service accounts

2024-11-24 22:21:26 +00:00 · 2021-01-23 15:51:55 -07:00 · 2021-01-23 15:51:55 -07:00 · 12767283c6
commit 12767283c6
parent 62974f97c2
9 changed files with 16 additions and 8 deletions
--- a/ansible/playbooks/adhoc-ipadnsrecord.yml
+++ b/ansible/playbooks/adhoc-ipadnsrecord.yml
@ -16,7 +16,7 @@
  become: false
  gather_facts: false
  vars_files:
-  - vars/vaults/encpass.yml
+  - vars/vaults/hostman.yml

  tasks:
    - name: "Checking for user variables"
--- a/ansible/playbooks/adhoc-ipadnszone.yml
+++ b/ansible/playbooks/adhoc-ipadnszone.yml
@ -8,7 +8,7 @@
  become: false
  gather_facts: false
  vars_files:
-  - vars/vaults/encpass.yml
+  - vars/vaults/hostman.yml

  tasks:
    - name: "Checking for user variables"
--- a/ansible/playbooks/adhoc-ipagetkeytab.yml
+++ b/ansible/playbooks/adhoc-ipagetkeytab.yml
@ -18,12 +18,13 @@
  become: true
  gather_facts: false
  vars_files:
-    - vars/vaults/encpass.yml
+    - vars/vaults/kerbman.yml

  tasks:
    - name: "Checking for user variables"
      assert:
        that:
+          - ipa_admin | mandatory
          - ipaadmin_password | mandatory
          - ipa_service | mandatory
          - ipa_keytab_fullpath | mandatory
--- a/ansible/playbooks/adhoc-ipagroup.yml
+++ b/ansible/playbooks/adhoc-ipagroup.yml
@ -10,7 +10,7 @@
  become: false
  gather_facts: false
  vars_files:
-  - vars/vaults/encpass.yml
+  - vars/vaults/userman.yml

  tasks:
    - name: "Checking for user variables"
--- a/ansible/playbooks/adhoc-ipaservice.yml
+++ b/ansible/playbooks/adhoc-ipaservice.yml
@ -7,7 +7,7 @@
  become: false
  gather_facts: false
  vars_files:
-    - vars/vaults/encpass.yml
+    - vars/vaults/kerbman.yml

  tasks:
    - name: "Checking for user variables"
--- a/ansible/playbooks/adhoc-ipauser-disable.yml
+++ b/ansible/playbooks/adhoc-ipauser-disable.yml
@ -7,7 +7,7 @@
  become: false
  gather_facts: false
  vars_files:
-  - vars/vaults/encpass.yml
+  - vars/vaults/userman.yml

  tasks:
    - name: "Checking for user variables"
--- a/ansible/playbooks/adhoc-ipauser-enable.yml
+++ b/ansible/playbooks/adhoc-ipauser-enable.yml
@ -7,7 +7,7 @@
  become: false
  gather_facts: false
  vars_files:
-  - vars/vaults/encpass.yml
+  - vars/vaults/userman.yml

  tasks:
    - name: "Checking for user variables"
--- a/ansible/playbooks/adhoc-ipauser.yml
+++ b/ansible/playbooks/adhoc-ipauser.yml
@ -7,7 +7,7 @@
  become: false
  gather_facts: false
  vars_files:
-  - vars/vaults/encpass.yml
+  - vars/vaults/userman.yml

  tasks:
    - name: "Checking for user variables"
--- a/ansible/playbooks/vars/ipa/ipaprivs.yml
+++ b/ansible/playbooks/vars/ipa/ipaprivs.yml
@ -26,6 +26,13 @@ iparoles:
      - "Netgroups Administrators"
    user:
      - hostman
+  - role: Kerberos Managers
+    description: Kerberos Key Managers
+    privileges:
+      - "Privileges - Kerberos Managers"
+      - "Service Administrators"
+    user:
+      - kerbman
  - role: IPA User Managers
    description: Rocky IPA User Managers responsible for idm flow
    privileges: