From 4cac7b8bc71be117c2af1b0e4c34793729c99a10 Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Wed, 29 May 2019 19:37:55 +0300 Subject: [PATCH] finish up kdcproxy --- roles/kerberos/kdc/tasks/main.yml | 22 +++++++++++++++++++ roles/kerberos/kdc/templates/kdcproxy.conf.j2 | 4 ++++ .../kdc/templates/nginx-kdcproxy.conf.j2 | 3 +++ 3 files changed, 29 insertions(+) create mode 100644 roles/kerberos/kdc/templates/kdcproxy.conf.j2 create mode 100644 roles/kerberos/kdc/templates/nginx-kdcproxy.conf.j2 diff --git a/roles/kerberos/kdc/tasks/main.yml b/roles/kerberos/kdc/tasks/main.yml index 9c53c9c..9874037 100644 --- a/roles/kerberos/kdc/tasks/main.yml +++ b/roles/kerberos/kdc/tasks/main.yml @@ -50,6 +50,19 @@ shell: /sbin/nologin system: true +- name: add nginx to kdcproxy group + user: + name: nginx + groups: kdcproxy + +- name: create kdcproxy config + template: + dest: /etc/kdcproxy.conf + src: kdcproxy.conf.j2 + mode: 0644 + owner: root + group: "{{ ansible_wheel }}" + - name: create kdcproxy socket file copy: dest: /lib/systemd/system/gunicorn@kdcproxy.socket @@ -64,3 +77,12 @@ name: gunicorn@kdcproxy.socket enabled: true state: started + +- name: create kdcproxy config for nginx + template: + dest: "/etc/nginx/conf.d/{{ inventory_hostname }}/kdcproxy.conf" + src: nginx-kdcproxy.conf.j2 + mode: 0644 + owner: root + group: "{{ ansible_wheel }}" + notify: restart nginx diff --git a/roles/kerberos/kdc/templates/kdcproxy.conf.j2 b/roles/kerberos/kdc/templates/kdcproxy.conf.j2 new file mode 100644 index 0000000..34af5df --- /dev/null +++ b/roles/kerberos/kdc/templates/kdcproxy.conf.j2 @@ -0,0 +1,4 @@ +[global] + +[{{ kerberos_realm }}] +kerberos = kerberos+tcp://localhost diff --git a/roles/kerberos/kdc/templates/nginx-kdcproxy.conf.j2 b/roles/kerberos/kdc/templates/nginx-kdcproxy.conf.j2 new file mode 100644 index 0000000..6745e46 --- /dev/null +++ b/roles/kerberos/kdc/templates/nginx-kdcproxy.conf.j2 @@ -0,0 +1,3 @@ +location /KdcProxy { + proxy_pass http://unix:/run/gunicorn/gunicorn-kdcproxy.sock:/KdcProxy; +}