Hello,
On 12/7/23 12:50, Kees Bakker via FreeIPA-users wrote:
Hi,
Is this a good place to ask questions about ansible-freeipa ?
Does anyone have an example to do getkeytab through ansible?
What I want to achieve is the equivalence of
$ ipa-getkeytab -p HTTP/$(hostname -f) -k /etc/apache2/http.keytab
Creating a service is already possible, for example with:
- name: Add IPA HTTP service
ipaservice:
ipaadmin_principle: "{{ ipaadmin_principle }}"
ipaadmin_password: "{{ ipaadmin_password }}"
name: "HTTP/{{ ansible_fqdn }}"
But now I need something to retrieve the keytab.
Any suggestion or help is appreciated.
There is no module for keytab yet. Therefore it is needed to use the command
line tool.
Something like this:
- name: Get keytab
ansible.builtin.shell: |
kinit -c __keytab_ccache__ admin <<< {{ ipaadmin_password }}
ipa-getkeytab -p HTTP/$(hostname -f) -k /etc/apache2/http.keytab
kdestroy -q -A -c __keytab_ccache__
register: result
failed_when: result.failed or "Failed" in result.stderr
This is simply using your command from above.
Important is that the destination directory "/etc/apache2" exists.
Regards,
Thomas
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
