mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-11-11 00:11:25 +00:00
46 lines
1.4 KiB
YAML
46 lines
1.4 KiB
YAML
---
|
|
# This playbook is meant to be used with callable variables, like adhoc or AWX.
|
|
# What: Pulls keytabs for a kerberos service
|
|
# What is expected:
|
|
# -> ipa_service, using this format: SVC/hostname.rockylinux.org@ROCKYLINUX.ORG
|
|
# -> ipa_keytab_fullpath: The full path to the keytab. Example: /etc/gitlab/gitlab.keytab
|
|
# -> ipa_server: This needs to be one of the IPA servers
|
|
# -> ipa_owner: If applicable, the local account that will own this keytab (eg for Apache)
|
|
|
|
- name: Pull keytab from IPA
|
|
hosts: "{{ host }}"
|
|
become: false
|
|
gather_facts: false
|
|
vars_files:
|
|
- vars/encpass.yml
|
|
|
|
tasks:
|
|
- name: "Checking for user variables"
|
|
assert:
|
|
that:
|
|
- ipaadmin_password | mandatory
|
|
- ipa_service | mandatory
|
|
- ipa_keytab_fullpath | mandatory
|
|
- ipa_server | mandatory
|
|
success_msg: "Required variables provided"
|
|
fail_msg: "We are missing required information"
|
|
|
|
- name: "Pulling keytab"
|
|
command: "ipa-getkeytab -s {{ ipa_server }} -p {{ ipa_service }} -k {{ ipa_keytab_fullpath }}"
|
|
register: ipakeytab_result
|
|
changed_when:
|
|
- ipakeytab_result.rc == 0
|
|
tags:
|
|
- keytab
|
|
|
|
- name: "Set ownership if applicable"
|
|
file:
|
|
path: "{{ ipa_keytab_fullpath }}"
|
|
owner: "{{ ipa_owner }}"
|
|
group: "{{ ipa_owner }}"
|
|
mode: '0600'
|
|
state: file
|
|
when: ipa_owner
|
|
tags:
|
|
- keytab
|