roles/sssd: Fixed several small defects, added libselinux-python to sssd_packages

roles/sssd/defaults/main.yml

 ---
 sssd_conf: /etc/sssd/sssd.conf
-sssd_packages: sssd
+sssd_packages: sssd, libselinux-python
+sssd_on_master: "false"
 sssd_domains:
 sssd_id_provider:
 sssd_auth_provider:
 sssd_access_provider:
 sssd_chpass_provider:
 sssd_cache_credentials: False
-sssd_krb5_store_password_if_offline: False
+sssd_krb5_offline_passwords: False
 sssd_ipa_servers:
 sssd_services:

roles/sssd/tasks/main.yml

@@ -13,14 +13,15 @@
 - name: Template sssd.conf
   template:
     src: sssd.conf.j2
-    dest: /etc/sssd/sssd.conf
-    backup: yes
+    dest: "{{ sssd_conf }}"
+    backup: no
     owner: root
     group: root
     mode: 0600
+    force: yes
 
-- name: Enable and start sssd
-  service:
-    name: sssd
-    state: restarted
-    enabled: yes
+#- name: Enable and start sssd
+#  service:
+#    name: sssd
+#    state: restarted
+#    enabled: yes

roles/sssd/templates/sssd.conf.j2

 [domain/{{ sssd_domains }}]
 cache_credentials = {{ sssd_cache_credentials }}
-krb5_store_password_if_offline = {{ sssd_krb5_store_password_if_offline }}
+krb5_store_password_if_offline = {{ sssd_krb5_offline_passwords }}
 ipa_domain = {{ sssd_domains }}
 id_provider = {{ sssd_id_provider }}
 auth_provider = {{ sssd_auth_provider }}
 access_provider = {{ sssd_access_provider }}
 ipa_hostname = {{ ansible_host }}
 chpass_provider = {{ sssd_chpass_provider }}
-{% if sssd_on_master %}
+{% if sssd_on_master | bool %}
 ipa_server = {{ sssd_ipa_servers | join(", ") }}
 ipa_server_mode = True
 {% else %}
@@ -18,7 +18,7 @@ ipa_server = _srv_, {{ sssd_ipa_servers | join(", ")}}
 {% endif %}
 ldap_tls_cacert = /etc/ipa/ca.crt
 
-{% if sssd_on_master %}
+{% if sssd_on_master | bool %}
 {%   set sssd_services = sssd_services + ", ifp" %}
 {% endif %}
 [sssd]