add kdcproxy to kdc role

2019-05-29 03:15:49 +03:00 · 2019-05-29 03:15:49 +03:00 · f2934aef91
commit f2934aef91
parent f1d32f86b7
2 changed files with 35 additions and 0 deletions
--- a/roles/kerberos/kdc/meta/main.yml
+++ b/roles/kerberos/kdc/meta/main.yml
@ -0,0 +1,4 @@
+---
+dependencies:
+  - {role: nginx/server}
+  - {role: gunicorn}
--- a/roles/kerberos/kdc/tasks/main.yml
+++ b/roles/kerberos/kdc/tasks/main.yml
@ -6,6 +6,7 @@
  with_items:
    - krb5-server
    - krb5-server-ldap
+    - python-kdcproxy

 - name: create kerberos config
  template:
@ -33,3 +34,33 @@
    name: krb5kdc
    state: started
    enabled: true
+
+- name: create kdcproxy group
+  group:
+    name: kdcproxy
+    system: true
+
+- name: create kdcproxy user
+  user:
+    name: kdcproxy
+    comment: KDC Proxy
+    group: kdcproxy
+    groups: gunicorn
+    home: /var/empty
+    shell: /sbin/nologin
+    system: true
+
+- name: create kdcproxy socket file
+  copy:
+    dest: /lib/systemd/system/gunicorn@kdcproxy.socket
+    src: /lib/systemd/system/gunicorn@.socket
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+    remote_src: true
+
+- name: enable kdcproxy socket
+  systemd:
+    name: gunicorn@kdcproxy.socket
+    enabled: true
+    state: started