From f408d9d3a274a83576d99a5743285ef589f34faf Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Fri, 28 Oct 2016 11:47:57 +0000
Subject: [PATCH] Get and destroy host ticket

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/keytab/service/tasks/main.yml | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/roles/keytab/service/tasks/main.yml b/roles/keytab/service/tasks/main.yml
index 614083b319..2433e6e5cb 100644
--- a/roles/keytab/service/tasks/main.yml
+++ b/roles/keytab/service/tasks/main.yml
@@ -60,7 +60,7 @@
   - krb5
   when: not keytab_status.stat.exists
 
-- name: Destroy kerberos ticket
+- name: Destroy admin ticket
   delegate_to: "{{ ipa_server }}"
   command: kdestroy -A
   tags:
@@ -69,6 +69,14 @@
   - krb5
   when: not keytab_status.stat.exists
 
+- name: Get host ticket
+  shell: kinit -k -t /etc/krb5.keytab host/{{inventory_hostname}}
+  tags:
+  - keytab
+  - config
+  - krb5
+  when: not keytab_status.stat.exists
+
 - name: Retrieve keytab
   command: ipa-getkeytab --retrieve --server {{ipa_server}} --keytab {{kt_location}} --principal {{service}}/{{host}}
   tags:
@@ -77,6 +85,14 @@
   - krb5
   when: not keytab_status.stat.exists
 
+- name: Destroy host ticket
+  command: kdestroy -A
+  tags:
+  - keytab
+  - config
+  - krb5
+  when: not keytab_status.stat.exists
+
 - name: Set keytab permissions
   file: path={{kt_location}} owner={{owner_user}} group={{owner_group}} mode=0600
   tags: