foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

keytab: Don't use hardcoded tempfile

Browse source
This commit is contained in:
Timo Makinen 2025-01-30 19:32:52 +00:00
parent 243574e415
commit 872115a9a9
1 changed files with 18 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
roles/keytab/tasks/main.yml
View file

@ -5,6 +5,21 @@
register: keytab_status register: keytab_status
check_mode: false check_mode: false
- name: Create temporary file
ansible.builtin.tempfile:
state: file
register: tempfile
when: not keytab_status.stat.exists
- name: Initialize keytab
ansible.builtin.copy:
dest: tempfile.path
content: "\\0005\\0002\\c"
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
when: not keytab_status.stat.exists
- name: Add principal to keytab - name: Add principal to keytab
ansible.builtin.command: ansible.builtin.command:
argv: argv:
@ -13,7 +28,7 @@
- host=ldaps://ldap01.foo.sh - host=ldaps://ldap01.foo.sh
- ktadd - ktadd
- -k - -k
- "/tmp/{{ inventory_hostname }}.kt" - "{{ tempfile.path }}"
- "{{ item }}" - "{{ item }}"
with_items: "{{ keytab_principals }}" with_items: "{{ keytab_principals }}"
delegate_to: ldap01.home.foo.sh delegate_to: ldap01.home.foo.sh
@ -23,14 +38,14 @@
ansible.builtin.command: ansible.builtin.command:
argv: argv:
- base64 - base64
- "/tmp/{{ inventory_hostname }}.kt" - "{{ tempfile.path }}"
register: keytab_data register: keytab_data
delegate_to: ldap01.home.foo.sh delegate_to: ldap01.home.foo.sh
when: not keytab_status.stat.exists when: not keytab_status.stat.exists
- name: Delete temporary file - name: Delete temporary file
ansible.builtin.file: ansible.builtin.file:
path: "/tmp/{{ inventory_hostname }}.kt" path: "{{ tempfile.path }}"
state: absent state: absent
delegate_to: ldap01.home.foo.sh delegate_to: ldap01.home.foo.sh
when: not keytab_status.stat.exists when: not keytab_status.stat.exists