|
Packit Service |
a166ed |
# Due to not having some Ansible modules for IPA, some tasks are executed
|
|
Packit Service |
a166ed |
# in this playbook using the `shell` module, as a Kerberos tikcket is needed
|
|
Packit Service |
a166ed |
# for these tasks.
|
|
Packit Service |
a166ed |
# The Kerberos cache is cleaned in the end, so you might need to `kinit` on
|
|
Packit Service |
a166ed |
# the testing target after running this playbook.
|
|
Packit Service |
a166ed |
---
|
|
Packit Service |
a166ed |
- name: Playbook to manage IPA service.
|
|
Packit Service |
a166ed |
hosts: ipaserver
|
|
Packit Service |
a166ed |
become: yes
|
|
Packit Service |
a166ed |
gather_facts: yes
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
environment:
|
|
Packit Service |
a166ed |
KRB5CCNAME: test_service_disable_ccache
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
tasks:
|
|
Packit Service |
a166ed |
- name: Get Kerberos ticket for `admin`.
|
|
Packit Service |
a166ed |
shell: echo SomeADMINpassword | kinit -c ${KRB5CCNAME} admin
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
- name: Ensure service is absent
|
|
Packit Service |
a166ed |
ipaservice:
|
|
Packit Service |
a166ed |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
a166ed |
name: "mysvc1/{{ ansible_fqdn }}"
|
|
Packit Service |
a166ed |
state: absent
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
- name: Ensure service is present
|
|
Packit Service |
a166ed |
ipaservice:
|
|
Packit Service |
a166ed |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
a166ed |
name: "mysvc1/{{ ansible_fqdn }}"
|
|
Packit Service |
a166ed |
certificate:
|
|
Packit Service |
a166ed |
- MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
|
|
Packit Service |
a166ed |
force: no
|
|
Packit Service |
a166ed |
register: result
|
|
Packit Service |
a166ed |
failed_when: not result.changed
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
- name: Obtain keytab
|
|
Packit Service |
a166ed |
shell: ipa-getkeytab -s "{{ ansible_fqdn }}" -p "mysvc1/{{ ansible_fqdn }}" -k mysvc1.keytab
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
- name: Verify keytab
|
|
Packit Service |
a166ed |
shell: ipa service-find "mysvc1/{{ ansible_fqdn }}"
|
|
Packit Service |
a166ed |
register: result
|
|
Packit Service |
a166ed |
failed_when: result.failed or result.stdout | regex_search(" Keytab. true")
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
- name: Ensure service is disabled
|
|
Packit Service |
a166ed |
ipaservice:
|
|
Packit Service |
a166ed |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
a166ed |
name: "mysvc1/{{ ansible_fqdn }}"
|
|
Packit Service |
a166ed |
state: disabled
|
|
Packit Service |
a166ed |
register: result
|
|
Packit Service |
a166ed |
failed_when: not result.changed
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
- name: Verify keytab
|
|
Packit Service |
a166ed |
shell: ipa service-find "mysvc1/{{ ansible_fqdn }}"
|
|
Packit Service |
a166ed |
register: result
|
|
Packit Service |
a166ed |
failed_when: result.failed or result.stdout | regex_search(" Keytab. true")
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
- name: Obtain keytab
|
|
Packit Service |
a166ed |
shell: ipa-getkeytab -s "{{ ansible_fqdn }}" -p "mysvc1/{{ ansible_fqdn }}" -k mysvc1.keytab
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
- name: Verify keytab
|
|
Packit Service |
a166ed |
shell: ipa service-find "mysvc1/{{ ansible_fqdn }}"
|
|
Packit Service |
a166ed |
register: result
|
|
Packit Service |
a166ed |
failed_when: result.failed or result.stdout | regex_search(" Keytab. true")
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
- name: Ensure service is disabled
|
|
Packit Service |
a166ed |
ipaservice:
|
|
Packit Service |
a166ed |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
a166ed |
name: "mysvc1/{{ ansible_fqdn }}"
|
|
Packit Service |
a166ed |
state: disabled
|
|
Packit Service |
a166ed |
register: result
|
|
Packit Service |
a166ed |
failed_when: not result.changed
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
- name: Verify keytab
|
|
Packit Service |
a166ed |
shell: ipa service-find "mysvc1/{{ ansible_fqdn }}"
|
|
Packit Service |
a166ed |
register: result
|
|
Packit Service |
a166ed |
failed_when: result.failed or result.stdout | regex_search(" Keytab. true")
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
- name: Ensure service is disabled, with no keytab.
|
|
Packit Service |
a166ed |
ipaservice:
|
|
Packit Service |
a166ed |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
a166ed |
name: "mysvc1/{{ ansible_fqdn }}"
|
|
Packit Service |
a166ed |
state: disabled
|
|
Packit Service |
a166ed |
register: result
|
|
Packit Service |
a166ed |
failed_when: result.changed
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
- name: Ensure service is absent
|
|
Packit Service |
a166ed |
ipaservice:
|
|
Packit Service |
a166ed |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
a166ed |
name: "mysvc1/{{ ansible_fqdn }}"
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
- name: Destroy Kerberos tickets.
|
|
Packit Service |
a166ed |
shell: kdestroy -A -q -c ${KRB5CCNAME}
|