iad2: drop python2 for ipa. This means NO NEW keytabs made from phx2 ansible runs. Do those in iad2.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi
parent
5ffd90edba
commit
3acd61b067
1 changed files with 0 additions and 20 deletions
|
|
@ -10,8 +10,6 @@
|
||||||
- krb5
|
- krb5
|
||||||
|
|
||||||
- name: Get admin ticket
|
- name: Get admin ticket
|
||||||
vars:
|
|
||||||
ansible_python_interpreter: /usr/bin/python2
|
|
||||||
delegate_to: "{{ ipa_server }}"
|
delegate_to: "{{ ipa_server }}"
|
||||||
shell: echo "{{ipa_admin_password}}" | kinit admin
|
shell: echo "{{ipa_admin_password}}" | kinit admin
|
||||||
check_mode: no
|
check_mode: no
|
||||||
|
|
@ -23,8 +21,6 @@
|
||||||
when: not keytab_status.stat.exists
|
when: not keytab_status.stat.exists
|
||||||
|
|
||||||
- name: Create host entry
|
- name: Create host entry
|
||||||
vars:
|
|
||||||
ansible_python_interpreter: /usr/bin/python2
|
|
||||||
delegate_to: "{{ ipa_server }}"
|
delegate_to: "{{ ipa_server }}"
|
||||||
command: ipa host-add {{host}}
|
command: ipa host-add {{host}}
|
||||||
register: host_add_result
|
register: host_add_result
|
||||||
|
|
@ -38,8 +34,6 @@
|
||||||
when: not keytab_status.stat.exists
|
when: not keytab_status.stat.exists
|
||||||
|
|
||||||
- name: Create service entry
|
- name: Create service entry
|
||||||
vars:
|
|
||||||
ansible_python_interpreter: /usr/bin/python2
|
|
||||||
delegate_to: "{{ ipa_server }}"
|
delegate_to: "{{ ipa_server }}"
|
||||||
command: ipa service-add {{service}}/{{host}}
|
command: ipa service-add {{service}}/{{host}}
|
||||||
register: service_add_result
|
register: service_add_result
|
||||||
|
|
@ -53,8 +47,6 @@
|
||||||
when: not keytab_status.stat.exists and service != "host"
|
when: not keytab_status.stat.exists and service != "host"
|
||||||
|
|
||||||
- name: Grant host access to keytab
|
- name: Grant host access to keytab
|
||||||
vars:
|
|
||||||
ansible_python_interpreter: /usr/bin/python2
|
|
||||||
delegate_to: "{{ ipa_server }}"
|
delegate_to: "{{ ipa_server }}"
|
||||||
command: ipa service-allow-retrieve-keytab {{service}}/{{host}} --hosts={{inventory_hostname}}
|
command: ipa service-allow-retrieve-keytab {{service}}/{{host}} --hosts={{inventory_hostname}}
|
||||||
register: service_perm_add_result
|
register: service_perm_add_result
|
||||||
|
|
@ -68,8 +60,6 @@
|
||||||
when: not keytab_status.stat.exists
|
when: not keytab_status.stat.exists
|
||||||
|
|
||||||
- name: Grant admin access to keytab
|
- name: Grant admin access to keytab
|
||||||
vars:
|
|
||||||
ansible_python_interpreter: /usr/bin/python2
|
|
||||||
delegate_to: "{{ ipa_server }}"
|
delegate_to: "{{ ipa_server }}"
|
||||||
command: ipa service-allow-retrieve-keytab {{service}}/{{host}} --users=admin
|
command: ipa service-allow-retrieve-keytab {{service}}/{{host}} --users=admin
|
||||||
register: service_perm_add_result
|
register: service_perm_add_result
|
||||||
|
|
@ -83,8 +73,6 @@
|
||||||
when: not keytab_status.stat.exists
|
when: not keytab_status.stat.exists
|
||||||
|
|
||||||
- name: Retrieve keytab
|
- name: Retrieve keytab
|
||||||
vars:
|
|
||||||
ansible_python_interpreter: /usr/bin/python2
|
|
||||||
delegate_to: "{{ ipa_server }}"
|
delegate_to: "{{ ipa_server }}"
|
||||||
command: ipa-getkeytab --retrieve --server {{ipa_server}} --keytab /tmp/{{service}}_{{host}}.kt --principal {{service}}/{{host}}
|
command: ipa-getkeytab --retrieve --server {{ipa_server}} --keytab /tmp/{{service}}_{{host}}.kt --principal {{service}}/{{host}}
|
||||||
register: retrieve_result
|
register: retrieve_result
|
||||||
|
|
@ -98,8 +86,6 @@
|
||||||
when: not keytab_status.stat.exists
|
when: not keytab_status.stat.exists
|
||||||
|
|
||||||
- name: Create keytab if it did not exist
|
- name: Create keytab if it did not exist
|
||||||
vars:
|
|
||||||
ansible_python_interpreter: /usr/bin/python2
|
|
||||||
delegate_to: "{{ ipa_server }}"
|
delegate_to: "{{ ipa_server }}"
|
||||||
command: ipa-getkeytab --server {{ipa_server}} --keytab /tmp/{{service}}_{{host}}.kt --principal {{service}}/{{host}}
|
command: ipa-getkeytab --server {{ipa_server}} --keytab /tmp/{{service}}_{{host}}.kt --principal {{service}}/{{host}}
|
||||||
tags:
|
tags:
|
||||||
|
|
@ -109,8 +95,6 @@
|
||||||
when: not keytab_status.stat.exists and 'krbPrincipalKey not found' in retrieve_result.stderr
|
when: not keytab_status.stat.exists and 'krbPrincipalKey not found' in retrieve_result.stderr
|
||||||
|
|
||||||
- name: Destroy admin ticket
|
- name: Destroy admin ticket
|
||||||
vars:
|
|
||||||
ansible_python_interpreter: /usr/bin/python2
|
|
||||||
delegate_to: "{{ ipa_server }}"
|
delegate_to: "{{ ipa_server }}"
|
||||||
command: kdestroy -A
|
command: kdestroy -A
|
||||||
tags:
|
tags:
|
||||||
|
|
@ -120,8 +104,6 @@
|
||||||
when: not keytab_status.stat.exists
|
when: not keytab_status.stat.exists
|
||||||
|
|
||||||
- name: Get keytab
|
- name: Get keytab
|
||||||
vars:
|
|
||||||
ansible_python_interpreter: /usr/bin/python2
|
|
||||||
delegate_to: "{{ ipa_server }}"
|
delegate_to: "{{ ipa_server }}"
|
||||||
command: base64 /tmp/{{service}}_{{host}}.kt
|
command: base64 /tmp/{{service}}_{{host}}.kt
|
||||||
register: keytab
|
register: keytab
|
||||||
|
|
@ -133,8 +115,6 @@
|
||||||
when: not keytab_status.stat.exists
|
when: not keytab_status.stat.exists
|
||||||
|
|
||||||
- name: Destroy stored keytab
|
- name: Destroy stored keytab
|
||||||
vars:
|
|
||||||
ansible_python_interpreter: /usr/bin/python2
|
|
||||||
delegate_to: "{{ ipa_server }}"
|
delegate_to: "{{ ipa_server }}"
|
||||||
file: path=/tmp/{{service}}_{{host}}.kt state=absent
|
file: path=/tmp/{{service}}_{{host}}.kt state=absent
|
||||||
tags:
|
tags:
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue