aboutsummaryrefslogtreecommitdiffstats
path: root/roles/archive_server/tasks/freeipa.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/archive_server/tasks/freeipa.yml')
-rw-r--r--roles/archive_server/tasks/freeipa.yml51
1 files changed, 51 insertions, 0 deletions
diff --git a/roles/archive_server/tasks/freeipa.yml b/roles/archive_server/tasks/freeipa.yml
new file mode 100644
index 0000000..f0920f3
--- /dev/null
+++ b/roles/archive_server/tasks/freeipa.yml
@@ -0,0 +1,51 @@
+- name: create freeipa user
+ ipauser:
+ ipaadmin_principal: '{{ ipa_user }}'
+ ipaadmin_password: '{{ ipa_pass }}'
+ name: '{{ archive_user }}'
+ loginshell: /bin/bash
+ homedir: '{{ archive_home }}'
+ givenname: archive
+ sn: Service Account
+ state: present
+ run_once: True
+
+- name: create archive-clients hostgroup
+ ipahostgroup:
+ ipaadmin_principal: '{{ ipa_user }}'
+ ipaadmin_password: '{{ ipa_pass }}'
+ name: '{{ archive_clients_hbac_hostgroup }}'
+ description: Archive Clients
+ state: present
+ run_once: True
+
+- name: create HBAC rule for ssh
+ ipahbacrule:
+ ipaadmin_principal: '{{ ipa_user }}'
+ ipaadmin_password: '{{ ipa_pass }}'
+ name: archive_ssh_to_archive_clients
+ description: Allow archive user to ssh to archive clients
+ user:
+ - '{{ archive_user }}'
+ hostgroup:
+ - '{{ archive_clients_hbac_hostgroup }}'
+ hbacsvc: sshd
+ run_once: True
+
+- name: retrieve user keytab
+ include_role:
+ name: freeipa_keytab
+ vars:
+ keytab_principal: '{{ archive_user }}'
+ keytab_path: '{{ archive_keytab }}'
+
+- name: configure gssproxy for kerberized nfs
+ include_role:
+ name: gssproxy_client
+ vars:
+ gssproxy_name: archiver
+ gssproxy_section: service/archiver
+ gssproxy_keytab: /etc/krb5.keytab
+ gssproxy_client_keytab: '{{ archive_keytab }}'
+ gssproxy_cred_usage: initiate
+ gssproxy_euid: '{{ archive_user }}'
generated by cgit (git 2.34.1) at 2024-09-19 11:58:31 -0400