I use this in a play
Rob
---
- name: get keytzb
hosts: keytab_host
become: true
gather_facts: true
tasks:
- name: add service {{ keytab }} principal to ipa
ipaservice:
ipaadmin_password: '{{ ipaadmin_password }}'
name: '{{ principal }}'
state: present
force: true
when: keytab.type == 'service'
delegate_to: "{{ groups['ipaserver'][0] }}"
- name: check if {{ keytab.value.keytab }} exists
stat:
path: '{{ keytab.value.keytab }}'
register: keytab_stat
- name: check kvno of keytab
command: kinit -k -t {{ keytab }} {{ principal }}
register: validate_keytab
changed_when: false
failed_when:
- validate_keytab.rc > 1
when: keytab_stat.stat.exists
- name: install {{ keytab }}
shell: |
echo {{ ipaadmin_password }}| kinit {{ ipa_admin }}
ipa-getkeytab -s {{ groups['ipaserver'][0] }} -p {{ principal }} -k {{
keytab }}
register: get_keytab
when: ( not keytab_stat.stat.exists ) or ( validate_keytab.rc )
changed_when: "'Keytab successfully retrieved and stored in' in
get_keytab.stdout"
no_log: true
- name: ensure {{ keytab.value.keytab }} owner and mode
file:
path: '{{ keytab }}'
group: '{{ group }}'
state: file
mode: '0600'
owner: '{{ user }}'
Op di 12 mei 2020 om 15:37 schreef Peter Tselios via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org>:
Thank you, shell did the trick for me.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...