46 lines
1.4 KiB
Text
46 lines
1.4 KiB
Text
{% set hostname=grains['host'] %}
|
|
{% set ip=grains['fqdn_ip4'][0] %}
|
|
freeipa_sshpass:
|
|
pkg.installed:
|
|
- name: sshpass
|
|
|
|
set_salt_ipa_password:
|
|
environ.setenv:
|
|
- name: SALT_PASSWORD
|
|
- value: "{%- include 'secure/passwords/ipa_salt_password.txt' -%}"
|
|
|
|
create_host:
|
|
cmd.run:
|
|
- name: 'sshpass -p $SALT_PASSWORD ssh salt@ipa.actcur.com -oStrictHostKeyChecking=no "rm {{hostname}}.keytab;echo $SALT_PASSWORD | kinit salt;ipa host-add --force --ip-address={{ip}} {{hostname}}.actcur.com; ipa host-allow-create-keytab {{hostname}}.actcur.com --groups enroller;/usr/sbin/ipa-getkeytab -s ipa.actcur.com -p host/{{hostname}}.actcur.com -k ./{{hostname}}.keytab"'
|
|
|
|
grab_keytab:
|
|
cmd.run:
|
|
- name: 'sshpass -p $SALT_PASSWORD scp -oStrictHostKeyChecking=no salt@ipa.actcur.com:./{{hostname}}.keytab /etc/krb5.keytab'
|
|
|
|
delete_keytab:
|
|
cmd.run:
|
|
- name: 'sshpass -p $SALT_PASSWORD ssh salt@ipa.actcur.com -oStrictHostKeyChecking=no "rm {{hostname}}.keytab;"'
|
|
|
|
unset_salt_ipa_password:
|
|
environ.setenv:
|
|
- name: SALT_PASSWORD
|
|
- value: "False"
|
|
- false_unsets: true
|
|
|
|
freeipa_setup_sssd_service_down:
|
|
service.dead:
|
|
- name: sssd
|
|
|
|
freeipa_setup_sssd_service:
|
|
service.running:
|
|
- name: sssd
|
|
- enable: true
|
|
|
|
freeipa_setup_nscd_service_down:
|
|
service.dead:
|
|
- name: nscd
|
|
|
|
freeipa_setup_nscd_service:
|
|
service.running:
|
|
- name: nscd
|
|
- enable: true
|