openafs_contrib / openafs_contrib.openafs / 1.9.0 / module / openafs_keys Add kerberos service keys with asetkey Authors: Michael Meffie preview | supported by communityopenafs_contrib.openafs.openafs_keys (1.9.0) — module
Install with ansible-galaxy collection install openafs_contrib.openafs:==1.9.0
collections: - name: openafs_contrib.openafs version: 1.9.0
Import the service keys from a keytab file using the OpenAFS C(asetkey) utility.
This module uses C(asetkey) rather than the newer C(akeyconvert) since C(akeyconvert) is not available on all platforms yet.
Before running this module, be sure C(asetkey) is installed
The C(asetkey) program requires the server C(CellServDB) and C(ThisCell) files to be present.
A keytab file containing the service keys must be copied to the server.
- name: Upload service keytab become: yes copy: src: "files/example.keytab" dest: "/usr/afs/etc/rxkad.keytab" mode: 0600 owner: root group: root
- name: Add service keys become: yes openafs_contrib.openafs.openafs_keys: state: present keytab: /usr/afs/etc/rxkad.keytab cell: example.com
cell: description: AFS cell name required: true type: str realm: default: uppercase of the cell name description: Kerberos realm name required: false type: str state: description: c(present) to ensure keys are present in the keyfile(s) required: false type: str keytab: description: path to the keytab file on the remote node required: true type: path asetkey: default: Search the local facts, search the path. description: asetkey program path required: false type: path
asetkey: description: asetkey path found returned: success type: path have_extended_keys: description: Indicates if extended keys are supported. returned: success type: bool imported: description: Imported key versions returned: success type: list keys: description: keys found in the keytab file returned: success type: list service_principal: description: kerberos service principal returned: success type: str