keytab: Prefix variable names with keytab_
This commit is contained in:
parent
4fb04065f9
commit
e2c59bc220
11 changed files with 24 additions and 24 deletions
|
|
@ -28,7 +28,7 @@
|
||||||
- ansible_host
|
- ansible_host
|
||||||
- certbot
|
- certbot
|
||||||
- role: keytab
|
- role: keytab
|
||||||
principals:
|
keytab_principals:
|
||||||
- "host/{{ inventory_hostname }}@{{ kerberos_realm }}"
|
- "host/{{ inventory_hostname }}@{{ kerberos_realm }}"
|
||||||
- nfs_client
|
- nfs_client
|
||||||
- sssd
|
- sssd
|
||||||
|
|
|
||||||
|
|
@ -28,9 +28,9 @@
|
||||||
- collab
|
- collab
|
||||||
- mod_auth_gssapi
|
- mod_auth_gssapi
|
||||||
- role: keytab
|
- role: keytab
|
||||||
keytab: /etc/httpd/httpd.keytab
|
keytab_path: /etc/httpd/httpd.keytab
|
||||||
principals: HTTP/collab.foo.sh@FOO.SH
|
keytab_principals: HTTP/collab.foo.sh@FOO.SH
|
||||||
group: apache
|
keytab_group: apache
|
||||||
- ldap
|
- ldap
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,7 @@
|
||||||
roles:
|
roles:
|
||||||
- base
|
- base
|
||||||
- role: keytab
|
- role: keytab
|
||||||
principals:
|
keytab_principals:
|
||||||
- "host/{{ inventory_hostname }}@{{ kerberos_realm }}"
|
- "host/{{ inventory_hostname }}@{{ kerberos_realm }}"
|
||||||
- "smtp/{{ mail_server }}@{{ kerberos_realm }}"
|
- "smtp/{{ mail_server }}@{{ kerberos_realm }}"
|
||||||
- nfs_client
|
- nfs_client
|
||||||
|
|
|
||||||
|
|
@ -38,7 +38,7 @@
|
||||||
- sssd
|
- sssd
|
||||||
- nfs_server
|
- nfs_server
|
||||||
- role: keytab
|
- role: keytab
|
||||||
principals: "nfs/{{ inventory_hostname }}@FOO.SH"
|
keytab_principals: "nfs/{{ inventory_hostname }}@FOO.SH"
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Copy exports file
|
- name: Copy exports file
|
||||||
|
|
|
||||||
|
|
@ -50,5 +50,5 @@
|
||||||
ansible.builtin.import_role:
|
ansible.builtin.import_role:
|
||||||
name: keytab
|
name: keytab
|
||||||
vars:
|
vars:
|
||||||
keytab: /etc/cups/cups.keytab
|
keytab_path: /etc/cups/cups.keytab
|
||||||
principals: "HTTP/print.foo.sh@{{ kerberos_realm }}"
|
keytab_principals: "HTTP/print.foo.sh@{{ kerberos_realm }}"
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@
|
||||||
roles:
|
roles:
|
||||||
- base
|
- base
|
||||||
- role: keytab
|
- role: keytab
|
||||||
principals:
|
keytab_principals:
|
||||||
- "host/{{ inventory_hostname }}@{{ kerberos_realm }}"
|
- "host/{{ inventory_hostname }}@{{ kerberos_realm }}"
|
||||||
- "nfs/{{ inventory_hostname }}@{{ kerberos_realm }}"
|
- "nfs/{{ inventory_hostname }}@{{ kerberos_realm }}"
|
||||||
- nfs_client
|
- nfs_client
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@
|
||||||
roles:
|
roles:
|
||||||
- base
|
- base
|
||||||
- role: keytab
|
- role: keytab
|
||||||
principals:
|
keytab_principals:
|
||||||
- "host/{{ inventory_hostname }}@FOO.SH"
|
- "host/{{ inventory_hostname }}@FOO.SH"
|
||||||
- "nfs/{{ inventory_hostname }}@FOO.SH"
|
- "nfs/{{ inventory_hostname }}@FOO.SH"
|
||||||
- nfs_client
|
- nfs_client
|
||||||
|
|
|
||||||
|
|
@ -27,9 +27,9 @@
|
||||||
- base
|
- base
|
||||||
- mod_auth_gssapi
|
- mod_auth_gssapi
|
||||||
- role: keytab
|
- role: keytab
|
||||||
keytab: /etc/httpd/httpd.keytab
|
keytab_path: /etc/httpd/httpd.keytab
|
||||||
principals: HTTP/zm.foo.sh@FOO.SH
|
keytab_principals: HTTP/zm.foo.sh@FOO.SH
|
||||||
group: apache
|
keytab_group: apache
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Run handlers to get interfaces configured
|
- name: Run handlers to get interfaces configured
|
||||||
|
|
|
||||||
|
|
@ -8,10 +8,10 @@
|
||||||
ansible.builtin.include_role:
|
ansible.builtin.include_role:
|
||||||
name: keytab
|
name: keytab
|
||||||
vars:
|
vars:
|
||||||
keytab: /etc/dovecot/dovecot.keytab
|
keytab_path: /etc/dovecot/dovecot.keytab
|
||||||
principals:
|
keytab_principals:
|
||||||
- "imap/{{ mail_server }}@{{ kerberos_realm }}"
|
- "imap/{{ mail_server }}@{{ kerberos_realm }}"
|
||||||
group: dovecot
|
keytab_group: dovecot
|
||||||
|
|
||||||
- name: Install privatekey
|
- name: Install privatekey
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,3 @@
|
||||||
---
|
---
|
||||||
keytab: /etc/krb5.keytab
|
keytab_path: /etc/krb5.keytab
|
||||||
group: "{{ ansible_wheel }}"
|
keytab_group: "{{ ansible_wheel }}"
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
- name: Check if keytab exists
|
- name: Check if keytab exists
|
||||||
ansible.builtin.stat:
|
ansible.builtin.stat:
|
||||||
path: "{{ keytab }}"
|
path: "{{ keytab_path }}"
|
||||||
register: keytab_status
|
register: keytab_status
|
||||||
check_mode: false
|
check_mode: false
|
||||||
|
|
||||||
|
|
@ -15,7 +15,7 @@
|
||||||
- -k
|
- -k
|
||||||
- "/tmp/{{ inventory_hostname }}.kt"
|
- "/tmp/{{ inventory_hostname }}.kt"
|
||||||
- "{{ item }}"
|
- "{{ item }}"
|
||||||
with_items: "{{ principals }}"
|
with_items: "{{ keytab_principals }}"
|
||||||
delegate_to: ldap01.home.foo.sh
|
delegate_to: ldap01.home.foo.sh
|
||||||
when: not keytab_status.stat.exists
|
when: not keytab_status.stat.exists
|
||||||
|
|
||||||
|
|
@ -39,12 +39,12 @@
|
||||||
ansible.builtin.shell: >-
|
ansible.builtin.shell: >-
|
||||||
set -o pipefail &&
|
set -o pipefail &&
|
||||||
umask 077 &&
|
umask 077 &&
|
||||||
echo '{{ keytab_data.stdout }}' | base64 -d > "{{ keytab }}"
|
echo '{{ keytab_data.stdout }}' | base64 -d > "{{ keytab_path }}"
|
||||||
when: not keytab_status.stat.exists
|
when: not keytab_status.stat.exists
|
||||||
|
|
||||||
- name: Check keytab permissions
|
- name: Check keytab permissions
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ keytab }}"
|
path: "{{ keytab_path }}"
|
||||||
mode: "{% if group == ansible_wheel %}0600{% else %}0640{% endif %}"
|
mode: "{% if keytab_group == ansible_wheel %}0600{% else %}0640{% endif %}"
|
||||||
owner: root
|
owner: root
|
||||||
group: "{{ group }}"
|
group: "{{ keytab_group }}"
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue