Fix some ansible-lint complaints.
This commit is contained in:
Andreas B. Mundt
Andreas B. Mundt
parent
c7030c9245
commit
2cf34e8e55
64 changed files with 357 additions and 297 deletions
|
|
@ -1,7 +1,8 @@
|
|||
## Install and configure krb5-kdc-ldap (if not done yet),
|
||||
## run most tasks only on krb5-kdc-ldap installation.
|
||||
---
|
||||
- fail: msg="The machine's domain must not be empty."
|
||||
- name: check that domain name is available
|
||||
fail: msg="The machine's domain must not be empty."
|
||||
when: ansible_domain | length == 0
|
||||
|
||||
- name: check if krb5kdc is already there
|
||||
|
|
@ -12,19 +13,26 @@
|
|||
template:
|
||||
src: krb5.conf.j2
|
||||
dest: /etc/krb5.conf
|
||||
mode: 0644
|
||||
|
||||
- name: make sure krb5kdc exists
|
||||
file: path=/etc/krb5kdc state=directory recurse=yes
|
||||
file:
|
||||
path: /etc/krb5kdc
|
||||
state: directory
|
||||
recurse: true
|
||||
mode: 0755
|
||||
|
||||
- name: prepare kdc.conf
|
||||
template:
|
||||
src: kdc.conf.j2
|
||||
dest: /etc/krb5kdc/kdc.conf
|
||||
mode: 0644
|
||||
|
||||
- name: prepare kadm5.acl
|
||||
template:
|
||||
src: kadm5.acl.j2
|
||||
dest: /etc/krb5kdc/kadm5.acl
|
||||
mode: 0644
|
||||
notify: "restart krb5-admin-server"
|
||||
|
||||
- name: install krb5-kdc-ldap and krb5-admin-server
|
||||
|
|
@ -32,7 +40,7 @@
|
|||
name:
|
||||
- krb5-kdc-ldap
|
||||
- krb5-admin-server
|
||||
state: latest
|
||||
state: latest # noqa package-latest
|
||||
|
||||
- name: prepare kerberos.openldap.ldif
|
||||
shell: gunzip -c /usr/share/doc/krb5-kdc-ldap/kerberos.openldap.ldif.gz > /etc/ldap/schema/kerberos.openldap.ldif
|
||||
|
|
@ -126,12 +134,12 @@
|
|||
- "{1}uid=([^,]*),cn=gs2-iakerb,cn=auth uid=$1,ou=people,{{ basedn }}"
|
||||
state: exact
|
||||
|
||||
- name: prepare password for kdc
|
||||
- name: prepare password for kdc # noqa risky-shell-pipe
|
||||
shell: echo "cn=kdc,cn=kerberos,{{ basedn }}#{HEX}$(echo -n {{ kdc_service_pwd }} | xxd -g0 -ps -c 256 | sed 's/0a$//')" > /etc/krb5kdc/service.keyfile
|
||||
no_log: true
|
||||
when: not krb5kdc.stat.exists
|
||||
|
||||
- name: prepare password for kadmin
|
||||
- name: prepare password for kadmin # noqa risky-shell-pipe
|
||||
shell: echo "cn=kadmin,cn=kerberos,{{ basedn }}#{HEX}$(echo -n {{ kadmin_service_pwd }} | xxd -g0 -ps -c 256 | sed 's/0a$//')" >> /etc/krb5kdc/service.keyfile
|
||||
no_log: true
|
||||
when: not krb5kdc.stat.exists
|
||||
|
|
@ -196,7 +204,7 @@
|
|||
replace:
|
||||
path: /etc/hosts
|
||||
regexp: "^({{ ipaddr_lan | ipaddr('address') }}\\s.+)$"
|
||||
replace: '\1 kerberos'
|
||||
replace: '\1 kerberos'
|
||||
when: not krb5kdc.stat.exists
|
||||
|
||||
########################
|
||||
|
|
@ -212,8 +220,8 @@
|
|||
firewalld:
|
||||
zone: internal
|
||||
service: "{{ item }}"
|
||||
permanent: yes
|
||||
immediate: yes
|
||||
permanent: true
|
||||
immediate: true
|
||||
state: enabled
|
||||
with_items:
|
||||
- kerberos
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue