Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Allow specifying additionally needed host keytabs

Browse source 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk 2016-10-27 15:23:31 +00:00
parent 3099104b21
commit d058b58136
3 changed files with 30 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
inventory/group_vars/all
View file

@ -210,6 +210,7 @@ fedora_required_images:
wsgi_wants_apache: true wsgi_wants_apache: true
# IPA settings # IPA settings
additional_host_keytabs: []
ipa_server: ipa01.phx2.fedoraproject.org ipa_server: ipa01.phx2.fedoraproject.org
ipa_realm: FEDORAPROJECT.ORG ipa_realm: FEDORAPROJECT.ORG
ipa_admin_password: "{{ ipa_prod_admin_password }}" ipa_admin_password: "{{ ipa_prod_admin_password }}"

3
inventory/host_vars/pkgs02.phx2.fedoraproject.org
View file

@ -18,3 +18,6 @@ virt_install_command: "{{ virt_install_command_two_nic }}"
host_backup_targets: ['/srv'] host_backup_targets: ['/srv']
nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=4" nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=4"
additional_host_keytabs:
- pkgs.fedoraproject.org

26
roles/base/tasks/keytab.yml
View file

@ -29,6 +29,19 @@
- krb5 - krb5
when: not host_keytab_status.stat.exists when: not host_keytab_status.stat.exists
- name: Create additional host entries
delegate_to: "{{ ipa_server }}"
command: ipa host-add {{item}}
with_items: "{{ additional_host_keytabs }}"
register: hosts_add_result
changed_when: "'Added host' in hosts_add_result.stdout"
failed_when: "not ('Added host' in hosts_add_result.stdout or 'already exists' in hosts_add_result.stderr)"
tags:
- base
- config
- krb5
when: not host_keytab_status.stat.exists
- name: Generate host keytab - name: Generate host keytab
delegate_to: "{{ ipa_server }}" delegate_to: "{{ ipa_server }}"
command: ipa-getkeytab -s {{ipa_server}} -p host/{{inventory_hostname}} -k /tmp/{{inventory_hostname}}.kt command: ipa-getkeytab -s {{ipa_server}} -p host/{{inventory_hostname}} -k /tmp/{{inventory_hostname}}.kt
@ -41,6 +54,19 @@
- krb5 - krb5
when: not host_keytab_status.stat.exists when: not host_keytab_status.stat.exists
- name: Add additional host keytabs
delegate_to: "{{ ipa_server }}"
command: ipa-getkeytab -s {{ipa_server}} -p host/{{item}} -k /tmp/{{inventory_hostname}}.kt
with_items: "{{ additional_host_keytabs }}"
register: getkeytabs_result
changed_when: false
failed_when: "'successfully retrieved' not in getkeytabs_result.stderr"
tags:
- base
- config
- krb5
when: not host_keytab_status.stat.exists
- name: Destroy kerberos ticket - name: Destroy kerberos ticket
delegate_to: "{{ ipa_server }}" delegate_to: "{{ ipa_server }}"
command: kdestroy -A command: kdestroy -A