From 00f7b86de61e13f71685b066c5f5ce37e29e043b Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Thu, 6 Jun 2019 00:29:10 +0300 Subject: [PATCH] first version of kerberos/keytab role --- roles/kerberos/keytab/defaults/main.yml | 2 ++ roles/kerberos/keytab/tasks/main.yml | 35 +++++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 roles/kerberos/keytab/defaults/main.yml create mode 100644 roles/kerberos/keytab/tasks/main.yml diff --git a/roles/kerberos/keytab/defaults/main.yml b/roles/kerberos/keytab/defaults/main.yml new file mode 100644 index 0000000..9c85390 --- /dev/null +++ b/roles/kerberos/keytab/defaults/main.yml @@ -0,0 +1,2 @@ +--- +group: "{{ ansible_wheel }}" diff --git a/roles/kerberos/keytab/tasks/main.yml b/roles/kerberos/keytab/tasks/main.yml new file mode 100644 index 0000000..7daae01 --- /dev/null +++ b/roles/kerberos/keytab/tasks/main.yml @@ -0,0 +1,35 @@ +--- +- name: check if keytab exists + stat: + path: "{{ keytab }}" + register: keytab_status + check_mode: false + +- block: + - block: + - name: check if principal exists + command: "kadmin.local getprinc {{ item }}" + with_items: "{{ principals }}" + check_mode: false + - name: "add principal to keytab" + command: "kadmin.local ktadd -k /tmp/{{ inventory_hostname }}.kt \ + {{ item }}" + with_items: "{{ principals }}" + - name: get keytab + command: "base64 /tmp/{{ inventory_hostname }}.kt" + register: keytab_data + - name: delete temporary file + file: + path: "/tmp/{{ inventory_hostname }}.kt" + state: absent + delegate_to: ldap01.home.foo.sh + - name: deploy keytab file + shell: "umask 077 && echo '{{ keytab_data.stdout }}' | base64 -d > {{keytab }}" + when: not keytab_status.stat.exists + +- name: check keytab permissions + file: + path: "{{ keytab }}" + mode: "{% if group == ansible_wheel %}0600{% else %}0640{% endif %}" + owner: root + group: "{{ group }}"