Add an inherit_kerberos role

The role installs kerberos client packages and optionally copies the configuration and credential cache from the host machine.
theforeman · Sep 5, 2022 · c7c2d93 · c7c2d93
1 parent 12c6385
commit c7c2d93
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 0 deletions.
diff --git a/roles/inherit_kerberos/defaults/main.yml b/roles/inherit_kerberos/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+inherit_kerberos_config: '/etc/krb5.conf'
+inherit_kerberos_ccache: False
diff --git a/roles/inherit_kerberos/tasks/main.yml b/roles/inherit_kerberos/tasks/main.yml
@@ -0,0 +1,32 @@
+---
+- name: "Install client packages on Red Hat based distributions"
+  ansible.builtin.dnf:
+    name:
+      - "krb5-workstation"
+      - "krb5-libs"
+    state: present
+  when: ansible_os_family == "RedHat"
+
+- name: "Install client packages on Debian based distributions"
+  ansible.builtin.apt:
+    name: "krb5-user"
+    state: present
+  when: ansible_os_family == "Debian"
+
+- name: "Copy Kerberos client configuration from Host"
+  ansible.builtin.copy:
+    src: "{{ inherit_kerberos_config }}"
+    dest: /etc/krb5.conf
+    owner: root
+    group: root
+    mode: '0644'
+  when: inherit_kerberos_config
+
+- name: "Copy Kerberos credential cache from Host"
+  ansible.builtin.copy:
+    src: "{{ inherit_kerberos_ccache }}"
+    dest: "{{ inherit_kerberos_ccache }}"
+    owner: "{{ inherit_kerberos_local_user_name }}"
+    group: "{{ inherit_kerberos_local_user_groupname | default(inherit_kerberos_local_user_name) }}"
+    mode: '0600'
+  when: inherit_kerberos_ccache