From a16153d7adca315f44a9b2bd7aed437d189c19f2 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Tue, 20 Dec 2016 05:13:49 +0000 Subject: [PATCH] Combine keytabs together Signed-off-by: Patrick Uiterwijk --- handlers/ipa.yml | 7 +++++++ playbooks/groups/ipa.yml | 23 ++++------------------- 2 files changed, 11 insertions(+), 19 deletions(-) create mode 100644 handlers/ipa.yml diff --git a/handlers/ipa.yml b/handlers/ipa.yml new file mode 100644 index 0000000000..deec669d50 --- /dev/null +++ b/handlers/ipa.yml @@ -0,0 +1,7 @@ +######################## +# Handlers for IPA stuff +# + +# This is used to combine the IPA keytabs for local host and id.fp.o +- name: combine IPA http keytabs + shell: printf "%b" "read_kt /etc/httpd/conf/ipa.keytab\nread_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab\nwrite_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined" | ktutil diff --git a/playbooks/groups/ipa.yml b/playbooks/groups/ipa.yml index b75144976b..177d586272 100644 --- a/playbooks/groups/ipa.yml +++ b/playbooks/groups/ipa.yml @@ -46,28 +46,13 @@ owner_user: apache owner_group: apache service: HTTP - host: "id.stg.fedoraproject.org" - when: env == "staging" - - role: keytab/service - owner_user: apache - owner_group: apache - service: HTTP - host: "id.fedoraproject.org" - when: env == "production" - - tasks: - #- name: Make symlink for keytab - # file: state=link path=/etc/httpd/conf/ipa.keytab force=yes - # src="/etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab" - # notify: - # - reload httpd - # tags: - # - ipa/server - # - krb5 - # when: env == "staging" + host: "id{{env_suffix}}.fedoraproject.org" + notify: + - combine IPA http keytabs handlers: - include: "{{ handlers }}/restart_services.yml" + - include: "{{ handlers }}/ipa.yml" - name: do base role once more to revert any resolvconf changes hosts: ipa:ipa-stg