From 12767283c6d7dedc2bdb25b96604c5e896f65dfa Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sat, 23 Jan 2021 15:51:55 -0700 Subject: [PATCH] service accounts --- ansible/playbooks/adhoc-ipadnsrecord.yml | 2 +- ansible/playbooks/adhoc-ipadnszone.yml | 2 +- ansible/playbooks/adhoc-ipagetkeytab.yml | 3 ++- ansible/playbooks/adhoc-ipagroup.yml | 2 +- ansible/playbooks/adhoc-ipaservice.yml | 2 +- ansible/playbooks/adhoc-ipauser-disable.yml | 2 +- ansible/playbooks/adhoc-ipauser-enable.yml | 2 +- ansible/playbooks/adhoc-ipauser.yml | 2 +- ansible/playbooks/vars/ipa/ipaprivs.yml | 7 +++++++ 9 files changed, 16 insertions(+), 8 deletions(-) diff --git a/ansible/playbooks/adhoc-ipadnsrecord.yml b/ansible/playbooks/adhoc-ipadnsrecord.yml index e95a1a1..53ed07f 100644 --- a/ansible/playbooks/adhoc-ipadnsrecord.yml +++ b/ansible/playbooks/adhoc-ipadnsrecord.yml @@ -16,7 +16,7 @@ become: false gather_facts: false vars_files: - - vars/vaults/encpass.yml + - vars/vaults/hostman.yml tasks: - name: "Checking for user variables" diff --git a/ansible/playbooks/adhoc-ipadnszone.yml b/ansible/playbooks/adhoc-ipadnszone.yml index 5fd76fd..b24f588 100644 --- a/ansible/playbooks/adhoc-ipadnszone.yml +++ b/ansible/playbooks/adhoc-ipadnszone.yml @@ -8,7 +8,7 @@ become: false gather_facts: false vars_files: - - vars/vaults/encpass.yml + - vars/vaults/hostman.yml tasks: - name: "Checking for user variables" diff --git a/ansible/playbooks/adhoc-ipagetkeytab.yml b/ansible/playbooks/adhoc-ipagetkeytab.yml index e610693..c89d3d7 100644 --- a/ansible/playbooks/adhoc-ipagetkeytab.yml +++ b/ansible/playbooks/adhoc-ipagetkeytab.yml @@ -18,12 +18,13 @@ become: true gather_facts: false vars_files: - - vars/vaults/encpass.yml + - vars/vaults/kerbman.yml tasks: - name: "Checking for user variables" assert: that: + - ipa_admin | mandatory - ipaadmin_password | mandatory - ipa_service | mandatory - ipa_keytab_fullpath | mandatory diff --git a/ansible/playbooks/adhoc-ipagroup.yml b/ansible/playbooks/adhoc-ipagroup.yml index ef2d525..793eb11 100644 --- a/ansible/playbooks/adhoc-ipagroup.yml +++ b/ansible/playbooks/adhoc-ipagroup.yml @@ -10,7 +10,7 @@ become: false gather_facts: false vars_files: - - vars/vaults/encpass.yml + - vars/vaults/userman.yml tasks: - name: "Checking for user variables" diff --git a/ansible/playbooks/adhoc-ipaservice.yml b/ansible/playbooks/adhoc-ipaservice.yml index b93527f..d4f0fd5 100644 --- a/ansible/playbooks/adhoc-ipaservice.yml +++ b/ansible/playbooks/adhoc-ipaservice.yml @@ -7,7 +7,7 @@ become: false gather_facts: false vars_files: - - vars/vaults/encpass.yml + - vars/vaults/kerbman.yml tasks: - name: "Checking for user variables" diff --git a/ansible/playbooks/adhoc-ipauser-disable.yml b/ansible/playbooks/adhoc-ipauser-disable.yml index cea43e6..dd0153b 100644 --- a/ansible/playbooks/adhoc-ipauser-disable.yml +++ b/ansible/playbooks/adhoc-ipauser-disable.yml @@ -7,7 +7,7 @@ become: false gather_facts: false vars_files: - - vars/vaults/encpass.yml + - vars/vaults/userman.yml tasks: - name: "Checking for user variables" diff --git a/ansible/playbooks/adhoc-ipauser-enable.yml b/ansible/playbooks/adhoc-ipauser-enable.yml index 6043238..1ccea7e 100644 --- a/ansible/playbooks/adhoc-ipauser-enable.yml +++ b/ansible/playbooks/adhoc-ipauser-enable.yml @@ -7,7 +7,7 @@ become: false gather_facts: false vars_files: - - vars/vaults/encpass.yml + - vars/vaults/userman.yml tasks: - name: "Checking for user variables" diff --git a/ansible/playbooks/adhoc-ipauser.yml b/ansible/playbooks/adhoc-ipauser.yml index 8c51c4e..2019125 100644 --- a/ansible/playbooks/adhoc-ipauser.yml +++ b/ansible/playbooks/adhoc-ipauser.yml @@ -7,7 +7,7 @@ become: false gather_facts: false vars_files: - - vars/vaults/encpass.yml + - vars/vaults/userman.yml tasks: - name: "Checking for user variables" diff --git a/ansible/playbooks/vars/ipa/ipaprivs.yml b/ansible/playbooks/vars/ipa/ipaprivs.yml index dd17ddd..00260f2 100644 --- a/ansible/playbooks/vars/ipa/ipaprivs.yml +++ b/ansible/playbooks/vars/ipa/ipaprivs.yml @@ -26,6 +26,13 @@ iparoles: - "Netgroups Administrators" user: - hostman + - role: Kerberos Managers + description: Kerberos Key Managers + privileges: + - "Privileges - Kerberos Managers" + - "Service Administrators" + user: + - kerbman - role: IPA User Managers description: Rocky IPA User Managers responsible for idm flow privileges: