Decode and destroy the b64-encoded keytab

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2026-04-24 10:31:56 +08:00 · 2016-11-03 13:19:45 +00:00
parent 8559733dff
commit 819474bbe7
1 changed files with 15 additions and 0 deletions
--- a/roles/keytab/service/tasks/main.yml
+++ b/roles/keytab/service/tasks/main.yml
@@ -130,6 +130,21 @@
  - krb5
  when: not keytab_status.stat.exists

+- name: Base64-decode keytab
+  shell: "umask 077 && base64 -d {{kt_location}}.b64 >{{kt_location}}"
+  tags:
+  - keytab
+  - config
+  - krb5
+  when: not keytab_status.stat.exists
+
+- name: Destroy encoded keytab
+  file: path={{kt_location}}.b64 state=absent
+  tags:
+  - keytab
+  - config
+  - krb5
+
 - name: Set keytab permissions
  file: path={{kt_location}} owner={{owner_user}} group={{owner_group}} mode=0600
  tags: