Support getting a host keytab from IPA

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2020-09-01 22:42:56 +02:00 · 2020-09-01 22:42:56 +02:00 · 392e547601
commit 392e547601
parent 2af8ad94c9
1 changed files with 18 additions and 8 deletions
--- a/roles/keytab/service/tasks/main.yml
+++ b/roles/keytab/service/tasks/main.yml
@ -40,11 +40,16 @@

 - name: Grant host access to keytab
  delegate_to: "{{ ipa_server }}"
-  command: ipa service-allow-retrieve-keytab {{service}}/{{host}} --hosts={{inventory_hostname}}
-  register: service_perm_add_result
+  command:
+    argv:
+    - ipa
+    - "{{ (service == 'host')|ternary('host', 'service') }}-allow-retrieve-keytab"
+    - "{{service}}/{{host}}"
+    - --hosts={{inventory_hostname}}
+  register: perm_add_result
  check_mode: no
-  changed_when: "'members added 1' in service_perm_add_result.stdout"
-  failed_when: "not ('members added' in service_perm_add_result.stdout)"
+  changed_when: "'members added 1' in perm_add_result.stdout"
+  failed_when: "not ('members added' in perm_add_result.stdout)"
  tags:
  - keytab
  - config
@ -53,11 +58,16 @@

 - name: Grant admin access to keytab
  delegate_to: "{{ ipa_server }}"
-  command: ipa service-allow-retrieve-keytab {{service}}/{{host}} --users=admin
-  register: service_perm_add_result
+  command:
+    argv:
+    - ipa
+    - "{{ (service == 'host')|ternary('host', 'service') }}-allow-retrieve-keytab"
+    - "{{service}}/{{host}}"
+    - --users=admin
+  register: perm_add_result
  check_mode: no
-  changed_when: "'members added 1' in service_perm_add_result.stdout"
-  failed_when: "not ('members added' in service_perm_add_result.stdout)"
+  changed_when: "'members added 1' in perm_add_result.stdout"
+  failed_when: "not ('members added' in perm_add_result.stdout)"
  tags:
  - keytab
  - config