From 8c1a54dafbcdb87fa1681e3eb96be584a09caf50 Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sun, 20 Dec 2020 22:45:55 -0700 Subject: [PATCH] Add ipa-getkeytab playbook --- ansible/playbooks/adhoc-ipagetkeytab.yml | 33 ++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 ansible/playbooks/adhoc-ipagetkeytab.yml diff --git a/ansible/playbooks/adhoc-ipagetkeytab.yml b/ansible/playbooks/adhoc-ipagetkeytab.yml new file mode 100644 index 0000000..3863661 --- /dev/null +++ b/ansible/playbooks/adhoc-ipagetkeytab.yml @@ -0,0 +1,33 @@ +--- +# This playbook is meant to be used with callable variables, like adhoc or AWX. +# What: Pulls keytabs for a kerberos service +# What is expected: +# -> ipaService, using this format: SVC/hostname.rockylinux.org@ROCKYLINUX.ORG +# -> ipaKeytabFullPath: The full path to the keytab. Example: /etc/gitlab/gitlab.keytab +# -> ipaServer: This needs to be one of the IPA servers + +- name: Pull keytab from IPA + hosts: "{{ host }}" + become: false + gather_facts: false + vars_files: + - vars/encpass.yml + + tasks: + - name: "Checking for user variables" + assert: + that: + - ipaadmin_password | mandatory + - ipaService | mandatory + - ipaKeytabFullPath | mandatory + - ipaServer | mandatory + success_msg: "Required variables provided" + fail_msg: "We are missing required information" + + - name: "Pulling keytab" + command: "ipa-getkeytab -s {{ ipaServer }} -p {{ ipaService }} -k {{ ipaKeytabFullPath }}" + register: ipakeytab_result + changed_when: + - ipakeytab_result.rc == 0 + tags: + - keytab