61 lines
1.5 KiB
YAML
61 lines
1.5 KiB
YAML
---
|
|
- name: Check if keytab exists
|
|
ansible.builtin.stat:
|
|
path: "{{ keytab_path }}"
|
|
register: keytab_status
|
|
check_mode: false
|
|
|
|
- name: Create keytab
|
|
block:
|
|
- name: Create temporary file
|
|
ansible.builtin.tempfile:
|
|
state: file
|
|
register: tempfile
|
|
|
|
- name: Initialize keytab
|
|
ansible.builtin.copy:
|
|
dest: "{{ tempfile.path }}"
|
|
src: empty.keytab
|
|
mode: "0600"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: Add principal to keytab
|
|
ansible.builtin.command:
|
|
argv:
|
|
- kadmin.local
|
|
- -x
|
|
- host=ldaps://ldap01.foo.sh
|
|
- ktadd
|
|
- -k
|
|
- "{{ tempfile.path }}"
|
|
- "{{ item }}"
|
|
with_items: "{{ keytab_principals }}"
|
|
|
|
- name: Get keytab
|
|
ansible.builtin.command:
|
|
argv:
|
|
- base64
|
|
- "{{ tempfile.path }}"
|
|
register: keytab_data
|
|
|
|
- name: Delete temporary file
|
|
ansible.builtin.file:
|
|
path: "{{ tempfile.path }}"
|
|
state: absent
|
|
when: not keytab_status.stat.exists
|
|
delegate_to: ldap01.home.foo.sh
|
|
|
|
- name: Deploy keytab file
|
|
ansible.builtin.shell: >-
|
|
set -o pipefail &&
|
|
umask 077 &&
|
|
echo '{{ keytab_data.stdout }}' | base64 -d > "{{ keytab_path }}"
|
|
when: not keytab_status.stat.exists
|
|
|
|
- name: Check keytab permissions
|
|
ansible.builtin.file:
|
|
path: "{{ keytab_path }}"
|
|
mode: "{% if keytab_group == ansible_wheel %}0600{% else %}0640{% endif %}"
|
|
owner: root
|
|
group: "{{ keytab_group }}"
|