msvsphere
/
ansible-msvsphere.ci
12
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '757bbe335e'
${ noResults }
ansible-msvsphere.ci/roles/kerberos_kdc/tasks/main.yml

94 lines
2.2 KiB
Raw Blame History

---
- name: Check if required variables are defined
ansible.builtin.fail:
msg: "{{ item }} is not defined or empty"
when: |
(vars[item] is undefined)
or (vars[item] is none)
or (vars[item] | trim | length == 0)
with_items:
- kerberos_kdc_domain_name
- kerberos_kdc_realm
- kerberos_kdc_admin_principal
- kerberos_kdc_db_password
- name: Add Kerberos domain name to /etc/hosts
ansible.builtin.lineinfile:
dest: /etc/hosts
regexp: ".*?\\s{{ kerberos_kdc_domain_name }}"
line: "127.0.0.1 {{ kerberos_kdc_domain_name }}"
state: present
- name: Install Kerberos packages
ansible.builtin.dnf:
name:
- krb5-server
- krb5-workstation
state: installed
- name: Generate /etc/krb5.conf
ansible.builtin.template:
src: etc/krb5.conf.j2
dest: /etc/krb5.conf
owner: root
group: root
mode: '0644'
setype: krb5_conf_t
notify:
- restart krb5kdc
- name: Generate /var/kerberos/krb5kdc/kdc.conf
ansible.builtin.template:
src: var/kerberos/krb5kdc/kdc.conf.j2
dest: /var/kerberos/krb5kdc/kdc.conf
owner: root
group: root
mode: '0600'
setype: krb5kdc_conf_t
notify:
- restart krb5kdc
- name: Generate /var/kerberos/krb5kdc/kadm5.acl
ansible.builtin.template:
src: var/kerberos/krb5kdc/kadm5.acl.j2
dest: /var/kerberos/krb5kdc/kadm5.acl
owner: root
group: root
mode: '0600'
setype: krb5kdc_conf_t
notify:
- restart krb5kdc
- name: Create Kerberos database
ansible.builtin.command: "/usr/sbin/kdb5_util create -s -P {{ kerberos_kdc_db_password | quote }}"
args:
creates: /var/kerberos/krb5kdc/principal.ok
notify:
- restart krb5kdc
- name: Enable and start krb5kdc service
ansible.builtin.service:
name: krb5kdc
enabled: true
state: started
- name: Enable and start kadmin service
ansible.builtin.service:
name: kadmin
enabled: true
state: started
- name: Get firewalld service status
ansible.builtin.systemd:
name: firewalld
register: firewalld_service_status
- name: Open Kerberos port on firewall
ansible.posix.firewalld:
zone: public
service: kerberos
immediate: true
permanent: true
state: enabled
when: firewalld_service_status.status.ActiveState == 'active'
Reference in new issue View Git Blame Copy Permalink