--- - name: Check if required variables are defined ansible.builtin.fail: msg: "{{ item }} is not defined or empty" when: | (vars[item] is undefined) or (vars[item] is none) or (vars[item] | trim | length == 0) with_items: - kerberos_kdc_domain_name - kerberos_kdc_realm - kerberos_kdc_admin_principal - kerberos_kdc_db_password - name: Add Kerberos domain name to /etc/hosts ansible.builtin.lineinfile: dest: /etc/hosts regexp: ".*?\\s{{ kerberos_kdc_domain_name }}" line: "127.0.0.1 {{ kerberos_kdc_domain_name }}" state: present - name: Install Kerberos packages ansible.builtin.dnf: name: - krb5-server - krb5-workstation state: installed - name: Generate /etc/krb5.conf ansible.builtin.template: src: etc/krb5.conf.j2 dest: /etc/krb5.conf owner: root group: root mode: '0644' setype: krb5_conf_t notify: - restart krb5kdc - name: Generate /var/kerberos/krb5kdc/kdc.conf ansible.builtin.template: src: var/kerberos/krb5kdc/kdc.conf.j2 dest: /var/kerberos/krb5kdc/kdc.conf owner: root group: root mode: '0600' setype: krb5kdc_conf_t notify: - restart krb5kdc - name: Generate /var/kerberos/krb5kdc/kadm5.acl ansible.builtin.template: src: var/kerberos/krb5kdc/kadm5.acl.j2 dest: /var/kerberos/krb5kdc/kadm5.acl owner: root group: root mode: '0600' setype: krb5kdc_conf_t notify: - restart krb5kdc - name: Create Kerberos database ansible.builtin.command: "/usr/sbin/kdb5_util create -s -P {{ kerberos_kdc_db_password | quote }}" args: creates: /var/kerberos/krb5kdc/principal.ok notify: - restart krb5kdc - name: Enable and start krb5kdc service ansible.builtin.service: name: krb5kdc enabled: true state: started - name: Enable and start kadmin service ansible.builtin.service: name: kadmin enabled: true state: started - name: Get firewalld service status ansible.builtin.systemd: name: firewalld register: firewalld_service_status - name: Open Kerberos port on firewall ansible.posix.firewalld: zone: public service: kerberos immediate: true permanent: true state: enabled when: firewalld_service_status.status.ActiveState == 'active'