From f8d46167ad3376fa9e8db0949422b41fca9e9e3c Mon Sep 17 00:00:00 2001
From: Ken Dreyer <kdreyer@redhat.com>
Date: Mon, 20 Apr 2015 13:06:55 -0600
Subject: [PATCH] common: add kerberos task

Add a new "kerberos" task to the common role. This will install the
kerberos client (kinit) on all hosts and configure /etc/krb5.conf with
the appropriate realm.

On our internal lab, ansible will insert our Red Hat kerberos realm into
the default_realm. In the community lab, this will use a dummy
EXAMPLE.COM realm, similar to what the packages install by default.
---
 roles/common/defaults/main.yml   |  2 ++
 roles/common/tasks/kerberos.yml  | 22 ++++++++++++++++++++++
 roles/common/tasks/main.yml      |  5 +++++
 roles/common/templates/krb5.conf |  5 +++++
 4 files changed, 34 insertions(+)
 create mode 100644 roles/common/tasks/kerberos.yml
 create mode 100644 roles/common/templates/krb5.conf

diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml
index a03d291..b3dc61a 100644
--- a/roles/common/defaults/main.yml
+++ b/roles/common/defaults/main.yml
@@ -1,2 +1,4 @@
 # Repos to enable in Red Hat Subscription Manager
 rhsm_repos: []
+
+kerberos_realm: EXAMPLE.COM
diff --git a/roles/common/tasks/kerberos.yml b/roles/common/tasks/kerberos.yml
new file mode 100644
index 0000000..9dcf55f
--- /dev/null
+++ b/roles/common/tasks/kerberos.yml
@@ -0,0 +1,22 @@
+---
+# Install and Configure a Kerberos client
+
+- name: Install Kerberos Packages (RedHat)
+  yum:
+    name: krb5-workstation
+    state: present
+  when: ansible_distribution == 'RedHat'
+
+- name: Install Kerberos Packages (Debian)
+  apt:
+    name: krb5-user
+    state: present
+  when: ansible_distribution == 'Debian'
+
+- name: Add krb5 config file
+  template:
+    src: 'krb5.conf'
+    dest: '/etc/krb5.conf'
+    owner: root
+    group: root
+    mode: 0644
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 726e3b3..10f7541 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -13,3 +13,8 @@
   when: ansible_distribution == 'RedHat'
   tags:
     - entitlements
+
+# configure Kerberos
+- include: kerberos.yml
+  tags:
+    - kerberos
diff --git a/roles/common/templates/krb5.conf b/roles/common/templates/krb5.conf
new file mode 100644
index 0000000..ecb8914
--- /dev/null
+++ b/roles/common/templates/krb5.conf
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+[libdefaults]
+ default_realm = {{ kerberos_realm }}
+ default_ccache_name = KEYRING:persistent:%{uid}
-- 
2.39.5