From 1000908288e60753f3d3bc893ab3f3d576eb626a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= Date: Tue, 1 Sep 2020 22:55:30 +0200 Subject: [PATCH] Fixup the keytab thingy MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aurélien Bompard --- roles/keytab/service/tasks/main.yml | 26 ++++++++------------------ 1 file changed, 8 insertions(+), 18 deletions(-) diff --git a/roles/keytab/service/tasks/main.yml b/roles/keytab/service/tasks/main.yml index 93c3c4cf38..7b729e8f76 100644 --- a/roles/keytab/service/tasks/main.yml +++ b/roles/keytab/service/tasks/main.yml @@ -38,41 +38,31 @@ - krb5 when: not keytab_status.stat.exists -- name: Grant host access to keytab +- name: Grant host and admin access to keytab delegate_to: "{{ ipa_server }}" - command: - argv: - - ipa - - "{{ (service == 'host')|ternary('host', 'service') }}-allow-retrieve-keytab" - - "{{service}}/{{host}}" - - --hosts={{inventory_hostname}} + command: ipa host-allow-retrieve-keytab {{host}} --hosts={{inventory_hostname}} --users=admin register: perm_add_result check_mode: no - changed_when: "'members added 1' in perm_add_result.stdout" + changed_when: "'members added 1' in perm_add_result.stdout or 'members added 2' in perm_add_result.stdout" failed_when: "not ('members added' in perm_add_result.stdout)" tags: - keytab - config - krb5 - when: not keytab_status.stat.exists + when: not keytab_status.stat.exists and service == "host" -- name: Grant admin access to keytab +- name: Grant host and admin access to keytab delegate_to: "{{ ipa_server }}" - command: - argv: - - ipa - - "{{ (service == 'host')|ternary('host', 'service') }}-allow-retrieve-keytab" - - "{{service}}/{{host}}" - - --users=admin + command: ipa service-allow-retrieve-keytab {{service}}/{{host}} --hosts={{inventory_hostname}} --users=admin register: perm_add_result check_mode: no - changed_when: "'members added 1' in perm_add_result.stdout" + changed_when: "'members added 1' in perm_add_result.stdout or 'members added 2' in perm_add_result.stdout" failed_when: "not ('members added' in perm_add_result.stdout)" tags: - keytab - config - krb5 - when: not keytab_status.stat.exists + when: not keytab_status.stat.exists and service != "host" - name: Retrieve keytab delegate_to: "{{ ipa_server }}"