finish up kdcproxy

2019-05-29 19:37:55 +03:00 · 2019-05-29 19:37:55 +03:00 · 4cac7b8bc7
commit 4cac7b8bc7
parent 2ab21a87f5
3 changed files with 29 additions and 0 deletions
--- a/roles/kerberos/kdc/tasks/main.yml
+++ b/roles/kerberos/kdc/tasks/main.yml
@ -50,6 +50,19 @@
    shell: /sbin/nologin
    system: true

+- name: add nginx to kdcproxy group
+  user:
+    name: nginx
+    groups: kdcproxy
+
+- name: create kdcproxy config
+  template:
+    dest: /etc/kdcproxy.conf
+    src: kdcproxy.conf.j2
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+
 - name: create kdcproxy socket file
  copy:
    dest: /lib/systemd/system/gunicorn@kdcproxy.socket
@ -64,3 +77,12 @@
    name: gunicorn@kdcproxy.socket
    enabled: true
    state: started
+
+- name: create kdcproxy config for nginx
+  template:
+    dest: "/etc/nginx/conf.d/{{ inventory_hostname }}/kdcproxy.conf"
+    src: nginx-kdcproxy.conf.j2
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: restart nginx
--- a/roles/kerberos/kdc/templates/kdcproxy.conf.j2
+++ b/roles/kerberos/kdc/templates/kdcproxy.conf.j2
@ -0,0 +1,4 @@
+[global]
+
+[{{ kerberos_realm }}]
+kerberos = kerberos+tcp://localhost
--- a/roles/kerberos/kdc/templates/nginx-kdcproxy.conf.j2
+++ b/roles/kerberos/kdc/templates/nginx-kdcproxy.conf.j2
@ -0,0 +1,3 @@
+location /KdcProxy {
+    proxy_pass http://unix:/run/gunicorn/gunicorn-kdcproxy.sock:/KdcProxy;
+}