Add an inherit_kerberos role #1574
Conversation
The role installs kerberos client packages and optionally copies the configuration and credential cache from the host machine.
wbclark
force-pushed
the
inherit_kerberos_role
branch
from
c7c2d93
to
712ccf1
Compare
|
I've rewritten this to use the |
| - name: "Install client packages on Red Hat based distributions" | ||
| ansible.builtin.dnf: | ||
| name: | ||
| - "krb5-workstation" | ||
| - "krb5-libs" | ||
| state: present | ||
| when: ansible_os_family == "RedHat" | ||
|
|
||
| - name: "Install client packages on Debian based distributions" | ||
| ansible.builtin.apt: | ||
| name: "krb5-user" | ||
| state: present | ||
| when: ansible_os_family == "Debian" |
There was a problem hiding this comment.
you culd use ansible.builtin.package which works across distros, and load the correct list of packages using a vars file.
forklift/roles/bats/tasks/main.yml
Line 3 in 12c6385
forklift/roles/bats/vars/RedHat.yml
Line 2 in 12c6385
Not saying you have to, but something to consider :)
| ansible.builtin.copy: | ||
| src: "{{ inherit_kerberos_ccache }}" | ||
| dest: "{{ inherit_kerberos_ccache }}" | ||
| owner: "{{ inherit_kerberos_local_user_name }}" |
There was a problem hiding this comment.
where does inherit_kerberos_local_user_name come from? I don't see it defined anywhere.
There was a problem hiding this comment.
This was originally written to be part of the unprivileged_user role and the value of unprivileged_user_username was passed for the owner. The approach was to give unprivileged_user additional features to have more general user creation/setup powers, while leaving its default behavior essentially the same in setting up the vagrant user for images that don't already have it; therefore the assumption at that time was that this block does not run by default, so an user passing the extra stuff required to run these extra bits would be doing it to setup their personal or devel user and not the default vagrant user in that role.
So with the request to split this out into more of a standalone role, instead I assume that the value will be provided by whatever role or playbook I create in the future that includes this role.
|
Added some minor comments. Would be cool if there would be a few lines in the readme, how to use this role? |
|
@evgeni some additional context -- The goal of these efforts is to create a portable hotfix environment which is fully encoded in a block of yaml so that other developers can simply copy & paste the box, edit as needed, and I could add a very basic What do you think? |
I think a policy where we document new roles is a good start. On a related matter I opened #1568. It doesn't document the ansible roles, but that could be a nice addition. |
|
I agree that the roles are under-documented, even if most roles are not designed to be used on their own, but are rather abstractions most users shouldn't have to care about. If you say these are building blocks, and you will provide the "full" workflow later, I am cool with adding the docs for that feature later too. |
The role installs kerberos client packages
and optionally copies the configuration
and credential cache from the host machine.