fact: ad_trusted_domains={{ ad_trusted_domains_conf | default([]) }}
   tags: auth
 
-- include: install_{{ ansible_os_family }}.yml
+- include_tasks: install_{{ ansible_os_family }}.yml
+  tags: always
 
 - name: Set LDAP base
   set_fact: ad_ldap_base=DC={{ ad_realm | regex_replace('\.',',DC=') }}
   tags: auth
 
 - include_tasks: pam_{{ ansible_os_family }}.yml
+  tags: always
 
 - name: Check if there's a secrets.tdb DB
   stat: path=/var/lib/samba/private/secrets.tdb
@@ -39,7 +41,7 @@
   register: ad_keytab
   tags: auth
 
-  # We need to have our correct hostname before joining the domain !!
+# We need to have our correct hostname before joining the domain !!
 - name: Set system hostname
   hostname: name={{ system_hostname | default(inventory_hostname | regex_replace('^([^\.]+)\..*','\\1')) }}
   tags: auth
@@ -91,9 +93,8 @@
     - oddjobd
   tags: auth
 
-  # On el8 for example, sssd is already installed and running on a default setup
-  # so we need to restart it now, so users are available (for eg, ssh authorized_keys setup)
-  # We can't rely on the handler, because it would only run at the end of the playbook
+# On el8 for example, sssd is already installed and running on a default setup
+# so we need to restart it now, so users are available (for eg, ssh authorized_keys setup)
 - name: Restart sssd if needed
   service: name=sssd state=restarted
   when: ad_join.changed or ad_trusted_join.results | selectattr('changed','equalto',True) | list | length > 0