trixie/roles/krb5kdcldap/tasks/main.yml

## Install and configure krb5-kdc-ldap.
---
- name: check that domain name is available
  fail: msg="The machine's domain must not be empty."
  when: ansible_domain | length == 0

- name: check if krb5kdc is already there
  stat: path=/usr/sbin/krb5kdc
  register: krb5kdc

- name: install and configure krb5-kdc-ldap
  include_tasks: setup.yml
  when: not krb5kdc.stat.exists

######################################################

- name: allow services in firewalld
  firewalld:
    zone: internal
    service: "{{ item }}"
    permanent: true
    immediate: true
    state: enabled
  with_items:
    - kerberos
    - kadmin
    - kpasswd

- name: kerberize dummy user foo
  command: kadmin.local -q 'add_principal -pw "{{ foo_pwd }}" -x dn="uid=foo,ou=people,{{ basedn }}" foo'
  register: kerberize_result
  changed_when: kerberize_result.stderr is not search('already exists while creating')
  no_log: true
  when: foo_pwd is defined and foo_pwd | length > 0
Split 'normal' and 'setup' tasks. 2022-06-13 19:53:53 +02:00			`## Install and configure krb5-kdc-ldap.`
Implement Kerberos KDC-LDAP server role. 2019-11-17 11:40:22 +01:00			`---`
Fix some ansible-lint complaints. 2022-06-11 12:42:02 +02:00			`- name: check that domain name is available`
			`fail: msg="The machine's domain must not be empty."`
Fixes and improvements, NFS/KDC/LDAP related. 2019-11-21 19:15:22 +01:00			`when: ansible_domain \| length == 0`
Implement Kerberos KDC-LDAP server role. 2019-11-17 11:40:22 +01:00
Cleanup and restructuring. Move pressed-installer tasks to other roles. 2019-11-25 18:26:21 +01:00			`- name: check if krb5kdc is already there`
Implement Kerberos KDC-LDAP server role. 2019-11-17 11:40:22 +01:00			`stat: path=/usr/sbin/krb5kdc`
			`register: krb5kdc`

Split 'normal' and 'setup' tasks. 2022-06-13 19:53:53 +02:00			`- name: install and configure krb5-kdc-ldap`
			`include_tasks: setup.yml`
Minor fixes and improvements, mostly KDC/LDAP related. 2019-11-18 15:31:30 +01:00			`when: not krb5kdc.stat.exists`

Split 'normal' and 'setup' tasks. 2022-06-13 19:53:53 +02:00			`######################################################`
Add firewalld rules to service roles. 2019-11-24 20:53:54 +01:00
			`- name: allow services in firewalld`
			`firewalld:`
			`zone: internal`
			`service: "{{ item }}"`
Fix some ansible-lint complaints. 2022-06-11 12:42:02 +02:00			`permanent: true`
			`immediate: true`
Add firewalld rules to service roles. 2019-11-24 20:53:54 +01:00			`state: enabled`
			`with_items:`
			`- kerberos`
			`- kadmin`
			`- kpasswd`
Split 'normal' and 'setup' tasks. 2022-06-13 19:53:53 +02:00
			`- name: kerberize dummy user foo`
			`command: kadmin.local -q 'add_principal -pw "{{ foo_pwd }}" -x dn="uid=foo,ou=people,{{ basedn }}" foo'`
			`register: kerberize_result`
			`changed_when: kerberize_result.stderr is not search('already exists while creating')`
			`no_log: true`
			`when: foo_pwd is defined and foo_pwd \| length > 0`