forked from saratov/infra
kerberos5: Small refactore
This commit is contained in:
parent
54c4fe6021
commit
623e2ba9c2
@ -15,6 +15,7 @@
|
||||
register:
|
||||
altlinux_openresolv_status
|
||||
failed_when: False
|
||||
changed_when: False
|
||||
|
||||
- set_fact:
|
||||
altlinux_openresolv_exists: "{{ altlinux_openresolv_status.rc != 3 }}"
|
||||
@ -36,9 +37,10 @@
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: set hostname (non permanent)
|
||||
shell: hostname "{{inventory_hostname_short}}.{{krb5_realm}}"
|
||||
changed_when: false
|
||||
- name: set hostname
|
||||
ansible.builtin.hostname:
|
||||
name: "{{ inventory_hostname_short }}.{{ krb5_realm }}"
|
||||
use: systemd
|
||||
|
||||
- name: Deploy Kerberos 5 server
|
||||
include_tasks: master.yml
|
||||
|
||||
@ -52,10 +52,16 @@
|
||||
group: root
|
||||
mode: 0600
|
||||
|
||||
- name: Check Kerberos 5 admin principal
|
||||
shell: "kadmin.local listprincs admin/admin"
|
||||
register: admin_principal_state
|
||||
changed_when: False
|
||||
|
||||
# Then we need at least one principal with administrative privileges
|
||||
# in order to work with Kerberos database via `kadmin` daemon.
|
||||
- name: Create Kerberos 5 admin principal
|
||||
shell: "kadmin.local -q 'addprinc -pw {{ krb5_admin_pass }} admin/admin@{{ krb5_realm | upper }}'"
|
||||
when: admin_principal_state is success and admin_principal_state.stdout | length == 0
|
||||
|
||||
# Start krb5kdc finally
|
||||
- name: Enable and start krb5kdc
|
||||
|
||||
Loading…
Reference in New Issue
Block a user