diff options
author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:23:43 -0500 |
---|---|---|
committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:52:13 -0500 |
commit | 0261e875679f1bf63c8d689da7fc7e014597885d (patch) | |
tree | 3f19cd74a0c1070944f75437f30b098d6ef2ffcb /roles/gitolite/tasks/freeipa.yml | |
download | selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.tar.gz selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.zip |
initial commit
Diffstat (limited to 'roles/gitolite/tasks/freeipa.yml')
-rw-r--r-- | roles/gitolite/tasks/freeipa.yml | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/roles/gitolite/tasks/freeipa.yml b/roles/gitolite/tasks/freeipa.yml new file mode 100644 index 0000000..f94b9e0 --- /dev/null +++ b/roles/gitolite/tasks/freeipa.yml @@ -0,0 +1,49 @@ +- name: create service account + ipauser: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ gitolite_freeipa_user }}' + loginshell: /sbin/nologin + homedir: '{{ gitolite_home }}' + givenname: Gitolite + sn: Service Account + state: present + run_once: True + +- name: retrieve user keytab + include_role: + name: freeipa_keytab + vars: + keytab_principal: '{{ gitolite_freeipa_user }}' + keytab_path: '{{ gitolite_keytab }}' + +- name: configure gssproxy for kerberized LDAP + include_role: + name: gssproxy_client + vars: + gssproxy_priority: 51 + gssproxy_name: gitolite + gssproxy_section: service/gitolite + gssproxy_client_keytab: '{{ gitolite_keytab }}' + gssproxy_cred_usage: initiate + gssproxy_euid: '{{ gitolite_user }}' + +- name: create admin group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ gitolite_admin_group }}' + description: gitolite admins + nonposix: yes + state: present + run_once: True + +- name: create access group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ gitolite_access_group }}' + description: gitolite users + nonposix: yes + state: present + run_once: True |