You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
94 lines
2.2 KiB
94 lines
2.2 KiB
---
|
|
- name: Check if required variables are defined
|
|
ansible.builtin.fail:
|
|
msg: "{{ item }} is not defined or empty"
|
|
when: |
|
|
(vars[item] is undefined)
|
|
or (vars[item] is none)
|
|
or (vars[item] | trim | length == 0)
|
|
with_items:
|
|
- kerberos_kdc_domain_name
|
|
- kerberos_kdc_realm
|
|
- kerberos_kdc_admin_principal
|
|
- kerberos_kdc_db_password
|
|
|
|
- name: Add Kerberos domain name to /etc/hosts
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/hosts
|
|
regexp: ".*?\\s{{ kerberos_kdc_domain_name }}"
|
|
line: "127.0.0.1 {{ kerberos_kdc_domain_name }}"
|
|
state: present
|
|
|
|
- name: Install Kerberos packages
|
|
ansible.builtin.dnf:
|
|
name:
|
|
- krb5-server
|
|
- krb5-workstation
|
|
state: installed
|
|
|
|
- name: Generate /etc/krb5.conf
|
|
ansible.builtin.template:
|
|
src: etc/krb5.conf.j2
|
|
dest: /etc/krb5.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
setype: krb5_conf_t
|
|
notify:
|
|
- restart krb5kdc
|
|
|
|
- name: Generate /var/kerberos/krb5kdc/kdc.conf
|
|
ansible.builtin.template:
|
|
src: var/kerberos/krb5kdc/kdc.conf.j2
|
|
dest: /var/kerberos/krb5kdc/kdc.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
setype: krb5kdc_conf_t
|
|
notify:
|
|
- restart krb5kdc
|
|
|
|
- name: Generate /var/kerberos/krb5kdc/kadm5.acl
|
|
ansible.builtin.template:
|
|
src: var/kerberos/krb5kdc/kadm5.acl.j2
|
|
dest: /var/kerberos/krb5kdc/kadm5.acl
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
setype: krb5kdc_conf_t
|
|
notify:
|
|
- restart krb5kdc
|
|
|
|
- name: Create Kerberos database
|
|
ansible.builtin.command: "/usr/sbin/kdb5_util create -s -P {{ kerberos_kdc_db_password | quote }}"
|
|
args:
|
|
creates: /var/kerberos/krb5kdc/principal.ok
|
|
notify:
|
|
- restart krb5kdc
|
|
|
|
- name: Enable and start krb5kdc service
|
|
ansible.builtin.service:
|
|
name: krb5kdc
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Enable and start kadmin service
|
|
ansible.builtin.service:
|
|
name: kadmin
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Get firewalld service status
|
|
ansible.builtin.systemd:
|
|
name: firewalld
|
|
register: firewalld_service_status
|
|
|
|
- name: Open Kerberos port on firewall
|
|
ansible.posix.firewalld:
|
|
zone: public
|
|
service: kerberos
|
|
immediate: true
|
|
permanent: true
|
|
state: enabled
|
|
when: firewalld_service_status.status.ActiveState == 'active'
|