]> git.apps.os.sepia.ceph.com Git - ceph-cm-ansible.git/commitdiff
projects / ceph-cm-ansible.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 039150a)
common: add kerberos task
authorKen Dreyer <kdreyer@redhat.com>
Mon, 20 Apr 2015 19:06:55 +0000 (13:06 -0600)
committerKen Dreyer <kdreyer@redhat.com>
Mon, 20 Apr 2015 20:42:00 +0000 (14:42 -0600)
Add a new "kerberos" task to the common role. This will install the
kerberos client (kinit) on all hosts and configure /etc/krb5.conf with
the appropriate realm.

On our internal lab, ansible will insert our Red Hat kerberos realm into
the default_realm. In the community lab, this will use a dummy
EXAMPLE.COM realm, similar to what the packages install by default.

roles/common/defaults/main.yml patch | blob | history
roles/common/tasks/kerberos.yml [new file with mode: 0644] patch | blob
roles/common/tasks/main.yml patch | blob | history
roles/common/templates/krb5.conf [new file with mode: 0644] patch | blob

diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml
index a03d2918481847c52afb6bbc85c51818d70e438d..b3dc61aff3ad370094ecff31feaab8e03f00934b 100644 (file)
--- a/roles/common/defaults/main.yml
+++ b/roles/common/defaults/main.yml
@@ -1,2 +1,4 @@
 # Repos to enable in Red Hat Subscription Manager
 rhsm_repos: []
+
+kerberos_realm: EXAMPLE.COM
diff --git a/roles/common/tasks/kerberos.yml b/roles/common/tasks/kerberos.yml
new file mode 100644 (file)
index 0000000..9dcf55f
--- /dev/null
+++ b/roles/common/tasks/kerberos.yml
@@ -0,0 +1,22 @@
+---
+# Install and Configure a Kerberos client
+
+- name: Install Kerberos Packages (RedHat)
+  yum:
+    name: krb5-workstation
+    state: present
+  when: ansible_distribution == 'RedHat'
+
+- name: Install Kerberos Packages (Debian)
+  apt:
+    name: krb5-user
+    state: present
+  when: ansible_distribution == 'Debian'
+
+- name: Add krb5 config file
+  template:
+    src: 'krb5.conf'
+    dest: '/etc/krb5.conf'
+    owner: root
+    group: root
+    mode: 0644
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 726e3b37190f540807e4a949fff8daab217b5db5..10f7541540526f1f11433df2dbaca9bfc81b61b6 100644 (file)
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -13,3 +13,8 @@
   when: ansible_distribution == 'RedHat'
   tags:
     - entitlements
+
+# configure Kerberos
+- include: kerberos.yml
+  tags:
+    - kerberos
diff --git a/roles/common/templates/krb5.conf b/roles/common/templates/krb5.conf
new file mode 100644 (file)
index 0000000..ecb8914
--- /dev/null
+++ b/roles/common/templates/krb5.conf
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+[libdefaults]
+ default_realm = {{ kerberos_realm }}
+ default_ccache_name = KEYRING:persistent:%{uid}
Unnamed repository; edit this file 'description' to name the repository.