Fix krb5 for nagios by selecting the right keytab path

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

roles/nagios_server/files/httpd/nagios-new.conf

@@ -0,0 +1,36 @@
+# noc1
+ScriptAlias /nagios/cgi-bin/ /usr/lib64/nagios/cgi-bin/
+
+# noc2
+ScriptAlias /nagios-external/cgi-bin/ /usr/lib64/nagios/cgi-bin/
+
+# test
+ScriptAlias /nagios-just-a-test/cgi-bin/ /usr/lib64/nagios/cgi-bin/
+
+ScriptAlias	/tac.cgi	/usr/lib64/nagios/cgi-bin/tac.cgi
+
+<Location />
+  AuthName "Nagios GSSAPI Login"
+  GssapiCredStore keytab:/etc/krb5.HTTP_nagios.stg.fedoraproject.org.keytab
+  AuthType GSSAPI
+  # This is off because Apache (and thus mod_auth_gssapi) doesn't know this is proxied over TLS
+  GssapiSSLonly Off
+  GssapiLocalName on
+  Require valid-user
+</Location>
+
+<Location ~ "/(nagios|nagios-external|nagios-just-a-test)/cgi-bin/">
+  Options ExecCGI
+</Location>
+
+<Directory "/usr/share/nagios/html">
+  Options None
+</Directory>
+
+Alias /nagios /usr/share/nagios/html/
+
+# This will only affect noc2 because the proxies only forward -external to it.
+Alias /nagios-external /usr/share/nagios/html/
+
+# Test
+Alias /nagios-test /usr/share/nagios/html/

roles/nagios_server/tasks/main.yml

@@ -78,8 +78,16 @@
   - nagios_server
 
 ## Copy over system configs
+# TODO: Make this a template once they're closer together
 - name: Copy httpd config
   copy: src=httpd/nagios.conf dest=/etc/httpd/conf.d/nagios.conf
+  when: env == "production"
+  tags:
+  - nagios_server
+
+- name: Copy httpd config
+  copy: src=httpd/nagios-new.conf dest=/etc/httpd/conf.d/nagios.conf
+  when: env == "staging"
   tags:
   - nagios_server