diff options
| author | Patrick Uiterwijk <puiterwijk@redhat.com> | 2016-10-27 09:06:47 +0000 |
|---|---|---|
| committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2016-10-27 09:06:47 +0000 |
| commit | 1f7efb27cb69a9fa41a65f37a5cb36db235967c7 (patch) | |
| tree | 6e0e43c79e819842cc749657528e2f651e93c96e /roles/keytab | |
| parent | 3b6d5d7cb303dd73d579c8447d75f2f59df5245d (diff) | |
| download | ansible-1f7efb27cb69a9fa41a65f37a5cb36db235967c7.tar.gz ansible-1f7efb27cb69a9fa41a65f37a5cb36db235967c7.tar.xz ansible-1f7efb27cb69a9fa41a65f37a5cb36db235967c7.zip | |
Move keytab stuff into the base role
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Diffstat (limited to 'roles/keytab')
| -rw-r--r-- | roles/keytab/tasks/main.yml | 104 |
1 files changed, 0 insertions, 104 deletions
diff --git a/roles/keytab/tasks/main.yml b/roles/keytab/tasks/main.yml deleted file mode 100644 index 0b46c9c65..000000000 --- a/roles/keytab/tasks/main.yml +++ /dev/null @@ -1,104 +0,0 @@ ---- -# Get host keytab -- name: Determine whether we need to get host keytab - stat: path=/etc/krb5.keytab - register: host_keytab_status - tags: - - base - - config - - krb5 - -- name: Get admin keytab - delegate_to: "{{ ipa_server }}" - shell: echo "{{ipa_admin_password}}" | kinit admin - tags: - - base - - config - - krb5 - when: not host_keytab_status.stat.exists - -- name: Create host entry - delegate_to: "{{ ipa_server }}" - command: ipa host-add {{inventory_hostname}} - register: host_add_result - changed_when: "'Added host' in host_add_result.stdout" - failed_when: "not ('Added host' in host_add_result.stdout or 'already exists' in host_add_result.stderr)" - tags: - - base - - config - - krb5 - when: not host_keytab_status.stat.exists - -- name: Generate host keytab - delegate_to: "{{ ipa_server }}" - command: ipa-getkeytab -s {{ipa_server}} -p host/{{inventory_hostname}} -k /tmp/{{inventory_hostname}}.kt - register: getkeytab_result - changed_when: false - failed_when: "'successfully retrieved' not in getkeytab_result.stderr" - tags: - - base - - config - - krb5 - when: not host_keytab_status.stat.exists - -- name: Destroy kerberos ticket - delegate_to: "{{ ipa_server }}" - command: kdestroy -A - tags: - - base - - config - - krb5 - when: not host_keytab_status.stat.exists - -- name: Get keytab - delegate_to: "{{ ipa_server }}" - command: base64 /tmp/{{inventory_hostname}}.kt - register: keytab - tags: - - base - - config - - krb5 - when: not host_keytab_status.stat.exists - -- name: Destroy stored keytab - delegate_to: "{{ ipa_server }}" - file: path=/tmp/{{inventory_hostname}}.kt state=absent - tags: - - base - - config - - krb5 - when: not host_keytab_status.stat.exists - -- name: Deploy base64 keytab - copy: dest=/etc/krb5.keytab.b64 - content={{keytab.stdout}} - owner=root group=root mode=0600 - tags: - - base - - config - - krb5 - when: not host_keytab_status.stat.exists - -- name: Base64-decode keytab - shell: "umask 077; base64 -d /etc/krb5.keytab.b64 >/etc/krb5.keytab" - tags: - - base - - config - - krb5 - when: not host_keytab_status.stat.exists - -- name: Set keytab permissions - file: path=/etc/krb5.keytab owner=root group=root mode=0600 - tags: - - base - - config - - krb5 - when: not host_keytab_status.stat.exists - -- name: Destroy encoded keytab - file: path=/etc/krb5.keytab.b64 state=absent - tags: - - base - - config - - krb5 - when: not host_keytab_status.stat.exists |