ansible/roles/mod_auth_gssapi/tasks/main.yml

---
- name: Install packages
  ansible.builtin.package:
    name: mod_auth_gssapi
    state: installed
  notify: Restart apache

- name: Allow httpd to connect network
  ansible.posix.seboolean:
    name: httpd_can_network_connect
    state: true
    persistent: true

- name: Create httpd service drop-in directory
  ansible.builtin.file:
    path: /etc/systemd/system/httpd.service.d
    state: directory
    mode: 0755
    owner: root
    group: "{{ ansible_wheel }}"

- name: Set keytab path
  ansible.builtin.copy:
    dest: /etc/systemd/system/httpd.service.d/keytab.conf
    content: "[Service]\nEnvironment=KRB5_KTNAME=/etc/httpd/httpd.keytab\n"
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart apache