ansible-msvsphere.ci/roles/kerberos_principal/tasks/main.yml

---
- name: Check if principal name is defined
  ansible.builtin.fail:
    msg: 'Kerberos principal name is required'
  when: |
    kerberos_principal_name is undefined or
    kerberos_principal_name is none or
    (kerberos_principal_name | trim | length == 0)

- block:
    - name: Check if principal exists
      ansible.builtin.command:
        argv:
          - /sbin/kadmin.local
          - list_principals
          - "{{ principal }}"
      register: principal_check
      changed_when: "principal_check.stdout == ''"

    - name: Create principal with password
      ansible.builtin.command:
        argv:
          - /sbin/kadmin.local
          - addprinc
          - -pw
          - "{{ kerberos_principal_password }}"
          - "{{ principal }}"
      when: principal_check.changed and kerberos_principal_password

    - name: Create principal without password
      ansible.builtin.command:
        argv:
          - /sbin/kadmin.local
          - addprinc
          - -randkey
          - "{{ principal }}"
      when: principal_check.changed and not kerberos_principal_password

    - name: Generate principal keytab
      ansible.builtin.command:
        argv:
          - /sbin/kadmin.local
          - ktadd
          - -k
          - "{{ kerberos_principal_keytab_path }}"
          - -norandkey
          - "{{ principal }}"
        creates: "{{ kerberos_principal_keytab_path }}"
      when: kerberos_principal_keytab_path
  vars:
    principal: "{{ kerberos_principal_name }}{{ kerberos_principal_realm | ternary('@' + kerberos_principal_realm, '') }}"
Adds kerberos_principal and koji_server roles 11 months ago			`---`
			`- name: Check if principal name is defined`
			`ansible.builtin.fail:`
			`msg: 'Kerberos principal name is required'`
			`when: \|`
			`kerberos_principal_name is undefined or`
			`kerberos_principal_name is none or`
			`(kerberos_principal_name \| trim \| length == 0)`

			`- block:`
			`- name: Check if principal exists`
			`ansible.builtin.command:`
			`argv:`
			`- /sbin/kadmin.local`
			`- list_principals`
			`- "{{ principal }}"`
			`register: principal_check`
			`changed_when: "principal_check.stdout == ''"`

			`- name: Create principal with password`
			`ansible.builtin.command:`
			`argv:`
			`- /sbin/kadmin.local`
			`- addprinc`
			`- -pw`
			`- "{{ kerberos_principal_password }}"`
			`- "{{ principal }}"`
			`when: principal_check.changed and kerberos_principal_password`

			`- name: Create principal without password`
			`ansible.builtin.command:`
			`argv:`
			`- /sbin/kadmin.local`
			`- addprinc`
			`- -randkey`
			`- "{{ principal }}"`
			`when: principal_check.changed and not kerberos_principal_password`

			`- name: Generate principal keytab`
			`ansible.builtin.command:`
			`argv:`
			`- /sbin/kadmin.local`
			`- ktadd`
			`- -k`
			`- "{{ kerberos_principal_keytab_path }}"`
			`- -norandkey`
			`- "{{ principal }}"`
			`creates: "{{ kerberos_principal_keytab_path }}"`
			`when: kerberos_principal_keytab_path`
			`vars:`
			`principal: "{{ kerberos_principal_name }}{{ kerberos_principal_realm \| ternary('@' + kerberos_principal_realm, '') }}"`