From 8c1a54dafbcdb87fa1681e3eb96be584a09caf50 Mon Sep 17 00:00:00 2001
From: nazunalika <tucklesepk@gmail.com>
Date: Sun, 20 Dec 2020 22:45:55 -0700
Subject: [PATCH] Add ipa-getkeytab playbook

---
 ansible/playbooks/adhoc-ipagetkeytab.yml | 33 ++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 ansible/playbooks/adhoc-ipagetkeytab.yml

diff --git a/ansible/playbooks/adhoc-ipagetkeytab.yml b/ansible/playbooks/adhoc-ipagetkeytab.yml
new file mode 100644
index 0000000..3863661
--- /dev/null
+++ b/ansible/playbooks/adhoc-ipagetkeytab.yml
@@ -0,0 +1,33 @@
+---
+# This playbook is meant to be used with callable variables, like adhoc or AWX.
+# What: Pulls keytabs for a kerberos service
+# What is expected:
+#  -> ipaService, using this format: SVC/hostname.rockylinux.org@ROCKYLINUX.ORG
+#  -> ipaKeytabFullPath: The full path to the keytab. Example: /etc/gitlab/gitlab.keytab
+#  -> ipaServer: This needs to be one of the IPA servers
+
+- name: Pull keytab from IPA
+  hosts: "{{ host }}"
+  become: false
+  gather_facts: false
+  vars_files:
+    - vars/encpass.yml
+
+  tasks:
+    - name: "Checking for user variables"
+      assert:
+        that:
+          - ipaadmin_password | mandatory
+          - ipaService | mandatory
+          - ipaKeytabFullPath | mandatory
+          - ipaServer | mandatory
+        success_msg: "Required variables provided"
+        fail_msg: "We are missing required information"
+
+    - name: "Pulling keytab"
+      command: "ipa-getkeytab -s {{ ipaServer }} -p {{ ipaService }} -k {{ ipaKeytabFullPath }}"
+      register: ipakeytab_result
+      changed_when:
+        - ipakeytab_result.rc == 0
+      tags:
+        - keytab