Add GSSAPI authentication to collab hosts

playbooks/collab.yml

@@ -22,3 +22,32 @@
 
   roles:
     - base
+    - collab
+    - mod_auth_gssapi
+    - role: kerberos/keytab
+      keytab: /etc/httpd/httpd.keytab
+      principals: HTTP/collab01.home.foo.sh@FOO.SH
+      group: apache
+
+  tasks:
+    - name: create htaccess for collab
+      copy:
+        content: |
+          RewriteEngine On
+          RewriteCond %{REQUEST_FILENAME} !-f
+          RewriteRule ^(.*)$ wsgi/$1 [QSA,PT,L]
+
+          <Files wsgi>
+            SetHandler wsgi-script
+          </Files>
+
+          AuthType        GSSAPI
+          GssapiBasicAuth On
+          AuthName        "Password Required (cancel for help)"
+          Require valid-user
+        dest: /srv/wikis/collab/htdocs/.htaccess
+        owner: collab
+        group: collab
+        mode: 0660
+        seuser: _default
+        setype: _default