Try SpotterAdd kerberos service keys with asetkey
Authors: Michael Meffie
preview | supported by community
Install with ansible-galaxy collection install openafs_contrib.openafs:==1.9.0
collections:
- name: openafs_contrib.openafs
version: 1.9.0Import the service keys from a keytab file using the OpenAFS C(asetkey) utility.
This module uses C(asetkey) rather than the newer C(akeyconvert) since C(akeyconvert) is not available on all platforms yet.
Before running this module, be sure C(asetkey) is installed
The C(asetkey) program requires the server C(CellServDB) and C(ThisCell) files to be present.
A keytab file containing the service keys must be copied to the server.
- name: Upload service keytab
become: yes
copy:
src: "files/example.keytab"
dest: "/usr/afs/etc/rxkad.keytab"
mode: 0600
owner: root
group: root
- name: Add service keys
become: yes
openafs_contrib.openafs.openafs_keys:
state: present
keytab: /usr/afs/etc/rxkad.keytab
cell: example.com
cell:
description: AFS cell name
required: true
type: str
realm:
default: uppercase of the cell name
description: Kerberos realm name
required: false
type: str
state:
description: c(present) to ensure keys are present in the keyfile(s)
required: false
type: str
keytab:
description: path to the keytab file on the remote node
required: true
type: path
asetkey:
default: Search the local facts, search the path.
description: asetkey program path
required: false
type: path
asetkey: description: asetkey path found returned: success type: path have_extended_keys: description: Indicates if extended keys are supported. returned: success type: bool imported: description: Imported key versions returned: success type: list keys: description: keys found in the keytab file returned: success type: list service_principal: description: kerberos service principal returned: success type: str