ansible/playbooks/sane.yml

---
- name: Deploy KVM virtual machines
  ansible.builtin.import_playbook: include/deploy-kvm-guest.yml
  vars:
    myhosts: sane

- name: Configure instance
  hosts: sane
  user: root
  gather_facts: true

  vars_files:
    - "{{ ansible_private }}/vars.yml"

  roles:
    - base
    - sane
    - scanservjs
    - mod_auth_gssapi
    - role: keytab
      keytab_path: /etc/httpd/httpd.keytab
      keytab_principals: HTTP/scan.foo.sh@FOO.SH
      keytab_group: apache

  tasks:
    - name: Require authentication for scanservjs
      ansible.builtin.copy:
        dest: /etc/httpd/conf.local.d/scanservjs-auth.conf
        content: |
          <Location /scanservjs>
            AuthType        GSSAPI
            GssapiBasicAuth On
            AuthName        "Password Required"
            Require         valid-user
          </Location>
        mode: "0644"
        owner: root
        group: "{{ ansible_wheel }}"
      notify: Restart apache