Commit f9d07123 authored by Elena Grandi's avatar Elena Grandi
Browse files

Add basic kerberos role

parent 81f672a7
......@@ -39,6 +39,7 @@
- dhcp
- web_proxy
- firewall
- kerberos
- nfs
- { role: client-conf, uri: "ldaps://{{host}}.{{domain}}" }
- apache2
......
......@@ -47,6 +47,7 @@
- smbclient
- nslcd
- ldap-utils
- krb5-admin-server,krb5-config
- name: cleanup slapd data
file: path=/var/lib/ldap/ state=absent
......@@ -64,3 +65,13 @@
debug:
with_lines:
- "{{script_dir}}/reset-ssl-ca {{ca_name}} {{ca_dir}}"
- name: cleanup kerberos principal
file:
path: /var/lib/krb5kdc/{{ item }}
state: absent
with_items:
- principal
- principal.kadm5
- principal.kadm5.lock
- principal.ok
---
dependencies:
- { role: common }
# Copyright (C) 2017 Simone Piccardi <piccardi@truelite.it>,
# Elena Grandi <elena@truelite.it>,
# Progetto Fuss <info@fuss.bz.it>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program or from the site that you downloaded it
# from; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
---
- name: Preseeding kerberos realm
debconf:
name: krb5-config
question: krb5-config/default_realm
value: '{{ fqdn | upper}}'
vtype: string
- name: Preseeding kerberos newrealm
debconf:
name: krb5-admin-server
question: krb5-admin-server/newrealm
value: ''
vtype: string
- name: Install kerberos
include: "{{ includes }}/install-package-apt.yml"
with_items:
- krb5-admin-server
- name: Create kerberos realm
shell: 'echo "{{ pass }}\n{{ pass }}" | krb5_newrealm'
args:
creates: /etc/krb5kdc/stash
- name: Create kerberos admin principal
shell: 'echo "addprinc root/admin\n{{ pass }}\n{{ pass }}" | kadmin.local'
---
dependencies:
- { role: common }
- { role: kerberos }
......@@ -33,6 +33,7 @@
- dhcp
- web_proxy
- firewall
- kerberos
- nfs
- { role: client-conf, uri: "ldaps://{{host}}.{{domain}}" }
- apache2
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment