---
- name: get keytzb
hosts: keytab_host
become: true
gather_facts: true
tasks:
- name: add service {{ keytab }} principal to ipa
ipaservice:
ipaadmin_password: '{{ ipaadmin_password }}'
name: '{{ principal }}'
state: present
force: true
when: keytab.type == 'service'
delegate_to: "{{ groups['ipaserver'][0] }}"
- name: check if {{ keytab.value.keytab }} exists
stat:
path: '{{ keytab.value.keytab }}'
register: keytab_stat
- name: check kvno of keytab
command: kinit -k -t {{ keytab }} {{ principal }}
register: validate_keytab
changed_when: false
failed_when:
- validate_keytab.rc > 1
when: keytab_stat.stat.exists
- name: install {{ keytab }}
shell: |
echo {{ ipaadmin_password }}| kinit {{ ipa_admin }}
ipa-getkeytab -s {{ groups['ipaserver'][0] }} -p {{ principal }} -k {{ keytab }}
register: get_keytab
when: ( not keytab_stat.stat.exists ) or ( validate_keytab.rc )
changed_when: "'Keytab successfully retrieved and stored in' in get_keytab.stdout"
no_log: true
- name: ensure {{ keytab.value.keytab }} owner and mode
file:
path: '{{ keytab }}'
group: '{{ group }}'
state: file
mode: '0600'
owner: '{{ user }}'